Patch Detail
get:
Show a patch.
patch:
Update a patch.
put:
Update a patch.
GET /api/patches/88924/?format=api
{ "id": 88924, "url": "http://patchwork.dpdk.org/api/patches/88924/?format=api", "web_url": "http://patchwork.dpdk.org/project/dpdk/patch/20210311063827.55394-1-xiao.w.wang@intel.com/", "project": { "id": 1, "url": "http://patchwork.dpdk.org/api/projects/1/?format=api", "name": "DPDK", "link_name": "dpdk", "list_id": "dev.dpdk.org", "list_email": "dev@dpdk.org", "web_url": "http://core.dpdk.org", "scm_url": "git://dpdk.org/dpdk", "webscm_url": "http://git.dpdk.org/dpdk", "list_archive_url": "https://inbox.dpdk.org/dev", "list_archive_url_format": "https://inbox.dpdk.org/dev/{}", "commit_url_format": "" }, "msgid": "<20210311063827.55394-1-xiao.w.wang@intel.com>", "list_archive_url": "https://inbox.dpdk.org/dev/20210311063827.55394-1-xiao.w.wang@intel.com", "date": "2021-03-11T06:38:27", "name": "vhost: add header check in dequeue offload", "commit_ref": null, "pull_url": null, "state": "superseded", "archived": true, "hash": "0bad3df8878596411f2d2acb70656fa4278fbf5c", "submitter": { "id": 281, "url": "http://patchwork.dpdk.org/api/people/281/?format=api", "name": "Xiao Wang", "email": "xiao.w.wang@intel.com" }, "delegate": { "id": 2642, "url": "http://patchwork.dpdk.org/api/users/2642/?format=api", "username": "mcoquelin", "first_name": "Maxime", "last_name": "Coquelin", "email": "maxime.coquelin@redhat.com" }, "mbox": "http://patchwork.dpdk.org/project/dpdk/patch/20210311063827.55394-1-xiao.w.wang@intel.com/mbox/", "series": [ { "id": 15601, "url": "http://patchwork.dpdk.org/api/series/15601/?format=api", "web_url": "http://patchwork.dpdk.org/project/dpdk/list/?series=15601", "date": "2021-03-11T06:38:27", "name": "vhost: add header check in dequeue offload", "version": 1, "mbox": "http://patchwork.dpdk.org/series/15601/mbox/" } ], "comments": "http://patchwork.dpdk.org/api/patches/88924/comments/", "check": "success", "checks": "http://patchwork.dpdk.org/api/patches/88924/checks/", "tags": {}, "related": [], "headers": { "Return-Path": "<dev-bounces@dpdk.org>", "X-Original-To": "patchwork@inbox.dpdk.org", "Delivered-To": "patchwork@inbox.dpdk.org", "Received": [ "from mails.dpdk.org (mails.dpdk.org [217.70.189.124])\n\tby inbox.dpdk.org (Postfix) with ESMTP id 63FB8A056A;\n\tThu, 11 Mar 2021 07:58:07 +0100 (CET)", "from [217.70.189.124] (localhost [127.0.0.1])\n\tby mails.dpdk.org (Postfix) with ESMTP id E35A222A2D3;\n\tThu, 11 Mar 2021 07:58:06 +0100 (CET)", "from mga11.intel.com (mga11.intel.com [192.55.52.93])\n by mails.dpdk.org (Postfix) with ESMTP id 252B840689;\n Thu, 11 Mar 2021 07:58:04 +0100 (CET)", "from fmsmga006.fm.intel.com ([10.253.24.20])\n by fmsmga102.fm.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384;\n 10 Mar 2021 22:58:03 -0800", "from dpdk-xiao1.sh.intel.com ([10.67.110.193])\n by fmsmga006.fm.intel.com with ESMTP; 10 Mar 2021 22:58:01 -0800" ], "IronPort-SDR": [ "\n T8du/aCeys8lYjrIPYm2qBbE1CIRocBLRaqjK1nZhX1wI1/945xQ2PqlqqO0GYjs6YwQXOhudL\n dCFAQ4LkfCIg==", "\n Fmj4fUYrgxD1W9hSsmCguRnaEtgHZvooJF138RoYnkINDyj1QnzJaB0wccvBuUnI9aevQJ766f\n KVyvYFSZKklQ==" ], "X-IronPort-AV": [ "E=McAfee;i=\"6000,8403,9919\"; a=\"185266950\"", "E=Sophos;i=\"5.81,239,1610438400\"; d=\"scan'208\";a=\"185266950\"", "E=Sophos;i=\"5.81,239,1610438400\"; d=\"scan'208\";a=\"600103224\"" ], "X-ExtLoop1": "1", "From": "Xiao Wang <xiao.w.wang@intel.com>", "To": "chenbo.xia@intel.com,\n\tmaxime.coquelin@redhat.com", "Cc": "yong.liu@intel.com, dev@dpdk.org, Xiao Wang <xiao.w.wang@intel.com>,\n stable@dpdk.org", "Date": "Thu, 11 Mar 2021 14:38:27 +0800", "Message-Id": "<20210311063827.55394-1-xiao.w.wang@intel.com>", "X-Mailer": "git-send-email 2.15.1", "Subject": "[dpdk-dev] [PATCH] vhost: add header check in dequeue offload", "X-BeenThere": "dev@dpdk.org", "X-Mailman-Version": "2.1.29", "Precedence": "list", "List-Id": "DPDK patches and discussions <dev.dpdk.org>", "List-Unsubscribe": "<https://mails.dpdk.org/options/dev>,\n <mailto:dev-request@dpdk.org?subject=unsubscribe>", "List-Archive": "<http://mails.dpdk.org/archives/dev/>", "List-Post": "<mailto:dev@dpdk.org>", "List-Help": "<mailto:dev-request@dpdk.org?subject=help>", "List-Subscribe": "<https://mails.dpdk.org/listinfo/dev>,\n <mailto:dev-request@dpdk.org?subject=subscribe>", "Errors-To": "dev-bounces@dpdk.org", "Sender": "\"dev\" <dev-bounces@dpdk.org>" }, "content": "When parsing the virtio net header and packet header for dequeue offload,\nwe need to perform sanity check on the packet header to ensure:\n - No out-of-boundary memory access.\n - The packet header and virtio_net header are valid and aligned.\n\nFixes: d0cf91303d73 (\"vhost: add Tx offload capabilities\")\nCc: stable@dpdk.org\n\nSigned-off-by: Xiao Wang <xiao.w.wang@intel.com>\n---\n lib/librte_vhost/virtio_net.c | 49 +++++++++++++++++++++++++++++++++++++------\n 1 file changed, 43 insertions(+), 6 deletions(-)", "diff": "diff --git a/lib/librte_vhost/virtio_net.c b/lib/librte_vhost/virtio_net.c\nindex 583bf379c6..0fba0053a3 100644\n--- a/lib/librte_vhost/virtio_net.c\n+++ b/lib/librte_vhost/virtio_net.c\n@@ -1821,44 +1821,64 @@ virtio_net_with_host_offload(struct virtio_net *dev)\n \treturn false;\n }\n \n-static void\n-parse_ethernet(struct rte_mbuf *m, uint16_t *l4_proto, void **l4_hdr)\n+static int\n+parse_ethernet(struct rte_mbuf *m, uint16_t *l4_proto, void **l4_hdr,\n+\t\tuint16_t *len)\n {\n \tstruct rte_ipv4_hdr *ipv4_hdr;\n \tstruct rte_ipv6_hdr *ipv6_hdr;\n \tvoid *l3_hdr = NULL;\n \tstruct rte_ether_hdr *eth_hdr;\n \tuint16_t ethertype;\n+\tuint16_t data_len = m->data_len;\n \n \teth_hdr = rte_pktmbuf_mtod(m, struct rte_ether_hdr *);\n \n+\tif (data_len <= sizeof(struct rte_ether_hdr))\n+\t\treturn -EINVAL;\n+\n \tm->l2_len = sizeof(struct rte_ether_hdr);\n \tethertype = rte_be_to_cpu_16(eth_hdr->ether_type);\n+\tdata_len -= sizeof(struct rte_ether_hdr);\n \n \tif (ethertype == RTE_ETHER_TYPE_VLAN) {\n+\t\tif (data_len <= sizeof(struct rte_vlan_hdr))\n+\t\t\treturn -EINVAL;\n+\n \t\tstruct rte_vlan_hdr *vlan_hdr =\n \t\t\t(struct rte_vlan_hdr *)(eth_hdr + 1);\n \n \t\tm->l2_len += sizeof(struct rte_vlan_hdr);\n \t\tethertype = rte_be_to_cpu_16(vlan_hdr->eth_proto);\n+\t\tdata_len -= sizeof(struct rte_vlan_hdr);\n \t}\n \n \tl3_hdr = (char *)eth_hdr + m->l2_len;\n \n \tswitch (ethertype) {\n \tcase RTE_ETHER_TYPE_IPV4:\n+\t\tif (data_len <= sizeof(struct rte_ipv4_hdr))\n+\t\t\treturn -EINVAL;\n \t\tipv4_hdr = l3_hdr;\n \t\t*l4_proto = ipv4_hdr->next_proto_id;\n \t\tm->l3_len = rte_ipv4_hdr_len(ipv4_hdr);\n+\t\tif (data_len <= m->l3_len) {\n+\t\t\tm->l3_len = 0;\n+\t\t\treturn -EINVAL;\n+\t\t}\n \t\t*l4_hdr = (char *)l3_hdr + m->l3_len;\n \t\tm->ol_flags |= PKT_TX_IPV4;\n+\t\tdata_len -= m->l3_len;\n \t\tbreak;\n \tcase RTE_ETHER_TYPE_IPV6:\n+\t\tif (data_len <= sizeof(struct rte_ipv6_hdr))\n+\t\t\treturn -EINVAL;\n \t\tipv6_hdr = l3_hdr;\n \t\t*l4_proto = ipv6_hdr->proto;\n \t\tm->l3_len = sizeof(struct rte_ipv6_hdr);\n \t\t*l4_hdr = (char *)l3_hdr + m->l3_len;\n \t\tm->ol_flags |= PKT_TX_IPV6;\n+\t\tdata_len -= m->l3_len;\n \t\tbreak;\n \tdefault:\n \t\tm->l3_len = 0;\n@@ -1866,6 +1886,9 @@ parse_ethernet(struct rte_mbuf *m, uint16_t *l4_proto, void **l4_hdr)\n \t\t*l4_hdr = NULL;\n \t\tbreak;\n \t}\n+\n+\t*len = data_len;\n+\treturn 0;\n }\n \n static __rte_always_inline void\n@@ -1874,24 +1897,30 @@ vhost_dequeue_offload(struct virtio_net_hdr *hdr, struct rte_mbuf *m)\n \tuint16_t l4_proto = 0;\n \tvoid *l4_hdr = NULL;\n \tstruct rte_tcp_hdr *tcp_hdr = NULL;\n+\tuint16_t len = 0;\n \n \tif (hdr->flags == 0 && hdr->gso_type == VIRTIO_NET_HDR_GSO_NONE)\n \t\treturn;\n \n-\tparse_ethernet(m, &l4_proto, &l4_hdr);\n+\tif (parse_ethernet(m, &l4_proto, &l4_hdr, &len) < 0)\n+\t\treturn;\n+\n \tif (hdr->flags == VIRTIO_NET_HDR_F_NEEDS_CSUM) {\n \t\tif (hdr->csum_start == (m->l2_len + m->l3_len)) {\n \t\t\tswitch (hdr->csum_offset) {\n \t\t\tcase (offsetof(struct rte_tcp_hdr, cksum)):\n-\t\t\t\tif (l4_proto == IPPROTO_TCP)\n+\t\t\t\tif (l4_proto == IPPROTO_TCP &&\n+\t\t\t\t\tlen > sizeof(struct rte_tcp_hdr))\n \t\t\t\t\tm->ol_flags |= PKT_TX_TCP_CKSUM;\n \t\t\t\tbreak;\n \t\t\tcase (offsetof(struct rte_udp_hdr, dgram_cksum)):\n-\t\t\t\tif (l4_proto == IPPROTO_UDP)\n+\t\t\t\tif (l4_proto == IPPROTO_UDP &&\n+\t\t\t\t\tlen > sizeof(struct rte_udp_hdr))\n \t\t\t\t\tm->ol_flags |= PKT_TX_UDP_CKSUM;\n \t\t\t\tbreak;\n \t\t\tcase (offsetof(struct rte_sctp_hdr, cksum)):\n-\t\t\t\tif (l4_proto == IPPROTO_SCTP)\n+\t\t\t\tif (l4_proto == IPPROTO_SCTP &&\n+\t\t\t\t\tlen > sizeof(struct rte_sctp_hdr))\n \t\t\t\t\tm->ol_flags |= PKT_TX_SCTP_CKSUM;\n \t\t\t\tbreak;\n \t\t\tdefault:\n@@ -1904,12 +1933,20 @@ vhost_dequeue_offload(struct virtio_net_hdr *hdr, struct rte_mbuf *m)\n \t\tswitch (hdr->gso_type & ~VIRTIO_NET_HDR_GSO_ECN) {\n \t\tcase VIRTIO_NET_HDR_GSO_TCPV4:\n \t\tcase VIRTIO_NET_HDR_GSO_TCPV6:\n+\t\t\tif (l4_proto != IPPROTO_TCP ||\n+\t\t\t\t\tlen <= sizeof(struct rte_tcp_hdr))\n+\t\t\t\tbreak;\n \t\t\ttcp_hdr = l4_hdr;\n+\t\t\tif (len <= (tcp_hdr->data_off & 0xf0) >> 2)\n+\t\t\t\tbreak;\n \t\t\tm->ol_flags |= PKT_TX_TCP_SEG;\n \t\t\tm->tso_segsz = hdr->gso_size;\n \t\t\tm->l4_len = (tcp_hdr->data_off & 0xf0) >> 2;\n \t\t\tbreak;\n \t\tcase VIRTIO_NET_HDR_GSO_UDP:\n+\t\t\tif (l4_proto != IPPROTO_UDP ||\n+\t\t\t\t\tlen <= sizeof(struct rte_udp_hdr))\n+\t\t\t\tbreak;\n \t\t\tm->ol_flags |= PKT_TX_UDP_SEG;\n \t\t\tm->tso_segsz = hdr->gso_size;\n \t\t\tm->l4_len = sizeof(struct rte_udp_hdr);\n", "prefixes": [] }