Patch Detail
get:
Show a patch.
patch:
Update a patch.
put:
Update a patch.
GET /api/patches/94617/?format=api
{ "id": 94617, "url": "https://patches.dpdk.org/api/patches/94617/?format=api", "web_url": "https://patches.dpdk.org/project/dpdk/patch/20210621082104.76733-1-xiao.w.wang@intel.com/", "project": { "id": 1, "url": "https://patches.dpdk.org/api/projects/1/?format=api", "name": "DPDK", "link_name": "dpdk", "list_id": "dev.dpdk.org", "list_email": "dev@dpdk.org", "web_url": "http://core.dpdk.org", "scm_url": "git://dpdk.org/dpdk", "webscm_url": "http://git.dpdk.org/dpdk", "list_archive_url": "https://inbox.dpdk.org/dev", "list_archive_url_format": "https://inbox.dpdk.org/dev/{}", "commit_url_format": "" }, "msgid": "<20210621082104.76733-1-xiao.w.wang@intel.com>", "list_archive_url": "https://inbox.dpdk.org/dev/20210621082104.76733-1-xiao.w.wang@intel.com", "date": "2021-06-21T08:21:04", "name": "[v5] vhost: check header for legacy dequeue offload", "commit_ref": null, "pull_url": null, "state": "accepted", "archived": true, "hash": "b7876fb3d8b7752d56f577ca210961a9375d5db5", "submitter": { "id": 281, "url": "https://patches.dpdk.org/api/people/281/?format=api", "name": "Xiao Wang", "email": "xiao.w.wang@intel.com" }, "delegate": { "id": 2642, "url": "https://patches.dpdk.org/api/users/2642/?format=api", "username": "mcoquelin", "first_name": "Maxime", "last_name": "Coquelin", "email": "maxime.coquelin@redhat.com" }, "mbox": "https://patches.dpdk.org/project/dpdk/patch/20210621082104.76733-1-xiao.w.wang@intel.com/mbox/", "series": [ { "id": 17422, "url": "https://patches.dpdk.org/api/series/17422/?format=api", "web_url": "https://patches.dpdk.org/project/dpdk/list/?series=17422", "date": "2021-06-21T08:21:04", "name": "[v5] vhost: check header for legacy dequeue offload", "version": 5, "mbox": "https://patches.dpdk.org/series/17422/mbox/" } ], "comments": "https://patches.dpdk.org/api/patches/94617/comments/", "check": "fail", "checks": "https://patches.dpdk.org/api/patches/94617/checks/", "tags": {}, "related": [], "headers": { "Return-Path": "<dev-bounces@dpdk.org>", "X-Original-To": "patchwork@inbox.dpdk.org", "Delivered-To": "patchwork@inbox.dpdk.org", "Received": [ "from mails.dpdk.org (mails.dpdk.org [217.70.189.124])\n\tby inbox.dpdk.org (Postfix) with ESMTP id 3250CA0547;\n\tMon, 21 Jun 2021 10:52:32 +0200 (CEST)", "from [217.70.189.124] (localhost [127.0.0.1])\n\tby mails.dpdk.org (Postfix) with ESMTP id 1946E41193;\n\tMon, 21 Jun 2021 10:52:32 +0200 (CEST)", "from mga09.intel.com (mga09.intel.com [134.134.136.24])\n by mails.dpdk.org (Postfix) with ESMTP id E70E341163;\n Mon, 21 Jun 2021 10:52:29 +0200 (CEST)", "from orsmga008.jf.intel.com ([10.7.209.65])\n by orsmga102.jf.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384;\n 21 Jun 2021 01:52:27 -0700", "from dpdk-xiao1.sh.intel.com ([10.67.110.226])\n by orsmga008.jf.intel.com with ESMTP; 21 Jun 2021 01:52:25 -0700" ], "IronPort-SDR": [ "\n vYHIPwcGvHKVcRm8Y3RIuvdUon5LbhaPQ2r3LdGhnBEF+sRMrLkr1r/OtT1TjIFH0tJSwXqE9k\n 46tbkY0zCJzA==", "\n IyZiqgjnt1oPJ7Paqix9mrscN6i8TGZeV3LhbuELayDpuro2hYYJ5GZC6V1y26PhqnVYvJeuVK\n DPATREOe+nrg==" ], "X-IronPort-AV": [ "E=McAfee;i=\"6200,9189,10021\"; a=\"206750942\"", "E=Sophos;i=\"5.83,289,1616482800\"; d=\"scan'208\";a=\"206750942\"", "E=Sophos;i=\"5.83,289,1616482800\"; d=\"scan'208\";a=\"452114783\"" ], "X-ExtLoop1": "1", "From": "Xiao Wang <xiao.w.wang@intel.com>", "To": "maxime.coquelin@redhat.com, chenbo.xia@intel.com,\n david.marchand@redhat.com", "Cc": "cheng1.jiang@intel.com, dev@dpdk.org, Xiao Wang <xiao.w.wang@intel.com>,\n stable@dpdk.org", "Date": "Mon, 21 Jun 2021 16:21:04 +0800", "Message-Id": "<20210621082104.76733-1-xiao.w.wang@intel.com>", "X-Mailer": "git-send-email 2.15.1", "In-Reply-To": "<20210317063109.135662-1-xiao.w.wang@intel.com>", "References": "<20210317063109.135662-1-xiao.w.wang@intel.com>", "Subject": "[dpdk-dev] [PATCH v5] vhost: check header for legacy dequeue offload", "X-BeenThere": "dev@dpdk.org", "X-Mailman-Version": "2.1.29", "Precedence": "list", "List-Id": "DPDK patches and discussions <dev.dpdk.org>", "List-Unsubscribe": "<https://mails.dpdk.org/options/dev>,\n <mailto:dev-request@dpdk.org?subject=unsubscribe>", "List-Archive": "<http://mails.dpdk.org/archives/dev/>", "List-Post": "<mailto:dev@dpdk.org>", "List-Help": "<mailto:dev-request@dpdk.org?subject=help>", "List-Subscribe": "<https://mails.dpdk.org/listinfo/dev>,\n <mailto:dev-request@dpdk.org?subject=subscribe>", "Errors-To": "dev-bounces@dpdk.org", "Sender": "\"dev\" <dev-bounces@dpdk.org>" }, "content": "When parsing the virtio net header and packet header for dequeue offload,\nwe need to perform sanity check on the packet header to ensure:\n - No out-of-boundary memory access.\n - The packet header and virtio_net header are valid and aligned.\n\nFixes: d0cf91303d73 (\"vhost: add Tx offload capabilities\")\nCc: stable@dpdk.org\n\nSigned-off-by: Xiao Wang <xiao.w.wang@intel.com>\n---\nv5:\n- Redefine the function parse_ethernet() to parse_headers(). (David)\n- Use mbuf helpers e.g. rte_pktmbuf_data_len() and rte_pktmbuf_mtod_offset(). (David)\n- Reset mbuf l2_len, l3_len and ol_flags when detecting anything invalid. (David)\n- Improve some check conditions. (David)\n- Move the data_len check for L4 header into parse_headers(), in order to avoid\n duplicated checks in CSUM and GSO.\n- Use uint8_t instead of uint16_t for l4_proto variable.\n- Detect more invalid corner cases.\n\nv4:\n- Rebase on head of main branch.\n- Allow empty L4 payload in GSO.\n\nv3:\n- Check data_len before calling rte_pktmbuf_mtod. (David)\n\nv2:\n- Allow empty L4 payload for cksum offload. (Konstantin)\n---\n lib/vhost/virtio_net.c | 117 +++++++++++++++++++++++++++++++++++++------------\n 1 file changed, 89 insertions(+), 28 deletions(-)", "diff": "diff --git a/lib/vhost/virtio_net.c b/lib/vhost/virtio_net.c\nindex 8da8a86a10..fb21b56558 100644\n--- a/lib/vhost/virtio_net.c\n+++ b/lib/vhost/virtio_net.c\n@@ -2259,14 +2259,17 @@ virtio_net_with_host_offload(struct virtio_net *dev)\n \treturn false;\n }\n \n-static void\n-parse_ethernet(struct rte_mbuf *m, uint16_t *l4_proto, void **l4_hdr)\n+static int\n+parse_headers(struct rte_mbuf *m, uint8_t *l4_proto)\n {\n \tstruct rte_ipv4_hdr *ipv4_hdr;\n \tstruct rte_ipv6_hdr *ipv6_hdr;\n-\tvoid *l3_hdr = NULL;\n \tstruct rte_ether_hdr *eth_hdr;\n \tuint16_t ethertype;\n+\tuint16_t data_len = rte_pktmbuf_data_len(m);\n+\n+\tif (data_len < sizeof(struct rte_ether_hdr))\n+\t\treturn -EINVAL;\n \n \teth_hdr = rte_pktmbuf_mtod(m, struct rte_ether_hdr *);\n \n@@ -2274,6 +2277,10 @@ parse_ethernet(struct rte_mbuf *m, uint16_t *l4_proto, void **l4_hdr)\n \tethertype = rte_be_to_cpu_16(eth_hdr->ether_type);\n \n \tif (ethertype == RTE_ETHER_TYPE_VLAN) {\n+\t\tif (data_len < sizeof(struct rte_ether_hdr) +\n+\t\t\t\tsizeof(struct rte_vlan_hdr))\n+\t\t\tgoto error;\n+\n \t\tstruct rte_vlan_hdr *vlan_hdr =\n \t\t\t(struct rte_vlan_hdr *)(eth_hdr + 1);\n \n@@ -2281,70 +2288,118 @@ parse_ethernet(struct rte_mbuf *m, uint16_t *l4_proto, void **l4_hdr)\n \t\tethertype = rte_be_to_cpu_16(vlan_hdr->eth_proto);\n \t}\n \n-\tl3_hdr = (char *)eth_hdr + m->l2_len;\n-\n \tswitch (ethertype) {\n \tcase RTE_ETHER_TYPE_IPV4:\n-\t\tipv4_hdr = l3_hdr;\n-\t\t*l4_proto = ipv4_hdr->next_proto_id;\n+\t\tif (data_len < m->l2_len + sizeof(struct rte_ipv4_hdr))\n+\t\t\tgoto error;\n+\t\tipv4_hdr = rte_pktmbuf_mtod_offset(m, struct rte_ipv4_hdr *,\n+\t\t\t\tm->l2_len);\n \t\tm->l3_len = rte_ipv4_hdr_len(ipv4_hdr);\n-\t\t*l4_hdr = (char *)l3_hdr + m->l3_len;\n+\t\tif (data_len < m->l2_len + m->l3_len)\n+\t\t\tgoto error;\n \t\tm->ol_flags |= PKT_TX_IPV4;\n+\t\t*l4_proto = ipv4_hdr->next_proto_id;\n \t\tbreak;\n \tcase RTE_ETHER_TYPE_IPV6:\n-\t\tipv6_hdr = l3_hdr;\n-\t\t*l4_proto = ipv6_hdr->proto;\n+\t\tif (data_len < m->l2_len + sizeof(struct rte_ipv6_hdr))\n+\t\t\tgoto error;\n+\t\tipv6_hdr = rte_pktmbuf_mtod_offset(m, struct rte_ipv6_hdr *,\n+\t\t\t\tm->l2_len);\n \t\tm->l3_len = sizeof(struct rte_ipv6_hdr);\n-\t\t*l4_hdr = (char *)l3_hdr + m->l3_len;\n \t\tm->ol_flags |= PKT_TX_IPV6;\n+\t\t*l4_proto = ipv6_hdr->proto;\n \t\tbreak;\n \tdefault:\n-\t\tm->l3_len = 0;\n-\t\t*l4_proto = 0;\n-\t\t*l4_hdr = NULL;\n+\t\t/* a valid L3 header is needed for further L4 parsing */\n+\t\tgoto error;\n+\t}\n+\n+\t/* both CSUM and GSO need a valid L4 header */\n+\tswitch (*l4_proto) {\n+\tcase IPPROTO_TCP:\n+\t\tif (data_len < m->l2_len + m->l3_len +\n+\t\t\t\tsizeof(struct rte_tcp_hdr))\n+\t\t\tgoto error;\n+\t\tbreak;\n+\tcase IPPROTO_UDP:\n+\t\tif (data_len < m->l2_len + m->l3_len +\n+\t\t\t\tsizeof(struct rte_udp_hdr))\n+\t\t\tgoto error;\n \t\tbreak;\n+\tcase IPPROTO_SCTP:\n+\t\tif (data_len < m->l2_len + m->l3_len +\n+\t\t\t\tsizeof(struct rte_sctp_hdr))\n+\t\t\tgoto error;\n+\t\tbreak;\n+\tdefault:\n+\t\tgoto error;\n \t}\n+\n+\treturn 0;\n+\n+error:\n+\tm->l2_len = 0;\n+\tm->l3_len = 0;\n+\tm->ol_flags = 0;\n+\treturn -EINVAL;\n }\n \n static __rte_always_inline void\n vhost_dequeue_offload_legacy(struct virtio_net_hdr *hdr, struct rte_mbuf *m)\n {\n-\tuint16_t l4_proto = 0;\n-\tvoid *l4_hdr = NULL;\n+\tuint8_t l4_proto = 0;\n \tstruct rte_tcp_hdr *tcp_hdr = NULL;\n+\tuint16_t tcp_len;\n+\tuint16_t data_len = rte_pktmbuf_data_len(m);\n+\n+\tif (parse_headers(m, &l4_proto) < 0)\n+\t\treturn;\n \n-\tparse_ethernet(m, &l4_proto, &l4_hdr);\n \tif (hdr->flags == VIRTIO_NET_HDR_F_NEEDS_CSUM) {\n \t\tif (hdr->csum_start == (m->l2_len + m->l3_len)) {\n \t\t\tswitch (hdr->csum_offset) {\n \t\t\tcase (offsetof(struct rte_tcp_hdr, cksum)):\n-\t\t\t\tif (l4_proto == IPPROTO_TCP)\n-\t\t\t\t\tm->ol_flags |= PKT_TX_TCP_CKSUM;\n+\t\t\t\tif (l4_proto != IPPROTO_TCP)\n+\t\t\t\t\tgoto error;\n+\t\t\t\tm->ol_flags |= PKT_TX_TCP_CKSUM;\n \t\t\t\tbreak;\n \t\t\tcase (offsetof(struct rte_udp_hdr, dgram_cksum)):\n-\t\t\t\tif (l4_proto == IPPROTO_UDP)\n-\t\t\t\t\tm->ol_flags |= PKT_TX_UDP_CKSUM;\n+\t\t\t\tif (l4_proto != IPPROTO_UDP)\n+\t\t\t\t\tgoto error;\n+\t\t\t\tm->ol_flags |= PKT_TX_UDP_CKSUM;\n \t\t\t\tbreak;\n \t\t\tcase (offsetof(struct rte_sctp_hdr, cksum)):\n-\t\t\t\tif (l4_proto == IPPROTO_SCTP)\n-\t\t\t\t\tm->ol_flags |= PKT_TX_SCTP_CKSUM;\n+\t\t\t\tif (l4_proto != IPPROTO_SCTP)\n+\t\t\t\t\tgoto error;\n+\t\t\t\tm->ol_flags |= PKT_TX_SCTP_CKSUM;\n \t\t\t\tbreak;\n \t\t\tdefault:\n-\t\t\t\tbreak;\n+\t\t\t\tgoto error;\n \t\t\t}\n+\t\t} else {\n+\t\t\tgoto error;\n \t\t}\n \t}\n \n-\tif (l4_hdr && hdr->gso_type != VIRTIO_NET_HDR_GSO_NONE) {\n+\tif (hdr->gso_type != VIRTIO_NET_HDR_GSO_NONE) {\n \t\tswitch (hdr->gso_type & ~VIRTIO_NET_HDR_GSO_ECN) {\n \t\tcase VIRTIO_NET_HDR_GSO_TCPV4:\n \t\tcase VIRTIO_NET_HDR_GSO_TCPV6:\n-\t\t\ttcp_hdr = l4_hdr;\n+\t\t\tif (l4_proto != IPPROTO_TCP)\n+\t\t\t\tgoto error;\n+\t\t\ttcp_hdr = rte_pktmbuf_mtod_offset(m,\n+\t\t\t\t\tstruct rte_tcp_hdr *,\n+\t\t\t\t\tm->l2_len + m->l3_len);\n+\t\t\ttcp_len = (tcp_hdr->data_off & 0xf0) >> 2;\n+\t\t\tif (data_len < m->l2_len + m->l3_len + tcp_len)\n+\t\t\t\tgoto error;\n \t\t\tm->ol_flags |= PKT_TX_TCP_SEG;\n \t\t\tm->tso_segsz = hdr->gso_size;\n-\t\t\tm->l4_len = (tcp_hdr->data_off & 0xf0) >> 2;\n+\t\t\tm->l4_len = tcp_len;\n \t\t\tbreak;\n \t\tcase VIRTIO_NET_HDR_GSO_UDP:\n+\t\t\tif (l4_proto != IPPROTO_UDP)\n+\t\t\t\tgoto error;\n \t\t\tm->ol_flags |= PKT_TX_UDP_SEG;\n \t\t\tm->tso_segsz = hdr->gso_size;\n \t\t\tm->l4_len = sizeof(struct rte_udp_hdr);\n@@ -2352,9 +2407,15 @@ vhost_dequeue_offload_legacy(struct virtio_net_hdr *hdr, struct rte_mbuf *m)\n \t\tdefault:\n \t\t\tVHOST_LOG_DATA(WARNING,\n \t\t\t\t\"unsupported gso type %u.\\n\", hdr->gso_type);\n-\t\t\tbreak;\n+\t\t\tgoto error;\n \t\t}\n \t}\n+\treturn;\n+\n+error:\n+\tm->l2_len = 0;\n+\tm->l3_len = 0;\n+\tm->ol_flags = 0;\n }\n \n static __rte_always_inline void\n", "prefixes": [ "v5" ] }