diff mbox series

[v4,1/2] net/tap: fix buffer overflow for ptypes list through updation of last element.

Message ID 20240104175111.2190075-2-venkatx.sivaramakrishnan@intel.com (mailing list archive)
State Superseded, archived
Delegated to: Ferruh Yigit
Headers
Series [v4,1/2] net/tap: fix buffer overflow for ptypes list through updation of last element. |

Checks

Context Check Description
ci/checkpatch success coding style OK

Commit Message

Sivaramakrishnan Venkat Jan. 4, 2024, 5:51 p.m. UTC 
  Incorrect ptypes list causes buffer overflow for Address Sanitizer
run. The last element in the ptypes lists to be "RTE_PTYPE_UNKNOWN"
for rte_eth_dev_get_supported_ptypes().
In rte_eth_dev_get_supported_ptypes(),the loop iterates until it
finds "RTE_PTYPE_UNKNOWN" to detect last element of the ptypes array.
Fix the ptypes list for drivers.

Fixes: 0849ac3b6122 ("net/tap: add packet type management")
Fixes: a7bdc3bd4244 ("net/dpaa: support packet type parsing")
Fixes: 4ccc8d770d3b ("net/mvneta: add PMD skeleton")
Fixes: f3f0d77db6b0 ("net/mrvl: support packet type parsing")
Fixes: 78a38edf66de ("ethdev: query supported packet types")
Fixes: 659b494d3d88 ("net/pfe: add packet types and basic statistics")
Fixes: 398a1be14168 ("net/thunderx: remove generic passX references")
Cc: pascal.mazon@6wind.com
Cc: zr@semihalf.com
Cc: tdu@semihalf.com
Cc: jianfeng.tan@intel.com
Cc: g.singh@nxp.com
Cc: jerin.jacob@caviumnetworks.com
Cc: stable@dpdk.org

Signed-off-by: Sivaramakrishnan Venkat <venkatx.sivaramakrishnan@intel.com>
---
 drivers/net/dpaa/dpaa_ethdev.c      | 3 ++-
 drivers/net/mvneta/mvneta_ethdev.c  | 3 ++-
 drivers/net/mvpp2/mrvl_ethdev.c     | 3 ++-
 drivers/net/nfp/nfp_net_common.c    | 1 +
 drivers/net/pfe/pfe_ethdev.c        | 3 ++-
 drivers/net/tap/rte_eth_tap.c       | 1 +
 drivers/net/thunderx/nicvf_ethdev.c | 2 ++
 7 files changed, 12 insertions(+), 4 deletions(-)

Comments

Ferruh Yigit Jan. 11, 2024, 3:11 p.m. UTC | #1 
On 1/4/2024 5:51 PM, Sivaramakrishnan Venkat wrote:
> Incorrect ptypes list causes buffer overflow for Address Sanitizer
> run. 
>

I think it cause buffer overflow anyway, but detected with Address
Sanitizer, so perhaps we can say:
"Address Sanitizer detected buffer overflow caused by incorrect ptypes
list."


> The last element in the ptypes lists to be "RTE_PTYPE_UNKNOWN"
> for rte_eth_dev_get_supported_ptypes().
> In rte_eth_dev_get_supported_ptypes(),the loop iterates until it
> finds "RTE_PTYPE_UNKNOWN" to detect last element of the ptypes array.
>

It implies but can be good to put clearly that missing
"RTE_PTYPE_UNKNOWN" causes the buffer overflow in the loop.

> Fix the ptypes list for drivers.
> 
> Fixes: 0849ac3b6122 ("net/tap: add packet type management")
> Fixes: a7bdc3bd4244 ("net/dpaa: support packet type parsing")
> Fixes: 4ccc8d770d3b ("net/mvneta: add PMD skeleton")
> Fixes: f3f0d77db6b0 ("net/mrvl: support packet type parsing")
> Fixes: 78a38edf66de ("ethdev: query supported packet types")
>

Is this fixes line correct, as far as I can see drivers added with this
commit is correct.

nfp driver also seems fixed, maybe intention was add fixes for it?

> Fixes: 659b494d3d88 ("net/pfe: add packet types and basic statistics")
> Fixes: 398a1be14168 ("net/thunderx: remove generic passX references")
> Cc: pascal.mazon@6wind.com
> Cc: zr@semihalf.com
> Cc: tdu@semihalf.com
> Cc: jianfeng.tan@intel.com
> Cc: g.singh@nxp.com
> Cc: jerin.jacob@caviumnetworks.com
> Cc: stable@dpdk.org
> 
> Signed-off-by: Sivaramakrishnan Venkat <venkatx.sivaramakrishnan@intel.com>
>

Patch is no more tap patch, can you please update the patch title in
next version, it can be something like:
"drivers/net: fix buffer overflow for ptypes list"

> ---
>  drivers/net/dpaa/dpaa_ethdev.c      | 3 ++-
>  drivers/net/mvneta/mvneta_ethdev.c  | 3 ++-
>  drivers/net/mvpp2/mrvl_ethdev.c     | 3 ++-
>  drivers/net/nfp/nfp_net_common.c    | 1 +
>  drivers/net/pfe/pfe_ethdev.c        | 3 ++-
>  drivers/net/tap/rte_eth_tap.c       | 1 +
>  drivers/net/thunderx/nicvf_ethdev.c | 2 ++
>  7 files changed, 12 insertions(+), 4 deletions(-)
> 

Code changes looks good to me.
diff mbox series

Patch

diff --git a/drivers/net/dpaa/dpaa_ethdev.c b/drivers/net/dpaa/dpaa_ethdev.c
index ef4c06db6a..779bdc5860 100644
--- a/drivers/net/dpaa/dpaa_ethdev.c
+++ b/drivers/net/dpaa/dpaa_ethdev.c
@@ -363,7 +363,8 @@  dpaa_supported_ptypes_get(struct rte_eth_dev *dev)
 		RTE_PTYPE_L4_TCP,
 		RTE_PTYPE_L4_UDP,
 		RTE_PTYPE_L4_SCTP,
-		RTE_PTYPE_TUNNEL_ESP
+		RTE_PTYPE_TUNNEL_ESP,
+		RTE_PTYPE_UNKNOWN
 	};
 
 	PMD_INIT_FUNC_TRACE();
diff --git a/drivers/net/mvneta/mvneta_ethdev.c b/drivers/net/mvneta/mvneta_ethdev.c
index daa69e533a..212c300c14 100644
--- a/drivers/net/mvneta/mvneta_ethdev.c
+++ b/drivers/net/mvneta/mvneta_ethdev.c
@@ -198,7 +198,8 @@  mvneta_dev_supported_ptypes_get(struct rte_eth_dev *dev __rte_unused)
 		RTE_PTYPE_L3_IPV4,
 		RTE_PTYPE_L3_IPV6,
 		RTE_PTYPE_L4_TCP,
-		RTE_PTYPE_L4_UDP
+		RTE_PTYPE_L4_UDP,
+		RTE_PTYPE_UNKNOWN
 	};
 
 	return ptypes;
diff --git a/drivers/net/mvpp2/mrvl_ethdev.c b/drivers/net/mvpp2/mrvl_ethdev.c
index c12364941d..4cc64c7cad 100644
--- a/drivers/net/mvpp2/mrvl_ethdev.c
+++ b/drivers/net/mvpp2/mrvl_ethdev.c
@@ -1777,7 +1777,8 @@  mrvl_dev_supported_ptypes_get(struct rte_eth_dev *dev __rte_unused)
 		RTE_PTYPE_L3_IPV6_EXT,
 		RTE_PTYPE_L2_ETHER_ARP,
 		RTE_PTYPE_L4_TCP,
-		RTE_PTYPE_L4_UDP
+		RTE_PTYPE_L4_UDP,
+		RTE_PTYPE_UNKNOWN
 	};
 
 	return ptypes;
diff --git a/drivers/net/nfp/nfp_net_common.c b/drivers/net/nfp/nfp_net_common.c
index e969b840d6..46d0e07850 100644
--- a/drivers/net/nfp/nfp_net_common.c
+++ b/drivers/net/nfp/nfp_net_common.c
@@ -1299,6 +1299,7 @@  nfp_net_supported_ptypes_get(struct rte_eth_dev *dev)
 		RTE_PTYPE_INNER_L4_NONFRAG,
 		RTE_PTYPE_INNER_L4_ICMP,
 		RTE_PTYPE_INNER_L4_SCTP,
+		RTE_PTYPE_UNKNOWN
 	};
 
 	if (dev->rx_pkt_burst != nfp_net_recv_pkts)
diff --git a/drivers/net/pfe/pfe_ethdev.c b/drivers/net/pfe/pfe_ethdev.c
index 551f3cf193..0073dd7405 100644
--- a/drivers/net/pfe/pfe_ethdev.c
+++ b/drivers/net/pfe/pfe_ethdev.c
@@ -520,7 +520,8 @@  pfe_supported_ptypes_get(struct rte_eth_dev *dev)
 		RTE_PTYPE_L3_IPV6_EXT,
 		RTE_PTYPE_L4_TCP,
 		RTE_PTYPE_L4_UDP,
-		RTE_PTYPE_L4_SCTP
+		RTE_PTYPE_L4_SCTP,
+		RTE_PTYPE_UNKNOWN
 	};
 
 	if (dev->rx_pkt_burst == pfe_recv_pkts ||
diff --git a/drivers/net/tap/rte_eth_tap.c b/drivers/net/tap/rte_eth_tap.c
index b41fa971cb..3fa03cdbee 100644
--- a/drivers/net/tap/rte_eth_tap.c
+++ b/drivers/net/tap/rte_eth_tap.c
@@ -1803,6 +1803,7 @@  tap_dev_supported_ptypes_get(struct rte_eth_dev *dev __rte_unused)
 		RTE_PTYPE_L4_UDP,
 		RTE_PTYPE_L4_TCP,
 		RTE_PTYPE_L4_SCTP,
+		RTE_PTYPE_UNKNOWN
 	};
 
 	return ptypes;
diff --git a/drivers/net/thunderx/nicvf_ethdev.c b/drivers/net/thunderx/nicvf_ethdev.c
index a504d41dfe..5a0c3dc4a6 100644
--- a/drivers/net/thunderx/nicvf_ethdev.c
+++ b/drivers/net/thunderx/nicvf_ethdev.c
@@ -392,12 +392,14 @@  nicvf_dev_supported_ptypes_get(struct rte_eth_dev *dev)
 		RTE_PTYPE_L4_TCP,
 		RTE_PTYPE_L4_UDP,
 		RTE_PTYPE_L4_FRAG,
+		RTE_PTYPE_UNKNOWN
 	};
 	static const uint32_t ptypes_tunnel[] = {
 		RTE_PTYPE_TUNNEL_GRE,
 		RTE_PTYPE_TUNNEL_GENEVE,
 		RTE_PTYPE_TUNNEL_VXLAN,
 		RTE_PTYPE_TUNNEL_NVGRE,
+		RTE_PTYPE_UNKNOWN
 	};
 	static const uint32_t ptypes_end = RTE_PTYPE_UNKNOWN;