[dpdk-stable] patch 'net/netvsc: check for overflow on packet info from host' has been queued to LTS release 18.11.11

Kevin Traynor ktraynor at redhat.com
Wed Nov 18 17:34:47 CET 2020

Previous message: [dpdk-stable] [PATCH v2 7/7] net/bnxt: fix redundant return
Next message: [dpdk-stable] patch 'net/netvsc: replace compiler builtin overflow check' has been queued to LTS release 18.11.11
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Hi,

FYI, your patch has been queued to LTS release 18.11.11

Note it hasn't been pushed to http://dpdk.org/browse/dpdk-stable yet.
It will be pushed if I get no objections before 11/24/20. So please
shout if anyone has objections.

Also note that after the patch there's a diff of the upstream commit vs the
patch applied to the branch. This will indicate if there was any rebasing
needed to apply to the stable branch. If there were code changes for rebasing
(ie: not only metadata diffs), please double check that the rebase was
correctly done.

Queued patches are on a temporary branch at:
https://github.com/kevintraynor/dpdk-stable-queue

This queued commit can be viewed at:
https://github.com/kevintraynor/dpdk-stable-queue/commit/1f6666d4fc36792e4cf1892a9fa6bcb95d720dd9

Thanks.

Kevin.

---
>From 1f6666d4fc36792e4cf1892a9fa6bcb95d720dd9 Mon Sep 17 00:00:00 2001
From: Stephen Hemminger <stephen at networkplumber.org>
Date: Mon, 10 Aug 2020 19:33:14 -0700
Subject: [PATCH] net/netvsc: check for overflow on packet info from host

The data from the host is trusted but checked by the driver.
One check that is missing is that the packet offset and length
might cause wraparound.

Cc: stable at dpdk.org

Reported-by: Nan Chen <whutchennan at gmail.com>
Signed-off-by: Stephen Hemminger <stephen at networkplumber.org>
Signed-off-by: Long Li <longli at microsoft.com>
(cherry picked from commit 7838d3a6ae7a4ae8b3e994efe0d7d9f814941841)
---
 drivers/net/netvsc/hn_rxtx.c | 6 ++++--
 1 file changed, 4 insertions(+), 2 deletions(-)

diff --git a/drivers/net/netvsc/hn_rxtx.c b/drivers/net/netvsc/hn_rxtx.c
index cc8bb7ed95..fba08b166b 100644
--- a/drivers/net/netvsc/hn_rxtx.c
+++ b/drivers/net/netvsc/hn_rxtx.c
@@ -621,5 +621,6 @@ static void hn_rndis_rx_data(struct hn_rx_queue *rxq,
 			     void *data, uint32_t dlen)
 {
-	unsigned int data_off, data_len, pktinfo_off, pktinfo_len;
+	unsigned int data_off, data_len, total_len;
+	unsigned int pktinfo_off, pktinfo_len;
 	const struct rndis_packet_msg *pkt = data;
 	struct hn_rxinfo info = {
@@ -666,5 +667,6 @@ static void hn_rndis_rx_data(struct hn_rx_queue *rxq,
 	}
 
-	if (unlikely(data_off + data_len > pkt->len))
+	if (__builtin_add_overflow(data_off, data_len, &total_len) ||
+	    total_len > pkt->len)
 		goto error;
 
-- 
2.26.2

Previous message: [dpdk-stable] [PATCH v2 7/7] net/bnxt: fix redundant return
Next message: [dpdk-stable] patch 'net/netvsc: replace compiler builtin overflow check' has been queued to LTS release 18.11.11
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

More information about the stable mailing list