Patch Detail

HTTP 200 OK
Allow: GET, PUT, PATCH, HEAD, OPTIONS
Content-Type: application/json
Vary: Accept

{
    "id": 94184,
    "url": "https://patches.dpdk.org/api/patches/94184/?format=api",
    "web_url": "https://patches.dpdk.org/project/dpdk/patch/20210615063507.18198-1-xiao.w.wang@intel.com/",
    "project": {
        "id": 1,
        "url": "https://patches.dpdk.org/api/projects/1/?format=api",
        "name": "DPDK",
        "link_name": "dpdk",
        "list_id": "dev.dpdk.org",
        "list_email": "dev@dpdk.org",
        "web_url": "http://core.dpdk.org",
        "scm_url": "git://dpdk.org/dpdk",
        "webscm_url": "http://git.dpdk.org/dpdk",
        "list_archive_url": "https://inbox.dpdk.org/dev",
        "list_archive_url_format": "https://inbox.dpdk.org/dev/{}",
        "commit_url_format": ""
    },
    "msgid": "<20210615063507.18198-1-xiao.w.wang@intel.com>",
    "list_archive_url": "https://inbox.dpdk.org/dev/20210615063507.18198-1-xiao.w.wang@intel.com",
    "date": "2021-06-15T06:35:07",
    "name": "[v4] vhost: check header for legacy dequeue offload",
    "commit_ref": null,
    "pull_url": null,
    "state": "superseded",
    "archived": true,
    "hash": "b2c48c1e3bed42c6df2aaa56f4991d1c6dc85db3",
    "submitter": {
        "id": 281,
        "url": "https://patches.dpdk.org/api/people/281/?format=api",
        "name": "Xiao Wang",
        "email": "xiao.w.wang@intel.com"
    },
    "delegate": {
        "id": 2642,
        "url": "https://patches.dpdk.org/api/users/2642/?format=api",
        "username": "mcoquelin",
        "first_name": "Maxime",
        "last_name": "Coquelin",
        "email": "maxime.coquelin@redhat.com"
    },
    "mbox": "https://patches.dpdk.org/project/dpdk/patch/20210615063507.18198-1-xiao.w.wang@intel.com/mbox/",
    "series": [
        {
            "id": 17324,
            "url": "https://patches.dpdk.org/api/series/17324/?format=api",
            "web_url": "https://patches.dpdk.org/project/dpdk/list/?series=17324",
            "date": "2021-06-15T06:35:07",
            "name": "[v4] vhost: check header for legacy dequeue offload",
            "version": 4,
            "mbox": "https://patches.dpdk.org/series/17324/mbox/"
        }
    ],
    "comments": "https://patches.dpdk.org/api/patches/94184/comments/",
    "check": "fail",
    "checks": "https://patches.dpdk.org/api/patches/94184/checks/",
    "tags": {},
    "related": [],
    "headers": {
        "Return-Path": "<dev-bounces@dpdk.org>",
        "X-Original-To": "patchwork@inbox.dpdk.org",
        "Delivered-To": "patchwork@inbox.dpdk.org",
        "Received": [
            "from mails.dpdk.org (mails.dpdk.org [217.70.189.124])\n\tby inbox.dpdk.org (Postfix) with ESMTP id 6A24FA0C4B;\n\tTue, 15 Jun 2021 09:05:52 +0200 (CEST)",
            "from [217.70.189.124] (localhost [127.0.0.1])\n\tby mails.dpdk.org (Postfix) with ESMTP id DE7AE4067A;\n\tTue, 15 Jun 2021 09:05:51 +0200 (CEST)",
            "from mga05.intel.com (mga05.intel.com [192.55.52.43])\n by mails.dpdk.org (Postfix) with ESMTP id 6123040140;\n Tue, 15 Jun 2021 09:05:50 +0200 (CEST)",
            "from orsmga001.jf.intel.com ([10.7.209.18])\n by fmsmga105.fm.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384;\n 15 Jun 2021 00:05:48 -0700",
            "from dpdk-xiao1.sh.intel.com ([10.67.110.226])\n by orsmga001.jf.intel.com with ESMTP; 15 Jun 2021 00:05:46 -0700"
        ],
        "IronPort-SDR": [
            "\n ghEmmKzK7xEwc7S8F5YPHBzKRXG+HAc0Yuz4U28g1j1E8HpT3frfRN5p5tXIJDJAQs47c0UcYn\n aIlWZpVaZV8g==",
            "\n MMphN6Xln0tL6HpGtZGE+IjOxwHYsWIAaaySMi0Li701BVAP/qXjAM8g9/StezF1Ub+iZGrF3w\n hL3g13cR7GwQ=="
        ],
        "X-IronPort-AV": [
            "E=McAfee;i=\"6200,9189,10015\"; a=\"291569724\"",
            "E=Sophos;i=\"5.83,275,1616482800\"; d=\"scan'208\";a=\"291569724\"",
            "E=Sophos;i=\"5.83,275,1616482800\"; d=\"scan'208\";a=\"484364249\""
        ],
        "X-ExtLoop1": "1",
        "From": "Xiao Wang <xiao.w.wang@intel.com>",
        "To": "maxime.coquelin@redhat.com,\n\tchenbo.xia@intel.com",
        "Cc": "cheng1.jiang@intel.com, dev@dpdk.org, Xiao Wang <xiao.w.wang@intel.com>,\n stable@dpdk.org",
        "Date": "Tue, 15 Jun 2021 14:35:07 +0800",
        "Message-Id": "<20210615063507.18198-1-xiao.w.wang@intel.com>",
        "X-Mailer": "git-send-email 2.15.1",
        "In-Reply-To": "<20210317063109.135662-1-xiao.w.wang@intel.com>",
        "References": "<20210317063109.135662-1-xiao.w.wang@intel.com>",
        "Subject": "[dpdk-dev] [PATCH v4] vhost: check header for legacy dequeue offload",
        "X-BeenThere": "dev@dpdk.org",
        "X-Mailman-Version": "2.1.29",
        "Precedence": "list",
        "List-Id": "DPDK patches and discussions <dev.dpdk.org>",
        "List-Unsubscribe": "<https://mails.dpdk.org/options/dev>,\n <mailto:dev-request@dpdk.org?subject=unsubscribe>",
        "List-Archive": "<http://mails.dpdk.org/archives/dev/>",
        "List-Post": "<mailto:dev@dpdk.org>",
        "List-Help": "<mailto:dev-request@dpdk.org?subject=help>",
        "List-Subscribe": "<https://mails.dpdk.org/listinfo/dev>,\n <mailto:dev-request@dpdk.org?subject=subscribe>",
        "Errors-To": "dev-bounces@dpdk.org",
        "Sender": "\"dev\" <dev-bounces@dpdk.org>"
    },
    "content": "When parsing the virtio net header and packet header for dequeue offload,\nwe need to perform sanity check on the packet header to ensure:\n  - No out-of-boundary memory access.\n  - The packet header and virtio_net header are valid and aligned.\n\nFixes: d0cf91303d73 (\"vhost: add Tx offload capabilities\")\nCc: stable@dpdk.org\n\nSigned-off-by: Xiao Wang <xiao.w.wang@intel.com>\n---\nv4:\n- Rebase on head of main branch.\n- Allow empty L4 payload in GSO.\n\nv3:\n- Check data_len before calling rte_pktmbuf_mtod. (David)\n\nv2:\n- Allow empty L4 payload for cksum offload. (Konstantin)\n---\n lib/vhost/virtio_net.c | 52 +++++++++++++++++++++++++++++++++++++++++++-------\n 1 file changed, 45 insertions(+), 7 deletions(-)",
    "diff": "diff --git a/lib/vhost/virtio_net.c b/lib/vhost/virtio_net.c\nindex 8da8a86a10..351ff0a841 100644\n--- a/lib/vhost/virtio_net.c\n+++ b/lib/vhost/virtio_net.c\n@@ -2259,44 +2259,64 @@ virtio_net_with_host_offload(struct virtio_net *dev)\n \treturn false;\n }\n \n-static void\n-parse_ethernet(struct rte_mbuf *m, uint16_t *l4_proto, void **l4_hdr)\n+static int\n+parse_ethernet(struct rte_mbuf *m, uint16_t *l4_proto, void **l4_hdr,\n+\t\tuint16_t *len)\n {\n \tstruct rte_ipv4_hdr *ipv4_hdr;\n \tstruct rte_ipv6_hdr *ipv6_hdr;\n \tvoid *l3_hdr = NULL;\n \tstruct rte_ether_hdr *eth_hdr;\n \tuint16_t ethertype;\n+\tuint16_t data_len = m->data_len;\n+\n+\tif (data_len <= sizeof(struct rte_ether_hdr))\n+\t\treturn -EINVAL;\n \n \teth_hdr = rte_pktmbuf_mtod(m, struct rte_ether_hdr *);\n \n \tm->l2_len = sizeof(struct rte_ether_hdr);\n \tethertype = rte_be_to_cpu_16(eth_hdr->ether_type);\n+\tdata_len -= sizeof(struct rte_ether_hdr);\n \n \tif (ethertype == RTE_ETHER_TYPE_VLAN) {\n+\t\tif (data_len <= sizeof(struct rte_vlan_hdr))\n+\t\t\treturn -EINVAL;\n+\n \t\tstruct rte_vlan_hdr *vlan_hdr =\n \t\t\t(struct rte_vlan_hdr *)(eth_hdr + 1);\n \n \t\tm->l2_len += sizeof(struct rte_vlan_hdr);\n \t\tethertype = rte_be_to_cpu_16(vlan_hdr->eth_proto);\n+\t\tdata_len -= sizeof(struct rte_vlan_hdr);\n \t}\n \n \tl3_hdr = (char *)eth_hdr + m->l2_len;\n \n \tswitch (ethertype) {\n \tcase RTE_ETHER_TYPE_IPV4:\n+\t\tif (data_len <= sizeof(struct rte_ipv4_hdr))\n+\t\t\treturn -EINVAL;\n \t\tipv4_hdr = l3_hdr;\n \t\t*l4_proto = ipv4_hdr->next_proto_id;\n \t\tm->l3_len = rte_ipv4_hdr_len(ipv4_hdr);\n+\t\tif (data_len <= m->l3_len) {\n+\t\t\tm->l3_len = 0;\n+\t\t\treturn -EINVAL;\n+\t\t}\n \t\t*l4_hdr = (char *)l3_hdr + m->l3_len;\n \t\tm->ol_flags |= PKT_TX_IPV4;\n+\t\tdata_len -= m->l3_len;\n \t\tbreak;\n \tcase RTE_ETHER_TYPE_IPV6:\n+\t\tif (data_len <= sizeof(struct rte_ipv6_hdr))\n+\t\t\treturn -EINVAL;\n \t\tipv6_hdr = l3_hdr;\n \t\t*l4_proto = ipv6_hdr->proto;\n \t\tm->l3_len = sizeof(struct rte_ipv6_hdr);\n \t\t*l4_hdr = (char *)l3_hdr + m->l3_len;\n \t\tm->ol_flags |= PKT_TX_IPV6;\n+\t\tdata_len -= m->l3_len;\n \t\tbreak;\n \tdefault:\n \t\tm->l3_len = 0;\n@@ -2304,6 +2324,9 @@ parse_ethernet(struct rte_mbuf *m, uint16_t *l4_proto, void **l4_hdr)\n \t\t*l4_hdr = NULL;\n \t\tbreak;\n \t}\n+\n+\t*len = data_len;\n+\treturn 0;\n }\n \n static __rte_always_inline void\n@@ -2312,21 +2335,27 @@ vhost_dequeue_offload_legacy(struct virtio_net_hdr *hdr, struct rte_mbuf *m)\n \tuint16_t l4_proto = 0;\n \tvoid *l4_hdr = NULL;\n \tstruct rte_tcp_hdr *tcp_hdr = NULL;\n+\tuint16_t len = 0, tcp_len;\n+\n+\tif (parse_ethernet(m, &l4_proto, &l4_hdr, &len) < 0)\n+\t\treturn;\n \n-\tparse_ethernet(m, &l4_proto, &l4_hdr);\n \tif (hdr->flags == VIRTIO_NET_HDR_F_NEEDS_CSUM) {\n \t\tif (hdr->csum_start == (m->l2_len + m->l3_len)) {\n \t\t\tswitch (hdr->csum_offset) {\n \t\t\tcase (offsetof(struct rte_tcp_hdr, cksum)):\n-\t\t\t\tif (l4_proto == IPPROTO_TCP)\n+\t\t\t\tif (l4_proto == IPPROTO_TCP &&\n+\t\t\t\t\tlen >= sizeof(struct rte_tcp_hdr))\n \t\t\t\t\tm->ol_flags |= PKT_TX_TCP_CKSUM;\n \t\t\t\tbreak;\n \t\t\tcase (offsetof(struct rte_udp_hdr, dgram_cksum)):\n-\t\t\t\tif (l4_proto == IPPROTO_UDP)\n+\t\t\t\tif (l4_proto == IPPROTO_UDP &&\n+\t\t\t\t\tlen >= sizeof(struct rte_udp_hdr))\n \t\t\t\t\tm->ol_flags |= PKT_TX_UDP_CKSUM;\n \t\t\t\tbreak;\n \t\t\tcase (offsetof(struct rte_sctp_hdr, cksum)):\n-\t\t\t\tif (l4_proto == IPPROTO_SCTP)\n+\t\t\t\tif (l4_proto == IPPROTO_SCTP &&\n+\t\t\t\t\tlen >= sizeof(struct rte_sctp_hdr))\n \t\t\t\t\tm->ol_flags |= PKT_TX_SCTP_CKSUM;\n \t\t\t\tbreak;\n \t\t\tdefault:\n@@ -2339,12 +2368,21 @@ vhost_dequeue_offload_legacy(struct virtio_net_hdr *hdr, struct rte_mbuf *m)\n \t\tswitch (hdr->gso_type & ~VIRTIO_NET_HDR_GSO_ECN) {\n \t\tcase VIRTIO_NET_HDR_GSO_TCPV4:\n \t\tcase VIRTIO_NET_HDR_GSO_TCPV6:\n+\t\t\tif (l4_proto != IPPROTO_TCP ||\n+\t\t\t\tlen < sizeof(struct rte_tcp_hdr))\n+\t\t\t\tbreak;\n \t\t\ttcp_hdr = l4_hdr;\n+\t\t\ttcp_len = (tcp_hdr->data_off & 0xf0) >> 2;\n+\t\t\tif (len < tcp_len)\n+\t\t\t\tbreak;\n \t\t\tm->ol_flags |= PKT_TX_TCP_SEG;\n \t\t\tm->tso_segsz = hdr->gso_size;\n-\t\t\tm->l4_len = (tcp_hdr->data_off & 0xf0) >> 2;\n+\t\t\tm->l4_len = tcp_len;\n \t\t\tbreak;\n \t\tcase VIRTIO_NET_HDR_GSO_UDP:\n+\t\t\tif (l4_proto != IPPROTO_UDP ||\n+\t\t\t\tlen < sizeof(struct rte_udp_hdr))\n+\t\t\t\tbreak;\n \t\t\tm->ol_flags |= PKT_TX_UDP_SEG;\n \t\t\tm->tso_segsz = hdr->gso_size;\n \t\t\tm->l4_len = sizeof(struct rte_udp_hdr);\n",
    "prefixes": [
        "v4"
    ]
}