Patch Detail
get:
Show a patch.
patch:
Update a patch.
put:
Update a patch.
GET /api/patches/94184/?format=api
https://patches.dpdk.org/api/patches/94184/?format=api", "web_url": "https://patches.dpdk.org/project/dpdk/patch/20210615063507.18198-1-xiao.w.wang@intel.com/", "project": { "id": 1, "url": "https://patches.dpdk.org/api/projects/1/?format=api", "name": "DPDK", "link_name": "dpdk", "list_id": "dev.dpdk.org", "list_email": "dev@dpdk.org", "web_url": "http://core.dpdk.org", "scm_url": "git://dpdk.org/dpdk", "webscm_url": "http://git.dpdk.org/dpdk", "list_archive_url": "https://inbox.dpdk.org/dev", "list_archive_url_format": "https://inbox.dpdk.org/dev/{}", "commit_url_format": "" }, "msgid": "<20210615063507.18198-1-xiao.w.wang@intel.com>", "list_archive_url": "https://inbox.dpdk.org/dev/20210615063507.18198-1-xiao.w.wang@intel.com", "date": "2021-06-15T06:35:07", "name": "[v4] vhost: check header for legacy dequeue offload", "commit_ref": null, "pull_url": null, "state": "superseded", "archived": true, "hash": "b2c48c1e3bed42c6df2aaa56f4991d1c6dc85db3", "submitter": { "id": 281, "url": "https://patches.dpdk.org/api/people/281/?format=api", "name": "Xiao Wang", "email": "xiao.w.wang@intel.com" }, "delegate": { "id": 2642, "url": "https://patches.dpdk.org/api/users/2642/?format=api", "username": "mcoquelin", "first_name": "Maxime", "last_name": "Coquelin", "email": "maxime.coquelin@redhat.com" }, "mbox": "https://patches.dpdk.org/project/dpdk/patch/20210615063507.18198-1-xiao.w.wang@intel.com/mbox/", "series": [ { "id": 17324, "url": "https://patches.dpdk.org/api/series/17324/?format=api", "web_url": "https://patches.dpdk.org/project/dpdk/list/?series=17324", "date": "2021-06-15T06:35:07", "name": "[v4] vhost: check header for legacy dequeue offload", "version": 4, "mbox": "https://patches.dpdk.org/series/17324/mbox/" } ], "comments": "https://patches.dpdk.org/api/patches/94184/comments/", "check": "fail", "checks": "https://patches.dpdk.org/api/patches/94184/checks/", "tags": {}, "related": [], "headers": { "Return-Path": "<dev-bounces@dpdk.org>", "X-Original-To": "patchwork@inbox.dpdk.org", "Delivered-To": "patchwork@inbox.dpdk.org", "Received": [ "from mails.dpdk.org (mails.dpdk.org [217.70.189.124])\n\tby inbox.dpdk.org (Postfix) with ESMTP id 6A24FA0C4B;\n\tTue, 15 Jun 2021 09:05:52 +0200 (CEST)", "from [217.70.189.124] (localhost [127.0.0.1])\n\tby mails.dpdk.org (Postfix) with ESMTP id DE7AE4067A;\n\tTue, 15 Jun 2021 09:05:51 +0200 (CEST)", "from mga05.intel.com (mga05.intel.com [192.55.52.43])\n by mails.dpdk.org (Postfix) with ESMTP id 6123040140;\n Tue, 15 Jun 2021 09:05:50 +0200 (CEST)", "from orsmga001.jf.intel.com ([10.7.209.18])\n by fmsmga105.fm.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384;\n 15 Jun 2021 00:05:48 -0700", "from dpdk-xiao1.sh.intel.com ([10.67.110.226])\n by orsmga001.jf.intel.com with ESMTP; 15 Jun 2021 00:05:46 -0700" ], "IronPort-SDR": [ "\n ghEmmKzK7xEwc7S8F5YPHBzKRXG+HAc0Yuz4U28g1j1E8HpT3frfRN5p5tXIJDJAQs47c0UcYn\n aIlWZpVaZV8g==", "\n MMphN6Xln0tL6HpGtZGE+IjOxwHYsWIAaaySMi0Li701BVAP/qXjAM8g9/StezF1Ub+iZGrF3w\n hL3g13cR7GwQ==" ], "X-IronPort-AV": [ "E=McAfee;i=\"6200,9189,10015\"; a=\"291569724\"", "E=Sophos;i=\"5.83,275,1616482800\"; d=\"scan'208\";a=\"291569724\"", "E=Sophos;i=\"5.83,275,1616482800\"; d=\"scan'208\";a=\"484364249\"" ], "X-ExtLoop1": "1", "From": "Xiao Wang <xiao.w.wang@intel.com>", "To": "maxime.coquelin@redhat.com,\n\tchenbo.xia@intel.com", "Cc": "cheng1.jiang@intel.com, dev@dpdk.org, Xiao Wang <xiao.w.wang@intel.com>,\n stable@dpdk.org", "Date": "Tue, 15 Jun 2021 14:35:07 +0800", "Message-Id": "<20210615063507.18198-1-xiao.w.wang@intel.com>", "X-Mailer": "git-send-email 2.15.1", "In-Reply-To": "<20210317063109.135662-1-xiao.w.wang@intel.com>", "References": "<20210317063109.135662-1-xiao.w.wang@intel.com>", "Subject": "[dpdk-dev] [PATCH v4] vhost: check header for legacy dequeue offload", "X-BeenThere": "dev@dpdk.org", "X-Mailman-Version": "2.1.29", "Precedence": "list", "List-Id": "DPDK patches and discussions <dev.dpdk.org>", "List-Unsubscribe": "<https://mails.dpdk.org/options/dev>,\n <mailto:dev-request@dpdk.org?subject=unsubscribe>", "List-Archive": "<http://mails.dpdk.org/archives/dev/>", "List-Post": "<mailto:dev@dpdk.org>", "List-Help": "<mailto:dev-request@dpdk.org?subject=help>", "List-Subscribe": "<https://mails.dpdk.org/listinfo/dev>,\n <mailto:dev-request@dpdk.org?subject=subscribe>", "Errors-To": "dev-bounces@dpdk.org", "Sender": "\"dev\" <dev-bounces@dpdk.org>" }, "content": "When parsing the virtio net header and packet header for dequeue offload,\nwe need to perform sanity check on the packet header to ensure:\n - No out-of-boundary memory access.\n - The packet header and virtio_net header are valid and aligned.\n\nFixes: d0cf91303d73 (\"vhost: add Tx offload capabilities\")\nCc: stable@dpdk.org\n\nSigned-off-by: Xiao Wang <xiao.w.wang@intel.com>\n---\nv4:\n- Rebase on head of main branch.\n- Allow empty L4 payload in GSO.\n\nv3:\n- Check data_len before calling rte_pktmbuf_mtod. (David)\n\nv2:\n- Allow empty L4 payload for cksum offload. (Konstantin)\n---\n lib/vhost/virtio_net.c | 52 +++++++++++++++++++++++++++++++++++++++++++-------\n 1 file changed, 45 insertions(+), 7 deletions(-)", "diff": "diff --git a/lib/vhost/virtio_net.c b/lib/vhost/virtio_net.c\nindex 8da8a86a10..351ff0a841 100644\n--- a/lib/vhost/virtio_net.c\n+++ b/lib/vhost/virtio_net.c\n@@ -2259,44 +2259,64 @@ virtio_net_with_host_offload(struct virtio_net *dev)\n \treturn false;\n }\n \n-static void\n-parse_ethernet(struct rte_mbuf *m, uint16_t *l4_proto, void **l4_hdr)\n+static int\n+parse_ethernet(struct rte_mbuf *m, uint16_t *l4_proto, void **l4_hdr,\n+\t\tuint16_t *len)\n {\n \tstruct rte_ipv4_hdr *ipv4_hdr;\n \tstruct rte_ipv6_hdr *ipv6_hdr;\n \tvoid *l3_hdr = NULL;\n \tstruct rte_ether_hdr *eth_hdr;\n \tuint16_t ethertype;\n+\tuint16_t data_len = m->data_len;\n+\n+\tif (data_len <= sizeof(struct rte_ether_hdr))\n+\t\treturn -EINVAL;\n \n \teth_hdr = rte_pktmbuf_mtod(m, struct rte_ether_hdr *);\n \n \tm->l2_len = sizeof(struct rte_ether_hdr);\n \tethertype = rte_be_to_cpu_16(eth_hdr->ether_type);\n+\tdata_len -= sizeof(struct rte_ether_hdr);\n \n \tif (ethertype == RTE_ETHER_TYPE_VLAN) {\n+\t\tif (data_len <= sizeof(struct rte_vlan_hdr))\n+\t\t\treturn -EINVAL;\n+\n \t\tstruct rte_vlan_hdr *vlan_hdr =\n \t\t\t(struct rte_vlan_hdr *)(eth_hdr + 1);\n \n \t\tm->l2_len += sizeof(struct rte_vlan_hdr);\n \t\tethertype = rte_be_to_cpu_16(vlan_hdr->eth_proto);\n+\t\tdata_len -= sizeof(struct rte_vlan_hdr);\n \t}\n \n \tl3_hdr = (char *)eth_hdr + m->l2_len;\n \n \tswitch (ethertype) {\n \tcase RTE_ETHER_TYPE_IPV4:\n+\t\tif (data_len <= sizeof(struct rte_ipv4_hdr))\n+\t\t\treturn -EINVAL;\n \t\tipv4_hdr = l3_hdr;\n \t\t*l4_proto = ipv4_hdr->next_proto_id;\n \t\tm->l3_len = rte_ipv4_hdr_len(ipv4_hdr);\n+\t\tif (data_len <= m->l3_len) {\n+\t\t\tm->l3_len = 0;\n+\t\t\treturn -EINVAL;\n+\t\t}\n \t\t*l4_hdr = (char *)l3_hdr + m->l3_len;\n \t\tm->ol_flags |= PKT_TX_IPV4;\n+\t\tdata_len -= m->l3_len;\n \t\tbreak;\n \tcase RTE_ETHER_TYPE_IPV6:\n+\t\tif (data_len <= sizeof(struct rte_ipv6_hdr))\n+\t\t\treturn -EINVAL;\n \t\tipv6_hdr = l3_hdr;\n \t\t*l4_proto = ipv6_hdr->proto;\n \t\tm->l3_len = sizeof(struct rte_ipv6_hdr);\n \t\t*l4_hdr = (char *)l3_hdr + m->l3_len;\n \t\tm->ol_flags |= PKT_TX_IPV6;\n+\t\tdata_len -= m->l3_len;\n \t\tbreak;\n \tdefault:\n \t\tm->l3_len = 0;\n@@ -2304,6 +2324,9 @@ parse_ethernet(struct rte_mbuf *m, uint16_t *l4_proto, void **l4_hdr)\n \t\t*l4_hdr = NULL;\n \t\tbreak;\n \t}\n+\n+\t*len = data_len;\n+\treturn 0;\n }\n \n static __rte_always_inline void\n@@ -2312,21 +2335,27 @@ vhost_dequeue_offload_legacy(struct virtio_net_hdr *hdr, struct rte_mbuf *m)\n \tuint16_t l4_proto = 0;\n \tvoid *l4_hdr = NULL;\n \tstruct rte_tcp_hdr *tcp_hdr = NULL;\n+\tuint16_t len = 0, tcp_len;\n+\n+\tif (parse_ethernet(m, &l4_proto, &l4_hdr, &len) < 0)\n+\t\treturn;\n \n-\tparse_ethernet(m, &l4_proto, &l4_hdr);\n \tif (hdr->flags == VIRTIO_NET_HDR_F_NEEDS_CSUM) {\n \t\tif (hdr->csum_start == (m->l2_len + m->l3_len)) {\n \t\t\tswitch (hdr->csum_offset) {\n \t\t\tcase (offsetof(struct rte_tcp_hdr, cksum)):\n-\t\t\t\tif (l4_proto == IPPROTO_TCP)\n+\t\t\t\tif (l4_proto == IPPROTO_TCP &&\n+\t\t\t\t\tlen >= sizeof(struct rte_tcp_hdr))\n \t\t\t\t\tm->ol_flags |= PKT_TX_TCP_CKSUM;\n \t\t\t\tbreak;\n \t\t\tcase (offsetof(struct rte_udp_hdr, dgram_cksum)):\n-\t\t\t\tif (l4_proto == IPPROTO_UDP)\n+\t\t\t\tif (l4_proto == IPPROTO_UDP &&\n+\t\t\t\t\tlen >= sizeof(struct rte_udp_hdr))\n \t\t\t\t\tm->ol_flags |= PKT_TX_UDP_CKSUM;\n \t\t\t\tbreak;\n \t\t\tcase (offsetof(struct rte_sctp_hdr, cksum)):\n-\t\t\t\tif (l4_proto == IPPROTO_SCTP)\n+\t\t\t\tif (l4_proto == IPPROTO_SCTP &&\n+\t\t\t\t\tlen >= sizeof(struct rte_sctp_hdr))\n \t\t\t\t\tm->ol_flags |= PKT_TX_SCTP_CKSUM;\n \t\t\t\tbreak;\n \t\t\tdefault:\n@@ -2339,12 +2368,21 @@ vhost_dequeue_offload_legacy(struct virtio_net_hdr *hdr, struct rte_mbuf *m)\n \t\tswitch (hdr->gso_type & ~VIRTIO_NET_HDR_GSO_ECN) {\n \t\tcase VIRTIO_NET_HDR_GSO_TCPV4:\n \t\tcase VIRTIO_NET_HDR_GSO_TCPV6:\n+\t\t\tif (l4_proto != IPPROTO_TCP ||\n+\t\t\t\tlen < sizeof(struct rte_tcp_hdr))\n+\t\t\t\tbreak;\n \t\t\ttcp_hdr = l4_hdr;\n+\t\t\ttcp_len = (tcp_hdr->data_off & 0xf0) >> 2;\n+\t\t\tif (len < tcp_len)\n+\t\t\t\tbreak;\n \t\t\tm->ol_flags |= PKT_TX_TCP_SEG;\n \t\t\tm->tso_segsz = hdr->gso_size;\n-\t\t\tm->l4_len = (tcp_hdr->data_off & 0xf0) >> 2;\n+\t\t\tm->l4_len = tcp_len;\n \t\t\tbreak;\n \t\tcase VIRTIO_NET_HDR_GSO_UDP:\n+\t\t\tif (l4_proto != IPPROTO_UDP ||\n+\t\t\t\tlen < sizeof(struct rte_udp_hdr))\n+\t\t\t\tbreak;\n \t\t\tm->ol_flags |= PKT_TX_UDP_SEG;\n \t\t\tm->tso_segsz = hdr->gso_size;\n \t\t\tm->l4_len = sizeof(struct rte_udp_hdr);\n", "prefixes": [ "v4" ] }{ "id": 94184, "url": "