[v1] net/tap: fix buffer overflow for ptypes list
Checks
Commit Message
Incorrect ptypes list causes buffer overflow for Address Sanitizer
run and a tap device. The last element in the ptypes lists to be
to "RTE_PTYPE_UNKNOWN" for rte_eth_dev_get_supported_ptypes().
In rte_eth_dev_get_supported_ptypes(), the loop iterates until it
finds "RTE_PTYPE_UNKNOWN" to detect last element of the ptypes array.
Fix tap_dev_supported_ptypes_get() method to return correct lists.
Fixes: 0849ac3b6122 ("net/tap: add packet type management")
Cc: stable@dpdk.org
Signed-off-by: Sivaramakrishnan Venkat <venkatx.sivaramakrishnan@intel.com>
---
drivers/net/tap/rte_eth_tap.c | 1 +
1 file changed, 1 insertion(+)
Comments
On 12/12/2023 2:37 PM, Sivaramakrishnan Venkat wrote:
> Incorrect ptypes list causes buffer overflow for Address Sanitizer
> run and a tap device. The last element in the ptypes lists to be
> to "RTE_PTYPE_UNKNOWN" for rte_eth_dev_get_supported_ptypes().
> In rte_eth_dev_get_supported_ptypes(), the loop iterates until it
> finds "RTE_PTYPE_UNKNOWN" to detect last element of the ptypes array.
> Fix tap_dev_supported_ptypes_get() method to return correct lists.
>
> Fixes: 0849ac3b6122 ("net/tap: add packet type management")
> Cc: stable@dpdk.org
>
> Signed-off-by: Sivaramakrishnan Venkat <venkatx.sivaramakrishnan@intel.com>
> ---
> drivers/net/tap/rte_eth_tap.c | 1 +
> 1 file changed, 1 insertion(+)
>
> diff --git a/drivers/net/tap/rte_eth_tap.c b/drivers/net/tap/rte_eth_tap.c
> index b41fa971cb..3fa03cdbee 100644
> --- a/drivers/net/tap/rte_eth_tap.c
> +++ b/drivers/net/tap/rte_eth_tap.c
> @@ -1803,6 +1803,7 @@ tap_dev_supported_ptypes_get(struct rte_eth_dev *dev __rte_unused)
> RTE_PTYPE_L4_UDP,
> RTE_PTYPE_L4_TCP,
> RTE_PTYPE_L4_SCTP,
> + RTE_PTYPE_UNKNOWN
> };
>
> return ptypes;
Hi Sivaramakrishnan,
Patch looks good to me, thanks.
But there are multiple drivers have same problem, at least following
ones [1] (maintainers of them cc'ed).
Can you please send a new version that fixes all?
Also as we have already missed multiple ones, perhaps we can add a unit
test to 'app/test/test_ethdev_api.c' for this API.
I think there is no way to make sure if 'RTE_PTYPE_UNKNOWN' is added
(unless you find a way), but we can call the
'rte_eth_dev_get_supported_ptypes()' API and detect any crash in advance.
Can you add this kind of unit test as part of next patch?
[1]
mvneta
mvpp2
pfe
dpaa
nfp
@@ -1803,6 +1803,7 @@ tap_dev_supported_ptypes_get(struct rte_eth_dev *dev __rte_unused)
RTE_PTYPE_L4_UDP,
RTE_PTYPE_L4_TCP,
RTE_PTYPE_L4_SCTP,
+ RTE_PTYPE_UNKNOWN
};
return ptypes;