From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from dpdk.org (dpdk.org [92.243.14.124]) by inbox.dpdk.org (Postfix) with ESMTP id AEA82A04B5; Thu, 29 Oct 2020 09:44:03 +0100 (CET) Received: from [92.243.14.124] (localhost [127.0.0.1]) by dpdk.org (Postfix) with ESMTP id 550A2BE4F; Thu, 29 Oct 2020 09:44:01 +0100 (CET) Received: from mga01.intel.com (mga01.intel.com [192.55.52.88]) by dpdk.org (Postfix) with ESMTP id 39AFCBE49; Thu, 29 Oct 2020 09:43:58 +0100 (CET) IronPort-SDR: x04Lzv/iwe790SuTG2OJ2lh8TtTEJuK0lFc2xsrgG+mGPc0o7QIuYBj8aSbUNTeyb1/0ku7EU3 jqnhn7szuurQ== X-IronPort-AV: E=McAfee;i="6000,8403,9788"; a="186178394" X-IronPort-AV: E=Sophos;i="5.77,429,1596524400"; d="scan'208";a="186178394" X-Amp-Result: SKIPPED(no attachment in message) X-Amp-File-Uploaded: False Received: from orsmga005.jf.intel.com ([10.7.209.41]) by fmsmga101.fm.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 29 Oct 2020 01:43:55 -0700 IronPort-SDR: OdOw86y7oQ/2OK5Yr2KdW2pUpqRgy4c12f9HCzR5IDqckrqyxWkIpRQyPhvNawWwK++B/jv3Tq Q1wGtuMZ9KXQ== X-IronPort-AV: E=Sophos;i="5.77,429,1596524400"; d="scan'208";a="536584468" Received: from fyigit-mobl1.ger.corp.intel.com (HELO [10.213.251.183]) ([10.213.251.183]) by orsmga005-auth.jf.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 29 Oct 2020 01:43:54 -0700 To: Luca Boccassi , Haiyang Zhang , Stephen Hemminger , Long Li Cc: dev@dpdk.org, Stephen Hemminger , stable@dpdk.org References: <1597113194-90208-1-git-send-email-longli@linuxonhyperv.com> <1597113194-90208-4-git-send-email-longli@linuxonhyperv.com> <448f5c5936625014871fe856318d515684930050.camel@debian.org> <6b38cad9-f02c-38c2-8abf-c1bd1a56422a@intel.com> <8c2511e1a6c42b716abc7434f1a32d11d529ab32.camel@debian.org> From: Ferruh Yigit Message-ID: <4fb44313-706b-3d31-795d-7b1a54e3acd3@intel.com> Date: Thu, 29 Oct 2020 08:43:52 +0000 MIME-Version: 1.0 In-Reply-To: <8c2511e1a6c42b716abc7434f1a32d11d529ab32.camel@debian.org> Content-Type: text/plain; charset=utf-8; format=flowed Content-Language: en-US Content-Transfer-Encoding: 7bit Subject: Re: [dpdk-dev] [dpdk-stable] [PATCH 4/4] net/netvsc: check for overflow on packet info from host X-BeenThere: dev@dpdk.org X-Mailman-Version: 2.1.15 Precedence: list List-Id: DPDK patches and discussions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: dev-bounces@dpdk.org Sender: "dev" On 10/28/2020 11:08 AM, Luca Boccassi wrote: > On Tue, 2020-10-27 at 23:07 +0000, Ferruh Yigit wrote: >> On 10/27/2020 5:10 PM, Luca Boccassi wrote: >>> On Mon, 2020-08-10 at 19:33 -0700, longli@linuxonhyperv.com wrote: >>>> From: Stephen Hemminger >>>> >>>> The data from the host is trusted but checked by the driver. >>>> One check that is missing is that the packet offset and length >>>> might cause wraparound. >>>> >>>> Cc: stable@dpdk.org >>>> >>>> Signed-off-by: Stephen Hemminger >>>> Signed-off-by: Long Li >>>> --- >>>> drivers/net/netvsc/hn_rxtx.c | 6 ++++-- >>>> 1 file changed, 4 insertions(+), 2 deletions(-) >>>> >>>> diff --git a/drivers/net/netvsc/hn_rxtx.c b/drivers/net/netvsc/hn_rxtx.c >>>> index a388ff258..d8d3f07f5 100644 >>>> --- a/drivers/net/netvsc/hn_rxtx.c >>>> +++ b/drivers/net/netvsc/hn_rxtx.c >>>> @@ -666,7 +666,8 @@ static void hn_rndis_rx_data(struct hn_rx_queue *rxq, >>>> struct hn_rx_bufinfo *rxb, >>>> void *data, uint32_t dlen) >>>> { >>>> - unsigned int data_off, data_len, pktinfo_off, pktinfo_len; >>>> + unsigned int data_off, data_len, total_len; >>>> + unsigned int pktinfo_off, pktinfo_len; >>>> const struct rndis_packet_msg *pkt = data; >>>> struct hn_rxinfo info = { >>>> .vlan_info = HN_NDIS_VLAN_INFO_INVALID, >>>> @@ -711,7 +712,8 @@ static void hn_rndis_rx_data(struct hn_rx_queue *rxq, >>>> goto error; >>>> } >>>> >>>> - if (unlikely(data_off + data_len > pkt->len)) >>>> + if (__builtin_add_overflow(data_off, data_len, &total_len) || >>>> + total_len > pkt->len) >>>> goto error; >>>> >>>> if (unlikely(data_len < RTE_ETHER_HDR_LEN)) >>> >>> This patch breaks the build with GCC < 5 (CentOS 7, RHEL 7, SLE 12) as >>> __builtin_add_overflow is not available. Could you please send a follow >>> up to fix it? >>> >> >> It should be already fixed in the repo: >> https://git.dpdk.org/dpdk/commit/?id=d73543b5f46d >> >> Are you getting the build error with 20.11-rc1? > > No, with the backport. The original patch was marked for stable, but > the fixup was not. Yes, it should be also marked for stable, seems missed. > I'll pick it up. > Thanks.