Re: [dpdk-dev] [dpdk-stable] [PATCH 4/4] net/netvsc: check for overflow on packet info from host

Wed, 28 Oct 2020 04:08:24 -0700 

On Tue, 2020-10-27 at 23:07 +0000, Ferruh Yigit wrote:
> On 10/27/2020 5:10 PM, Luca Boccassi wrote:
> > On Mon, 2020-08-10 at 19:33 -0700, [email protected] wrote:
> > > From: Stephen Hemminger <[email protected]>
> > > 
> > > The data from the host is trusted but checked by the driver.
> > > One check that is missing is that the packet offset and length
> > > might cause wraparound.
> > > 
> > > Cc: [email protected]
> > > 
> > > Signed-off-by: Stephen Hemminger <[email protected]>
> > > Signed-off-by: Long Li <[email protected]>
> > > ---
> > >   drivers/net/netvsc/hn_rxtx.c | 6 ++++--
> > >   1 file changed, 4 insertions(+), 2 deletions(-)
> > > 
> > > diff --git a/drivers/net/netvsc/hn_rxtx.c b/drivers/net/netvsc/hn_rxtx.c
> > > index a388ff258..d8d3f07f5 100644
> > > --- a/drivers/net/netvsc/hn_rxtx.c
> > > +++ b/drivers/net/netvsc/hn_rxtx.c
> > > @@ -666,7 +666,8 @@ static void hn_rndis_rx_data(struct hn_rx_queue *rxq,
> > >                                struct hn_rx_bufinfo *rxb,
> > >                                void *data, uint32_t dlen)
> > >   {
> > > - unsigned int data_off, data_len, pktinfo_off, pktinfo_len;
> > > + unsigned int data_off, data_len, total_len;
> > > + unsigned int pktinfo_off, pktinfo_len;
> > >           const struct rndis_packet_msg *pkt = data;
> > >           struct hn_rxinfo info = {
> > >                   .vlan_info = HN_NDIS_VLAN_INFO_INVALID,
> > > @@ -711,7 +712,8 @@ static void hn_rndis_rx_data(struct hn_rx_queue *rxq,
> > >                           goto error;
> > >           }
> > >   
> > > - if (unlikely(data_off + data_len > pkt->len))
> > > + if (__builtin_add_overflow(data_off, data_len, &total_len) ||
> > > +     total_len > pkt->len)
> > >                   goto error;
> > >   
> > >           if (unlikely(data_len < RTE_ETHER_HDR_LEN))
> > 
> > This patch breaks the build with GCC < 5 (CentOS 7, RHEL 7, SLE 12) as
> > __builtin_add_overflow is not available. Could you please send a follow
> > up to fix it?
> > 
> 
> It should be already fixed in the repo:
> https://git.dpdk.org/dpdk/commit/?id=d73543b5f46d
> 
> Are you getting the build error with 20.11-rc1?

No, with the backport. The original patch was marked for stable, but
the fixup was not. I'll pick it up.

-- 
Kind regards,
Luca Boccassi

Reply via email to