From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from dpdk.org (dpdk.org [92.243.14.124]) by inbox.dpdk.org (Postfix) with ESMTP id 97B29A04B5; Tue, 27 Oct 2020 18:10:21 +0100 (CET) Received: from [92.243.14.124] (localhost [127.0.0.1]) by dpdk.org (Postfix) with ESMTP id 80F452E8F; Tue, 27 Oct 2020 18:10:18 +0100 (CET) Received: from mail-wm1-f67.google.com (mail-wm1-f67.google.com [209.85.128.67]) by dpdk.org (Postfix) with ESMTP id 2AB822C15; Tue, 27 Oct 2020 18:10:16 +0100 (CET) Received: by mail-wm1-f67.google.com with SMTP id h22so2224418wmb.0; Tue, 27 Oct 2020 10:10:16 -0700 (PDT) X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:message-id:subject:from:to:cc:date:in-reply-to :references:content-transfer-encoding:user-agent:mime-version; bh=nbVnvFwqsbIR+Mbg1NaLh9qNt1JGasMUL86HYAiQ4LY=; b=n3biLliLNpIoRwKkKz/Ka8OwI7yhIgGlh+nSwiw/+6/PYmsop7V0ZCa90py5in9rS8 luuMjAnjzZkB4LMIwWJUKLeaGoOmzX75AJPr55JpEib/eTxVTDJUqXzkCeCLneMBNDwQ P9L1Ms+ZlT/KljOO+sKtF+lbUIUKBonp/sNCWzbYDBRiKgqCTfdpi0smxWP4Ntp1h0kl 7VfAJkrpEVRSN72rRKeEXvQEq3KGKJ8eDU1tkcxG5HSLtwKJo849ZaKZwsNsnS7wsdF/ uLeruRdbT64gz/BuEssv18GLFNms8vTQt0TzB7YsOiudC/Jc5/JakDoRYnUiDrGqinK8 xbOg== X-Gm-Message-State: AOAM5311/wWxLB53aRIfw/XetiT4JYiBerj3ycqkS+kh5kvRsJWEfrEk 9cB1WMW8TZwZuOfugMxVUsk= X-Google-Smtp-Source: ABdhPJwG/n5fHfhlZ89AIKZ6ItNqVdX97OMFmEFdTwVj95haBrJCU3j8rdXfta85hD3RKpboQwQp0A== X-Received: by 2002:a7b:c341:: with SMTP id l1mr3878415wmj.80.1603818614848; Tue, 27 Oct 2020 10:10:14 -0700 (PDT) Received: from localhost ([88.98.246.218]) by smtp.gmail.com with ESMTPSA id e25sm861577wrc.76.2020.10.27.10.10.13 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Tue, 27 Oct 2020 10:10:13 -0700 (PDT) Message-ID: <448f5c5936625014871fe856318d515684930050.camel@debian.org> From: Luca Boccassi To: Haiyang Zhang , Stephen Hemminger , Long Li Cc: dev@dpdk.org, Stephen Hemminger , stable@dpdk.org Date: Tue, 27 Oct 2020 17:10:12 +0000 In-Reply-To: <1597113194-90208-4-git-send-email-longli@linuxonhyperv.com> References: <1597113194-90208-1-git-send-email-longli@linuxonhyperv.com> <1597113194-90208-4-git-send-email-longli@linuxonhyperv.com> Content-Type: text/plain; charset="UTF-8" Content-Transfer-Encoding: quoted-printable User-Agent: Evolution 3.30.5-1.1 MIME-Version: 1.0 Subject: Re: [dpdk-dev] [PATCH 4/4] net/netvsc: check for overflow on packet info from host X-BeenThere: dev@dpdk.org X-Mailman-Version: 2.1.15 Precedence: list List-Id: DPDK patches and discussions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: dev-bounces@dpdk.org Sender: "dev" On Mon, 2020-08-10 at 19:33 -0700, longli@linuxonhyperv.com wrote: > From: Stephen Hemminger >=20 > The data from the host is trusted but checked by the driver. > One check that is missing is that the packet offset and length > might cause wraparound. >=20 > Cc: stable@dpdk.org >=20 > Signed-off-by: Stephen Hemminger > Signed-off-by: Long Li > --- > drivers/net/netvsc/hn_rxtx.c | 6 ++++-- > 1 file changed, 4 insertions(+), 2 deletions(-) >=20 > diff --git a/drivers/net/netvsc/hn_rxtx.c b/drivers/net/netvsc/hn_rxtx.c > index a388ff258..d8d3f07f5 100644 > --- a/drivers/net/netvsc/hn_rxtx.c > +++ b/drivers/net/netvsc/hn_rxtx.c > @@ -666,7 +666,8 @@ static void hn_rndis_rx_data(struct hn_rx_queue *rxq, > struct hn_rx_bufinfo *rxb, > void *data, uint32_t dlen) > { > - unsigned int data_off, data_len, pktinfo_off, pktinfo_len; > + unsigned int data_off, data_len, total_len; > + unsigned int pktinfo_off, pktinfo_len; > const struct rndis_packet_msg *pkt =3D data; > struct hn_rxinfo info =3D { > .vlan_info =3D HN_NDIS_VLAN_INFO_INVALID, > @@ -711,7 +712,8 @@ static void hn_rndis_rx_data(struct hn_rx_queue *rxq, > goto error; > } > =20 > - if (unlikely(data_off + data_len > pkt->len)) > + if (__builtin_add_overflow(data_off, data_len, &total_len) || > + total_len > pkt->len) > goto error; > =20 > if (unlikely(data_len < RTE_ETHER_HDR_LEN)) This patch breaks the build with GCC < 5 (CentOS 7, RHEL 7, SLE 12) as __builtin_add_overflow is not available. Could you please send a follow up to fix it? --=20 Kind regards, Luca Boccassi