diff mbox series

[v1] net/tap: fix buffer overflow for ptypes list

Message ID 20231212143722.1803259-1-venkatx.sivaramakrishnan@intel.com (mailing list archive)
State Superseded, archived
Delegated to: Ferruh Yigit
Headers
Series [v1] net/tap: fix buffer overflow for ptypes list |

Checks

Context Check Description
ci/checkpatch success coding style OK
ci/loongarch-compilation success Compilation OK
ci/loongarch-unit-testing success Unit Testing PASS
ci/github-robot: build success github build: passed
ci/iol-intel-Performance success Performance Testing PASS
ci/iol-broadcom-Performance success Performance Testing PASS
ci/iol-intel-Functional success Functional Testing PASS
ci/iol-mellanox-Performance success Performance Testing PASS
ci/iol-abi-testing success Testing PASS
ci/iol-broadcom-Functional success Functional Testing PASS
ci/iol-compile-amd64-testing success Testing PASS
ci/iol-sample-apps-testing success Testing PASS
ci/iol-unit-amd64-testing success Testing PASS
ci/iol-unit-arm64-testing success Testing PASS
ci/iol-compile-arm64-testing success Testing PASS

Commit Message

Sivaramakrishnan Venkat Dec. 12, 2023, 2:37 p.m. UTC 
  Incorrect ptypes list causes buffer overflow for Address Sanitizer
run and a tap device. The last element in the ptypes lists to be
to "RTE_PTYPE_UNKNOWN" for rte_eth_dev_get_supported_ptypes().
In rte_eth_dev_get_supported_ptypes(), the loop iterates until it
finds "RTE_PTYPE_UNKNOWN" to detect last element of the ptypes array.
Fix tap_dev_supported_ptypes_get() method to return correct lists.

Fixes: 0849ac3b6122 ("net/tap: add packet type management")
Cc: stable@dpdk.org

Signed-off-by: Sivaramakrishnan Venkat <venkatx.sivaramakrishnan@intel.com>
---
 drivers/net/tap/rte_eth_tap.c | 1 +
 1 file changed, 1 insertion(+)

Comments

Ferruh Yigit Dec. 12, 2023, 3:23 p.m. UTC | #1 
On 12/12/2023 2:37 PM, Sivaramakrishnan Venkat wrote:
> Incorrect ptypes list causes buffer overflow for Address Sanitizer
> run and a tap device. The last element in the ptypes lists to be
> to "RTE_PTYPE_UNKNOWN" for rte_eth_dev_get_supported_ptypes().
> In rte_eth_dev_get_supported_ptypes(), the loop iterates until it
> finds "RTE_PTYPE_UNKNOWN" to detect last element of the ptypes array.
> Fix tap_dev_supported_ptypes_get() method to return correct lists.
> 
> Fixes: 0849ac3b6122 ("net/tap: add packet type management")
> Cc: stable@dpdk.org
> 
> Signed-off-by: Sivaramakrishnan Venkat <venkatx.sivaramakrishnan@intel.com>
> ---
>  drivers/net/tap/rte_eth_tap.c | 1 +
>  1 file changed, 1 insertion(+)
> 
> diff --git a/drivers/net/tap/rte_eth_tap.c b/drivers/net/tap/rte_eth_tap.c
> index b41fa971cb..3fa03cdbee 100644
> --- a/drivers/net/tap/rte_eth_tap.c
> +++ b/drivers/net/tap/rte_eth_tap.c
> @@ -1803,6 +1803,7 @@ tap_dev_supported_ptypes_get(struct rte_eth_dev *dev __rte_unused)
>  		RTE_PTYPE_L4_UDP,
>  		RTE_PTYPE_L4_TCP,
>  		RTE_PTYPE_L4_SCTP,
> +		RTE_PTYPE_UNKNOWN
>  	};
>  
>  	return ptypes;

Hi Sivaramakrishnan,

Patch looks good to me, thanks.

But there are multiple drivers have same problem, at least following
ones [1] (maintainers of them cc'ed).

Can you please send a new version that fixes all?


Also as we have already missed multiple ones, perhaps we can add a unit
test to 'app/test/test_ethdev_api.c' for this API.
I think there is no way to make sure if 'RTE_PTYPE_UNKNOWN' is added
(unless you find a way), but we can call the
'rte_eth_dev_get_supported_ptypes()' API and detect any crash in advance.

Can you add this kind of unit test as part of next patch?


[1]
mvneta
mvpp2
pfe
dpaa
nfp
diff mbox series

Patch

diff --git a/drivers/net/tap/rte_eth_tap.c b/drivers/net/tap/rte_eth_tap.c
index b41fa971cb..3fa03cdbee 100644
--- a/drivers/net/tap/rte_eth_tap.c
+++ b/drivers/net/tap/rte_eth_tap.c
@@ -1803,6 +1803,7 @@  tap_dev_supported_ptypes_get(struct rte_eth_dev *dev __rte_unused)
 		RTE_PTYPE_L4_UDP,
 		RTE_PTYPE_L4_TCP,
 		RTE_PTYPE_L4_SCTP,
+		RTE_PTYPE_UNKNOWN
 	};
 
 	return ptypes;