Patch Detail
get:
Show a patch.
patch:
Update a patch.
put:
Update a patch.
GET /api/patches/34969/?format=api
http://patches.dpdk.org/api/patches/34969/?format=api", "web_url": "http://patches.dpdk.org/project/dpdk/patch/20180205121642.26428-9-stefanha@redhat.com/", "project": { "id": 1, "url": "http://patches.dpdk.org/api/projects/1/?format=api", "name": "DPDK", "link_name": "dpdk", "list_id": "dev.dpdk.org", "list_email": "dev@dpdk.org", "web_url": "http://core.dpdk.org", "scm_url": "git://dpdk.org/dpdk", "webscm_url": "http://git.dpdk.org/dpdk", "list_archive_url": "https://inbox.dpdk.org/dev", "list_archive_url_format": "https://inbox.dpdk.org/dev/{}", "commit_url_format": "" }, "msgid": "<20180205121642.26428-9-stefanha@redhat.com>", "list_archive_url": "https://inbox.dpdk.org/dev/20180205121642.26428-9-stefanha@redhat.com", "date": "2018-02-05T12:16:42", "name": "[dpdk-dev,8/8] vhost: check for memory_size + mmap_offset overflow", "commit_ref": null, "pull_url": null, "state": "accepted", "archived": true, "hash": "f8064ae50176c49e4f3ae86ca4d580b9e4a600e0", "submitter": { "id": 933, "url": "http://patches.dpdk.org/api/people/933/?format=api", "name": "Stefan Hajnoczi", "email": "stefanha@redhat.com" }, "delegate": { "id": 2642, "url": "http://patches.dpdk.org/api/users/2642/?format=api", "username": "mcoquelin", "first_name": "Maxime", "last_name": "Coquelin", "email": "maxime.coquelin@redhat.com" }, "mbox": "http://patches.dpdk.org/project/dpdk/patch/20180205121642.26428-9-stefanha@redhat.com/mbox/", "series": [], "comments": "http://patches.dpdk.org/api/patches/34969/comments/", "check": "success", "checks": "http://patches.dpdk.org/api/patches/34969/checks/", "tags": {}, "related": [], "headers": { "Return-Path": "<dev-bounces@dpdk.org>", "X-Original-To": "patchwork@dpdk.org", "Delivered-To": "patchwork@dpdk.org", "Received": [ "from [92.243.14.124] (localhost [127.0.0.1])\n\tby dpdk.org (Postfix) with ESMTP id 966911B374;\n\tMon, 5 Feb 2018 13:17:35 +0100 (CET)", "from mx1.redhat.com (mx1.redhat.com [209.132.183.28])\n\tby dpdk.org (Postfix) with ESMTP id C240F1B378\n\tfor <dev@dpdk.org>; Mon, 5 Feb 2018 13:17:34 +0100 (CET)", "from smtp.corp.redhat.com\n\t(int-mx05.intmail.prod.int.phx2.redhat.com [10.5.11.15])\n\t(using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits))\n\t(No client certificate requested)\n\tby mx1.redhat.com (Postfix) with ESMTPS id 32C022820C;\n\tMon, 5 Feb 2018 12:17:34 +0000 (UTC)", "from localhost (ovpn-117-200.ams2.redhat.com [10.36.117.200])\n\tby smtp.corp.redhat.com (Postfix) with ESMTP id 517EF5D6A2;\n\tMon, 5 Feb 2018 12:17:33 +0000 (UTC)" ], "From": "Stefan Hajnoczi <stefanha@redhat.com>", "To": "dev@dpdk.org", "Cc": "Maxime Coquelin <maxime.coquelin@redhat.com>,\n\tYuanhan Liu <yliu@fridaylinux.org>, Stefan Hajnoczi <stefanha@redhat.com>", "Date": "Mon, 5 Feb 2018 12:16:42 +0000", "Message-Id": "<20180205121642.26428-9-stefanha@redhat.com>", "In-Reply-To": "<20180205121642.26428-1-stefanha@redhat.com>", "References": "<20180205121642.26428-1-stefanha@redhat.com>", "X-Scanned-By": "MIMEDefang 2.79 on 10.5.11.15", "X-Greylist": "Sender IP whitelisted, not delayed by milter-greylist-4.5.16\n\t(mx1.redhat.com [10.5.110.30]); Mon, 05 Feb 2018 12:17:34 +0000 (UTC)", "Subject": "[dpdk-dev] [PATCH 8/8] vhost: check for memory_size + mmap_offset\n\toverflow", "X-BeenThere": "dev@dpdk.org", "X-Mailman-Version": "2.1.15", "Precedence": "list", "List-Id": "DPDK patches and discussions <dev.dpdk.org>", "List-Unsubscribe": "<https://dpdk.org/ml/options/dev>,\n\t<mailto:dev-request@dpdk.org?subject=unsubscribe>", "List-Archive": "<http://dpdk.org/ml/archives/dev/>", "List-Post": "<mailto:dev@dpdk.org>", "List-Help": "<mailto:dev-request@dpdk.org?subject=help>", "List-Subscribe": "<https://dpdk.org/ml/listinfo/dev>,\n\t<mailto:dev-request@dpdk.org?subject=subscribe>", "Errors-To": "dev-bounces@dpdk.org", "Sender": "\"dev\" <dev-bounces@dpdk.org>" }, "content": "If memory_size + mmap_offset overflows then the memory region is bogus.\nDo not use the overflowed mmap_size value for mmap().\n\nSigned-off-by: Stefan Hajnoczi <stefanha@redhat.com>\n---\n lib/librte_vhost/vhost_user.c | 12 +++++++++++-\n 1 file changed, 11 insertions(+), 1 deletion(-)", "diff": "diff --git a/lib/librte_vhost/vhost_user.c b/lib/librte_vhost/vhost_user.c\nindex 7d282cb36..cf742a558 100644\n--- a/lib/librte_vhost/vhost_user.c\n+++ b/lib/librte_vhost/vhost_user.c\n@@ -729,7 +729,17 @@ vhost_user_set_mem_table(struct virtio_net *dev, struct VhostUserMsg *pmsg)\n \t\treg->fd = fd;\n \n \t\tmmap_offset = memory.regions[i].mmap_offset;\n-\t\tmmap_size = reg->size + mmap_offset;\n+\n+\t\t/* Check for memory_size + mmap_offset overflow */\n+\t\tif (mmap_offset >= -reg->size) {\n+\t\t\tRTE_LOG(ERR, VHOST_CONFIG,\n+\t\t\t\t\"mmap_offset (%#\"PRIx64\") and memory_size \"\n+\t\t\t\t\"(%#\"PRIx64\") overflow\\n\",\n+\t\t\t\tmmap_offset, reg->size);\n+\t\t\tgoto err_mmap;\n+\t\t}\n+\n+\t\tmmap_size = reg->size + mmap_offset;\n \n \t\t/* mmap() without flag of MAP_ANONYMOUS, should be called\n \t\t * with length argument aligned with hugepagesz at older\n", "prefixes": [ "dpdk-dev", "8/8" ] }{ "id": 34969, "url": "