1. Patchew
  2. QEMU
  3. View series

[RFC PATCH-for-5.2 0/2] net: Do not accept packets with invalid huge size

Philippe Mathieu-Daudé posted 2 patches 3 years, 4 months ago
Test checkpatch passed
Patches applied successfully (tree, apply log)
git fetch https://github.com/patchew-project/qemu tags/patchew/20201127154524.1902024-1-philmd@redhat.com
net/net.c   | 4 ++++
net/queue.c | 7 +++++++
2 files changed, 11 insertions(+)
[RFC PATCH-for-5.2 0/2] net: Do not accept packets with invalid huge size
Posted by Philippe Mathieu-Daudé 3 years, 4 months ago 
Hi,

This is a simple attempt to avoid the following pattern:

  ssize_t pkt_size = get_pkt_size(); // returns errno

  // no check

  send_packet(size_t size=pkt_size); // size casted to unsigned
                                     // -> overflow

Regards,

Phil.

Philippe Mathieu-Daudé (2):
  net: Do not accept packets bigger then NET_BUFSIZE
  net: Assert no packet bigger than NET_BUFSIZE is queued

 net/net.c   | 4 ++++
 net/queue.c | 7 +++++++
 2 files changed, 11 insertions(+)

-- 
2.26.2
Re: [RFC PATCH-for-5.2 0/2] net: Do not accept packets with invalid huge size
Posted by Philippe Mathieu-Daudé 3 years, 4 months ago 
On 11/27/20 4:45 PM, Philippe Mathieu-Daudé wrote:
> Hi,
> 
> This is a simple attempt to avoid the following pattern:
> 
>   ssize_t pkt_size = get_pkt_size(); // returns errno

Sorry, I meant: returns "-errno" (< 0).

> 
>   // no check
> 
>   send_packet(size_t size=pkt_size); // size casted to unsigned
>                                      // -> overflow
> 
> Regards,
> 
> Phil.
> 
> Philippe Mathieu-Daudé (2):
>   net: Do not accept packets bigger then NET_BUFSIZE
>   net: Assert no packet bigger than NET_BUFSIZE is queued
> 
>  net/net.c   | 4 ++++
>  net/queue.c | 7 +++++++
>  2 files changed, 11 insertions(+)
>
Re: [RFC PATCH-for-5.2 0/2] net: Do not accept packets with invalid huge size
Posted by Peter Maydell 3 years, 4 months ago 
On Fri, 27 Nov 2020 at 15:45, Philippe Mathieu-Daudé <philmd@redhat.com> wrote:
>
> Hi,
>
> This is a simple attempt to avoid the following pattern:
>
>   ssize_t pkt_size = get_pkt_size(); // returns errno
>
>   // no check
>
>   send_packet(size_t size=pkt_size); // size casted to unsigned
>                                      // -> overflow

"RFC" and "for-5.2" are not a great combination at this point :-(
What are the consequences if we don't put this patchset in 5.2?

thanks
-- PMM
Re: [RFC PATCH-for-5.2 0/2] net: Do not accept packets with invalid huge size
Posted by Philippe Mathieu-Daudé 3 years, 4 months ago 
On 11/28/20 9:59 PM, Peter Maydell wrote:
> On Fri, 27 Nov 2020 at 15:45, Philippe Mathieu-Daudé <philmd@redhat.com> wrote:
>>
>> Hi,
>>
>> This is a simple attempt to avoid the following pattern:
>>
>>   ssize_t pkt_size = get_pkt_size(); // returns errno
>>
>>   // no check
>>
>>   send_packet(size_t size=pkt_size); // size casted to unsigned
>>                                      // -> overflow
> 
> "RFC" and "for-5.2" are not a great combination at this point :-(

"RFC" because I don't understand all the effects this assert
can have. "for-5.2" because it was raised as a security bug,
but I don't have access to the information, so I can not see
the big picture.

> What are the consequences if we don't put this patchset in 5.2?

Jason suggested to postpone this. If this is security important,
we can release a 5.2.1-stable tag early I suppose.

Regards,

Phil.

Patchew 2.1-devel-0870f84

© 2016 - 2024 Red Hat, Inc.