net: check that seg is valid before dereference
Checks
Commit Message
If the overall pkt_len and segment lengths are out of agreement,
it is possible for the seg to be NULL after the loop. Add assert
to check this condition in debug builds.
Fixes: c442fed81bb9 ("net: add function to calculate checksum in mbuf")
Signed-off-by: Chas Williams <3chas3@gmail.com>
---
lib/librte_net/rte_ip.h | 1 +
1 file changed, 1 insertion(+)
Comments
> -----Original Message-----
> From: dev [mailto:dev-bounces@dpdk.org] On Behalf Of Chas Williams
> Sent: Monday, September 28, 2020 11:32 PM
> To: dev@dpdk.org
> Cc: olivier.matz@6wind.com; Chas Williams <3chas3@gmail.com>
> Subject: [dpdk-dev] [PATCH] net: check that seg is valid before dereference
>
> If the overall pkt_len and segment lengths are out of agreement, it is possible
> for the seg to be NULL after the loop. Add assert to check this condition in
> debug builds.
>
> Fixes: c442fed81bb9 ("net: add function to calculate checksum in mbuf")
>
> Signed-off-by: Chas Williams <3chas3@gmail.com>
> ---
> lib/librte_net/rte_ip.h | 1 +
> 1 file changed, 1 insertion(+)
>
> diff --git a/lib/librte_net/rte_ip.h b/lib/librte_net/rte_ip.h index
> fcd1eb342..6b3e4cdda 100644
> --- a/lib/librte_net/rte_ip.h
> +++ b/lib/librte_net/rte_ip.h
> @@ -225,6 +225,7 @@ rte_raw_cksum_mbuf(const struct rte_mbuf *m,
> uint32_t off, uint32_t len,
> break;
> off -= seglen;
> }
> + RTE_ASSERT(seg != NULL);
Is it better to return an error code?
> seglen -= off;
> buf = rte_pktmbuf_mtod_offset(seg, const char *, off);
> if (seglen >= len) {
> --
> 2.26.2
On 9/28/20 11:01 PM, wangyunjian wrote:
>> -----Original Message-----
>> From: dev [mailto:dev-bounces@dpdk.org] On Behalf Of Chas Williams
>> Sent: Monday, September 28, 2020 11:32 PM
>> To: dev@dpdk.org
>> Cc: olivier.matz@6wind.com; Chas Williams <3chas3@gmail.com>
>> Subject: [dpdk-dev] [PATCH] net: check that seg is valid before dereference
>>
>> If the overall pkt_len and segment lengths are out of agreement, it is possible
>> for the seg to be NULL after the loop. Add assert to check this condition in
>> debug builds.
>>
>> Fixes: c442fed81bb9 ("net: add function to calculate checksum in mbuf")
>>
>> Signed-off-by: Chas Williams <3chas3@gmail.com>
>> ---
>> lib/librte_net/rte_ip.h | 1 +
>> 1 file changed, 1 insertion(+)
>>
>> diff --git a/lib/librte_net/rte_ip.h b/lib/librte_net/rte_ip.h index
>> fcd1eb342..6b3e4cdda 100644
>> --- a/lib/librte_net/rte_ip.h
>> +++ b/lib/librte_net/rte_ip.h
>> @@ -225,6 +225,7 @@ rte_raw_cksum_mbuf(const struct rte_mbuf *m,
>> uint32_t off, uint32_t len,
>> break;
>> off -= seglen;
>> }
>> + RTE_ASSERT(seg != NULL);
>
> Is it better to return an error code?
Maybe. However, to get into this state your mbuf chain is already badly broken.
Personally, I would prefer an immediate failure in the application so
I can track
down the source of this error.
No one is checking the return code now, so returning one wouldn't
really help unless I also fix the callers. Lastly, would everyone
be happy with an extra branch in the virtio RX path?
>
>> seglen -= off;
>> buf = rte_pktmbuf_mtod_offset(seg, const char *, off);
>> if (seglen >= len) {
>> --
>> 2.26.2
>
@@ -225,6 +225,7 @@ rte_raw_cksum_mbuf(const struct rte_mbuf *m, uint32_t off, uint32_t len,
break;
off -= seglen;
}
+ RTE_ASSERT(seg != NULL);
seglen -= off;
buf = rte_pktmbuf_mtod_offset(seg, const char *, off);
if (seglen >= len) {