From mboxrd@z Thu Jan  1 00:00:00 1970
Return-Path: <rich.lane@bigswitch.com>
Received: from mail-yk0-f170.google.com (mail-yk0-f170.google.com
 [209.85.160.170]) by dpdk.org (Postfix) with ESMTP id 8ECDE5A68
 for <dev@dpdk.org>; Wed, 18 Nov 2015 06:26:58 +0100 (CET)
Received: by ykfs79 with SMTP id s79so46580814ykf.1
 for <dev@dpdk.org>; Tue, 17 Nov 2015 21:26:58 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
 d=bigswitch_com.20150623.gappssmtp.com; s=20150623;
 h=mime-version:in-reply-to:references:date:message-id:subject:from:to
 :cc:content-type;
 bh=K48yrzkN2pC8dmSkfV5NxLHMBYuvOgYuNTNZ3c7EMp4=;
 b=ycWOiZZPYbt1rbXoS0JKittcLHjpgR2qLiX/zIhNQW+pdfsq680l94pBEl+CmOfe5I
 K54eUUTCjPyKWzIPnXembbtoM0poFEtSuW3xG4ggN7l4x5XsRGJ4CAPvwjiKfYkRzLl5
 mRln283tBQasPtyjyMYqapq9Wf3fWGCwp+/ZKferjPCHKyvL1EAAwmv/dwcAqUV6qkpT
 8lEGRnx0qsRxLGtIxKL21Y3GzSOuAmDhfoG/lKYm7i+U8becUaqA/4fWLBRrlF65Z+7a
 Mh5QD4tAq2PMi1G6y3fcLa8QskwgRu8kCK5R2PygX+A3HJ/Gd2jZ8nfS8LmLC8v+a6A0
 rpHA==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
 d=1e100.net; s=20130820;
 h=x-gm-message-state:mime-version:in-reply-to:references:date
 :message-id:subject:from:to:cc:content-type;
 bh=K48yrzkN2pC8dmSkfV5NxLHMBYuvOgYuNTNZ3c7EMp4=;
 b=X7BfdYHvKhtqP7xB32ZGCd5QWMBSgJ6i6cPSE+wvlWNu58oc3kz7SF3EMah9iXzoH7
 ppDN/zcEUBrvcNeUKvOXI05UoVnSd/WIVR2Z5erjaTLtC76Cd+3gfqIZfmm/JmxNmMkb
 SbSra6Ao/NvwH3UtjkGMJYY0+sVYO+/qyHv31IaxXFVOZUbIrG7wKXYBKB/6kt5qw1YB
 YSLlhhH3hz0hcrDS9yf2z4JBdAL6DscKBDfLSdl3bo1NcH2Om4qAYgM6zxPcoVVgg200
 UGPNbZCIAtX39i/FQrdOzQ7HM3/OwO4kSiuhWM9epJyTD7DAl4DAbFm7/Hf97ArLSXup
 xHcA==
X-Gm-Message-State: ALoCoQlZUhAGz4nhnimhnjpLLHG2RauKqvDftb8epGvVGlZM8AzogFGHTr72xLrHUWveCgS21Rm3
MIME-Version: 1.0
X-Received: by 10.129.70.65 with SMTP id t62mr43817006ywa.240.1447824418046;
 Tue, 17 Nov 2015 21:26:58 -0800 (PST)
Received: by 10.31.3.170 with HTTP; Tue, 17 Nov 2015 21:26:57 -0800 (PST)
In-Reply-To: <20151118025655.GW2326@yliu-dev.sh.intel.com>
References: <1447315353-42152-1-git-send-email-rlane@bigswitch.com>
 <20151112092305.GI2326@yliu-dev.sh.intel.com>
 <CAGSMBPOLNsc-+_Zj7FgBhmD0kpUAoy3fu5urxN74YTfmE20Qzw@mail.gmail.com>
 <20151117132349.GT2326@yliu-dev.sh.intel.com>
 <CAGSMBPPrustS5-2BdGmkKFUTQBnHcb6NRJ43TYuL2zRVAWkWqw@mail.gmail.com>
 <20151118025655.GW2326@yliu-dev.sh.intel.com>
Date: Tue, 17 Nov 2015 21:26:57 -0800
Message-ID: <CAGSMBPNfKZidDsGpsmYCzW+38uUxwJRn4TB6s-spWt62T0ASag@mail.gmail.com>
From: Rich Lane <rich.lane@bigswitch.com>
To: Yuanhan Liu <yuanhan.liu@linux.intel.com>
Content-Type: text/plain; charset=UTF-8
X-Content-Filtered-By: Mailman/MimeDel 2.1.15
Cc: dev@dpdk.org
Subject: Re: [dpdk-dev] [PATCH] vhost: avoid buffer overflow in
	update_secure_len
X-BeenThere: dev@dpdk.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: patches and discussions about DPDK <dev.dpdk.org>
List-Unsubscribe: <http://dpdk.org/ml/options/dev>,
 <mailto:dev-request@dpdk.org?subject=unsubscribe>
List-Archive: <http://dpdk.org/ml/archives/dev/>
List-Post: <mailto:dev@dpdk.org>
List-Help: <mailto:dev-request@dpdk.org?subject=help>
List-Subscribe: <http://dpdk.org/ml/listinfo/dev>,
 <mailto:dev-request@dpdk.org?subject=subscribe>
X-List-Received-Date: Wed, 18 Nov 2015 05:26:58 -0000

On Tue, Nov 17, 2015 at 6:56 PM, Yuanhan Liu <yuanhan.liu@linux.intel.com>
wrote:

> @@ -519,6 +526,8 @@ virtio_dev_merge_rx(struct virtio_net *dev, uint16_t
> queue_id,
>                                         goto merge_rx_exit;
>                                 } else {
>                                         update_secure_len(vq, res_cur_idx,
> &secure_len, &vec_idx);
> +                                       if (secure_len == 0)
> +                                               goto merge_rx_exit;
>                                         res_cur_idx++;
>                                 }
>                         } while (pkt_len > secure_len);
>

I think this needs to check whether secure_len was modified. secure_len is
read-write and could have a nonzero value going into the call. It could be
cleaner to give update_secure_len a return value saying whether it was able
to reserve any buffers.

Otherwise looks good, thanks!