From mboxrd@z Thu Jan  1 00:00:00 1970
Return-Path: <dev-bounces@dpdk.org>
Received: from dpdk.org (dpdk.org [92.243.14.124])
	by inbox.dpdk.org (Postfix) with ESMTP id 24CEBA04B5;
	Wed, 28 Oct 2020 00:07:36 +0100 (CET)
Received: from [92.243.14.124] (localhost [127.0.0.1])
	by dpdk.org (Postfix) with ESMTP id EBB6E2BF9;
	Wed, 28 Oct 2020 00:07:34 +0100 (CET)
Received: from mga11.intel.com (mga11.intel.com [192.55.52.93])
 by dpdk.org (Postfix) with ESMTP id 1B9A61D9E;
 Wed, 28 Oct 2020 00:07:30 +0100 (CET)
IronPort-SDR: CEg8BzViPofZJEz8yOr0gLK51OYGKXoqAVEXy0X4MRKkaPGu0ZHicEEw6GOmk739osn8MDLtJM
 dynZiVszmQgA==
X-IronPort-AV: E=McAfee;i="6000,8403,9787"; a="164677472"
X-IronPort-AV: E=Sophos;i="5.77,424,1596524400"; d="scan'208";a="164677472"
X-Amp-Result: SKIPPED(no attachment in message)
X-Amp-File-Uploaded: False
Received: from orsmga001.jf.intel.com ([10.7.209.18])
 by fmsmga102.fm.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384;
 27 Oct 2020 16:07:28 -0700
IronPort-SDR: 3MNHra4FRBYqjIJWYTnqr05ConDjtFu0rDGQqdHBJSIlHoFB1PpjhlUBN/G8dF6H+41NoRVvV3
 Osu8UlaUlq0g==
X-IronPort-AV: E=Sophos;i="5.77,424,1596524400"; d="scan'208";a="394640514"
Received: from fyigit-mobl1.ger.corp.intel.com (HELO [10.213.218.213])
 ([10.213.218.213])
 by orsmga001-auth.jf.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384;
 27 Oct 2020 16:07:27 -0700
To: Luca Boccassi <bluca@debian.org>, Haiyang Zhang <haiyangz@microsoft.com>, 
 Stephen Hemminger <sthemmin@microsoft.com>, Long Li <longli@microsoft.com>
Cc: dev@dpdk.org, Stephen Hemminger <stephen@networkplumber.org>,
 stable@dpdk.org
References: <1597113194-90208-1-git-send-email-longli@linuxonhyperv.com>
 <1597113194-90208-4-git-send-email-longli@linuxonhyperv.com>
 <448f5c5936625014871fe856318d515684930050.camel@debian.org>
From: Ferruh Yigit <ferruh.yigit@intel.com>
Message-ID: <6b38cad9-f02c-38c2-8abf-c1bd1a56422a@intel.com>
Date: Tue, 27 Oct 2020 23:07:23 +0000
MIME-Version: 1.0
In-Reply-To: <448f5c5936625014871fe856318d515684930050.camel@debian.org>
Content-Type: text/plain; charset=utf-8; format=flowed
Content-Language: en-US
Content-Transfer-Encoding: 8bit
Subject: Re: [dpdk-dev] [PATCH 4/4] net/netvsc: check for overflow on packet
 info from host
X-BeenThere: dev@dpdk.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: DPDK patches and discussions <dev.dpdk.org>
List-Unsubscribe: <https://mails.dpdk.org/options/dev>,
 <mailto:dev-request@dpdk.org?subject=unsubscribe>
List-Archive: <http://mails.dpdk.org/archives/dev/>
List-Post: <mailto:dev@dpdk.org>
List-Help: <mailto:dev-request@dpdk.org?subject=help>
List-Subscribe: <https://mails.dpdk.org/listinfo/dev>,
 <mailto:dev-request@dpdk.org?subject=subscribe>
Errors-To: dev-bounces@dpdk.org
Sender: "dev" <dev-bounces@dpdk.org>

On 10/27/2020 5:10 PM, Luca Boccassi wrote:
> On Mon, 2020-08-10 at 19:33 -0700, longli@linuxonhyperv.com wrote:
>> From: Stephen Hemminger <stephen@networkplumber.org>
>>
>> The data from the host is trusted but checked by the driver.
>> One check that is missing is that the packet offset and length
>> might cause wraparound.
>>
>> Cc: stable@dpdk.org
>>
>> Signed-off-by: Stephen Hemminger <stephen@networkplumber.org>
>> Signed-off-by: Long Li <longli@microsoft.com>
>> ---
>>   drivers/net/netvsc/hn_rxtx.c | 6 ++++--
>>   1 file changed, 4 insertions(+), 2 deletions(-)
>>
>> diff --git a/drivers/net/netvsc/hn_rxtx.c b/drivers/net/netvsc/hn_rxtx.c
>> index a388ff258..d8d3f07f5 100644
>> --- a/drivers/net/netvsc/hn_rxtx.c
>> +++ b/drivers/net/netvsc/hn_rxtx.c
>> @@ -666,7 +666,8 @@ static void hn_rndis_rx_data(struct hn_rx_queue *rxq,
>>   			     struct hn_rx_bufinfo *rxb,
>>   			     void *data, uint32_t dlen)
>>   {
>> -	unsigned int data_off, data_len, pktinfo_off, pktinfo_len;
>> +	unsigned int data_off, data_len, total_len;
>> +	unsigned int pktinfo_off, pktinfo_len;
>>   	const struct rndis_packet_msg *pkt = data;
>>   	struct hn_rxinfo info = {
>>   		.vlan_info = HN_NDIS_VLAN_INFO_INVALID,
>> @@ -711,7 +712,8 @@ static void hn_rndis_rx_data(struct hn_rx_queue *rxq,
>>   			goto error;
>>   	}
>>   
>> -	if (unlikely(data_off + data_len > pkt->len))
>> +	if (__builtin_add_overflow(data_off, data_len, &total_len) ||
>> +	    total_len > pkt->len)
>>   		goto error;
>>   
>>   	if (unlikely(data_len < RTE_ETHER_HDR_LEN))
> 
> This patch breaks the build with GCC < 5 (CentOS 7, RHEL 7, SLE 12) as
> __builtin_add_overflow is not available. Could you please send a follow
> up to fix it?
> 

It should be already fixed in the repo:
https://git.dpdk.org/dpdk/commit/?id=d73543b5f46d

Are you getting the build error with 20.11-rc1?