[v5] Fix possible OOB during queuing packets

[Qemu-devel] [PATCH V5 for 3.1 0/5] Fix possible OOB during queuing packets

Jason Wang posted 5 patches 5 years, 5 months ago

Diff against v1 v2 v3 v4
Download series mbox

Test asan passed

Test checkpatch passed

Test docker-quick@centos7 passed

Test docker-mingw@fedora passed

Test docker-clang@ubuntu passed

Patches applied successfully (tree, apply log)
git fetch https://github.com/patchew-project/qemu tags/patchew/20181204035347.6148-1-jasowang@redhat.com

include/net/net.h       |  6 ----
net/hub.c               |  3 +-
net/net.c               | 28 +++++++++++-------
tests/virtio-net-test.c | 64 ++++++++++++++++++++++++++++++++++++-----
4 files changed, 76 insertions(+), 25 deletions(-)

Expand all Fold all

[Qemu-devel] [PATCH V5 for 3.1 0/5] Fix possible OOB during queuing packets

Posted by Jason Wang 5 years, 5 months ago

Hi:

This series tries to fix a possible OOB during queueing packets
through qemu_net_queue_append_iov(). This could happen when it tries
to queue a packet whose size is larger than INT_MAX which may lead
integer overflow. We've fixed similar issue in the past during
qemu_net_queue_deliver_iov() by ignoring large packets there. Let's
just move the check earlier to qemu_sendv_packet_async() and reduce
the limitation to NET_BUFSIZE. A simple qtest were also added this.

Please review.

Thanks

Changes from V1:
- slient compiling warnings
Changes from V2:
- annotate pci_test_start() with GCC_FMT_ATTR()
- drop intermediate cmd string variable
Changes from V4:
- silent hub warning if qtest is enabled
- make qemu_deliver_packet_iov() static
- add one more test for packet size slightly greater than NET_BUFSIZE
- tweak the commit log and add more justification
- typo/whitespace fixes and other minor code style tweaks

Jason Wang (5):
  net: drop too large packet early
  net: hub: suppress warnings of no host network for qtest
  virtio-net-test: accept variable length argument in pci_test_start()
  virtio-net-test: remove unused macro
  virtio-net-test: add large tx buffer test

 include/net/net.h       |  6 ----
 net/hub.c               |  3 +-
 net/net.c               | 28 +++++++++++-------
 tests/virtio-net-test.c | 64 ++++++++++++++++++++++++++++++++++++-----
 4 files changed, 76 insertions(+), 25 deletions(-)

-- 
2.17.1

Re: [Qemu-devel] [PATCH V5 for 3.1 0/5] Fix possible OOB during queuing packets

Posted by Peter Maydell 5 years, 5 months ago

On Tue, 4 Dec 2018 at 03:54, Jason Wang <jasowang@redhat.com> wrote:
>
> Hi:
>
> This series tries to fix a possible OOB during queueing packets
> through qemu_net_queue_append_iov(). This could happen when it tries
> to queue a packet whose size is larger than INT_MAX which may lead
> integer overflow. We've fixed similar issue in the past during
> qemu_net_queue_deliver_iov() by ignoring large packets there. Let's
> just move the check earlier to qemu_sendv_packet_async() and reduce
> the limitation to NET_BUFSIZE. A simple qtest were also added this.
>
> Please review.
>
> Thanks
>
> Changes from V1:
> - slient compiling warnings
> Changes from V2:
> - annotate pci_test_start() with GCC_FMT_ATTR()
> - drop intermediate cmd string variable
> Changes from V4:
> - silent hub warning if qtest is enabled
> - make qemu_deliver_packet_iov() static
> - add one more test for packet size slightly greater than NET_BUFSIZE
> - tweak the commit log and add more justification
> - typo/whitespace fixes and other minor code style tweaks
>
> Jason Wang (5):
>   net: drop too large packet early
>   net: hub: suppress warnings of no host network for qtest
>   virtio-net-test: accept variable length argument in pci_test_start()
>   virtio-net-test: remove unused macro
>   virtio-net-test: add large tx buffer test

Applied, thanks.

-- PMM