From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from dpdk.org (dpdk.org [92.243.14.124]) by inbox.dpdk.org (Postfix) with ESMTP id 4881DA04DD; Wed, 28 Oct 2020 12:08:08 +0100 (CET) Received: from [92.243.14.124] (localhost [127.0.0.1]) by dpdk.org (Postfix) with ESMTP id DC0ECCB0A; Wed, 28 Oct 2020 12:08:06 +0100 (CET) Received: from mail-wm1-f67.google.com (mail-wm1-f67.google.com [209.85.128.67]) by dpdk.org (Postfix) with ESMTP id 6A84ACB00; Wed, 28 Oct 2020 12:08:04 +0100 (CET) Received: by mail-wm1-f67.google.com with SMTP id v5so4156183wmh.1; Wed, 28 Oct 2020 04:08:04 -0700 (PDT) X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:message-id:subject:from:to:cc:date:in-reply-to :references:content-transfer-encoding:user-agent:mime-version; bh=VNg1UaQ5pPb0a+u6+R9C0jybXDgPvuBC+3onW2vPZDc=; b=ZTBN8diDUBC3JYT2Ka4MT5mNUgr2Fg8oEtXJ+HQwL01rHWnT2rMvy18Kq2j06wlJAC PlUOpJ9DFl6u+a1DphFgyBDoNfLPTTwd8cUXZUcQiEMt7QPe+CR2AuhnyKrD8hP1CyIr KFDDX3HdsKaN0H3wJyNavX6mjaZwhV2Zgc6ODw4jA34zfBjOLCLj3OsE0aMLjWIezTnR 0iaywdGQUKpztQ4eYUm8g5AlK8HPJRfeBXg+GbhBn55x4VceG3Ur1swqInJrGPTzXb+5 Cb4sSki0v/9n1m8fxjMyHAgybJl0r5eKNTVVmlRD2U9R35PoHWajexcMOqR1SbM/8qcQ TP9g== X-Gm-Message-State: AOAM531rz8YcV2TocQS88h9ij/8nzFEd1A/N8iOTs44yvyj8iPMFP9ln UiHVlf0+iTFpKP0ZnEmTHf4= X-Google-Smtp-Source: ABdhPJx3s0vnbY7G8QM0t0SEpfuQSlSE+VmtajdkLwqzY+d+yguN94b6c68qYYGKklyggtmZX67fSA== X-Received: by 2002:a05:600c:2888:: with SMTP id g8mr7492006wmd.130.1603883283197; Wed, 28 Oct 2020 04:08:03 -0700 (PDT) Received: from localhost ([88.98.246.218]) by smtp.gmail.com with ESMTPSA id m4sm6785126wrr.47.2020.10.28.04.08.02 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Wed, 28 Oct 2020 04:08:02 -0700 (PDT) Message-ID: <8c2511e1a6c42b716abc7434f1a32d11d529ab32.camel@debian.org> From: Luca Boccassi To: Ferruh Yigit , Haiyang Zhang , Stephen Hemminger , Long Li Cc: dev@dpdk.org, Stephen Hemminger , stable@dpdk.org Date: Wed, 28 Oct 2020 11:08:02 +0000 In-Reply-To: <6b38cad9-f02c-38c2-8abf-c1bd1a56422a@intel.com> References: <1597113194-90208-1-git-send-email-longli@linuxonhyperv.com> <1597113194-90208-4-git-send-email-longli@linuxonhyperv.com> <448f5c5936625014871fe856318d515684930050.camel@debian.org> <6b38cad9-f02c-38c2-8abf-c1bd1a56422a@intel.com> Content-Type: text/plain; charset="UTF-8" Content-Transfer-Encoding: quoted-printable User-Agent: Evolution 3.30.5-1.1 MIME-Version: 1.0 Subject: Re: [dpdk-dev] [dpdk-stable] [PATCH 4/4] net/netvsc: check for overflow on packet info from host X-BeenThere: dev@dpdk.org X-Mailman-Version: 2.1.15 Precedence: list List-Id: DPDK patches and discussions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: dev-bounces@dpdk.org Sender: "dev" On Tue, 2020-10-27 at 23:07 +0000, Ferruh Yigit wrote: > On 10/27/2020 5:10 PM, Luca Boccassi wrote: > > On Mon, 2020-08-10 at 19:33 -0700, longli@linuxonhyperv.com wrote: > > > From: Stephen Hemminger > > >=20 > > > The data from the host is trusted but checked by the driver. > > > One check that is missing is that the packet offset and length > > > might cause wraparound. > > >=20 > > > Cc: stable@dpdk.org > > >=20 > > > Signed-off-by: Stephen Hemminger > > > Signed-off-by: Long Li > > > --- > > > drivers/net/netvsc/hn_rxtx.c | 6 ++++-- > > > 1 file changed, 4 insertions(+), 2 deletions(-) > > >=20 > > > diff --git a/drivers/net/netvsc/hn_rxtx.c b/drivers/net/netvsc/hn_rxt= x.c > > > index a388ff258..d8d3f07f5 100644 > > > --- a/drivers/net/netvsc/hn_rxtx.c > > > +++ b/drivers/net/netvsc/hn_rxtx.c > > > @@ -666,7 +666,8 @@ static void hn_rndis_rx_data(struct hn_rx_queue *= rxq, > > > struct hn_rx_bufinfo *rxb, > > > void *data, uint32_t dlen) > > > { > > > - unsigned int data_off, data_len, pktinfo_off, pktinfo_len; > > > + unsigned int data_off, data_len, total_len; > > > + unsigned int pktinfo_off, pktinfo_len; > > > const struct rndis_packet_msg *pkt =3D data; > > > struct hn_rxinfo info =3D { > > > .vlan_info =3D HN_NDIS_VLAN_INFO_INVALID, > > > @@ -711,7 +712,8 @@ static void hn_rndis_rx_data(struct hn_rx_queue *= rxq, > > > goto error; > > > } > > > =20 > > > - if (unlikely(data_off + data_len > pkt->len)) > > > + if (__builtin_add_overflow(data_off, data_len, &total_len) || > > > + total_len > pkt->len) > > > goto error; > > > =20 > > > if (unlikely(data_len < RTE_ETHER_HDR_LEN)) > >=20 > > This patch breaks the build with GCC < 5 (CentOS 7, RHEL 7, SLE 12) as > > __builtin_add_overflow is not available. Could you please send a follow > > up to fix it? > >=20 >=20 > It should be already fixed in the repo: > https://git.dpdk.org/dpdk/commit/?id=3Dd73543b5f46d >=20 > Are you getting the build error with 20.11-rc1? No, with the backport. The original patch was marked for stable, but the fixup was not. I'll pick it up. --=20 Kind regards, Luca Boccassi