[PATCH v1] net/tap: fix buffer overflow for ptypes list

[Ferruh Yigit]

On 12/12/2023 2:37 PM, Sivaramakrishnan Venkat wrote:
> Incorrect ptypes list causes buffer overflow for Address Sanitizer
> run and a tap device. The last element in the ptypes lists to be
> to "RTE_PTYPE_UNKNOWN" for rte_eth_dev_get_supported_ptypes().
> In rte_eth_dev_get_supported_ptypes(), the loop iterates until it
> finds "RTE_PTYPE_UNKNOWN" to detect last element of the ptypes array.
> Fix tap_dev_supported_ptypes_get() method to return correct lists.
> 
> Fixes: 0849ac3b6122 ("net/tap: add packet type management")
> Cc: stable at dpdk.org
> 
> Signed-off-by: Sivaramakrishnan Venkat <venkatx.sivaramakrishnan at intel.com>
> ---
>  drivers/net/tap/rte_eth_tap.c | 1 +
>  1 file changed, 1 insertion(+)
> 
> diff --git a/drivers/net/tap/rte_eth_tap.c b/drivers/net/tap/rte_eth_tap.c
> index b41fa971cb..3fa03cdbee 100644
> --- a/drivers/net/tap/rte_eth_tap.c
> +++ b/drivers/net/tap/rte_eth_tap.c
> @@ -1803,6 +1803,7 @@ tap_dev_supported_ptypes_get(struct rte_eth_dev *dev __rte_unused)
>  		RTE_PTYPE_L4_UDP,
>  		RTE_PTYPE_L4_TCP,
>  		RTE_PTYPE_L4_SCTP,
> +		RTE_PTYPE_UNKNOWN
>  	};
>  
>  	return ptypes;

Hi Sivaramakrishnan,

Patch looks good to me, thanks.

But there are multiple drivers have same problem, at least following
ones [1] (maintainers of them cc'ed).

Can you please send a new version that fixes all?


Also as we have already missed multiple ones, perhaps we can add a unit
test to 'app/test/test_ethdev_api.c' for this API.
I think there is no way to make sure if 'RTE_PTYPE_UNKNOWN' is added
(unless you find a way), but we can call the
'rte_eth_dev_get_supported_ptypes()' API and detect any crash in advance.

Can you add this kind of unit test as part of next patch?


[1]
mvneta
mvpp2
pfe
dpaa
nfp