1. Patchew
  2. QEMU
  3. View series

[PATCH v6 0/7] net/eth: Fix stack-buffer-overflow in _eth_get_rss_ex_dst_addr()

Philippe Mathieu-Daudé posted 7 patches 3 years, 1 month ago
Test checkpatch passed
Patches applied successfully (tree, apply log)
git fetch https://github.com/patchew-project/qemu tags/patchew/20210310183123.1212612-1-philmd@redhat.com
net/eth.c                      | 46 ++++++++++++++---------------
tests/qtest/fuzz-e1000e-test.c | 53 ++++++++++++++++++++++++++++++++++
MAINTAINERS                    |  1 +
tests/qtest/meson.build        |  1 +
4 files changed, 78 insertions(+), 23 deletions(-)
create mode 100644 tests/qtest/fuzz-e1000e-test.c
[PATCH v6 0/7] net/eth: Fix stack-buffer-overflow in _eth_get_rss_ex_dst_addr()
Posted by Philippe Mathieu-Daudé 3 years, 1 month ago 
I had a look at the patch from Miroslav trying to silence a
compiler warning which in fact is a nasty bug. Here is a fix.
https://www.mail-archive.com/qemu-devel@nongnu.org/msg772735.html

Since v5:
- addressed Stefano's review comments:
- add now patch fixing in6_address offset

Since v4:
- reworked again, tested it with Fedora Raw Hide

Philippe Mathieu-Daudé (7):
  net/eth: Use correct in6_address offset in _eth_get_rss_ex_dst_addr()
  net/eth: Simplify _eth_get_rss_ex_dst_addr()
  net/eth: Better describe _eth_get_rss_ex_dst_addr's offset argument
  net/eth: Check size earlier in _eth_get_rss_ex_dst_addr()
  net/eth: Check iovec has enough data earlier
  net/eth: Read ip6_ext_hdr_routing buffer before accessing it
  net/eth: Add an assert() and invert if() statement to simplify code

 net/eth.c                      | 46 ++++++++++++++---------------
 tests/qtest/fuzz-e1000e-test.c | 53 ++++++++++++++++++++++++++++++++++
 MAINTAINERS                    |  1 +
 tests/qtest/meson.build        |  1 +
 4 files changed, 78 insertions(+), 23 deletions(-)
 create mode 100644 tests/qtest/fuzz-e1000e-test.c

-- 
2.26.2
Re: [PATCH v6 0/7] net/eth: Fix stack-buffer-overflow in _eth_get_rss_ex_dst_addr()
Posted by Miroslav Rezanina 3 years, 1 month ago 
----- Original Message -----
> From: "Philippe Mathieu-Daudé" <philmd@redhat.com>
> To: qemu-devel@nongnu.org
> Cc: "Jason Wang" <jasowang@redhat.com>, "Stefano Garzarella" <sgarzare@redhat.com>, "Thomas Huth" <thuth@redhat.com>,
> "Miroslav Rezanina" <mrezanin@redhat.com>, "Dmitry Fleytman" <dmitry.fleytman@gmail.com>, "Paolo Bonzini"
> <pbonzini@redhat.com>, "Laurent Vivier" <lvivier@redhat.com>, "Philippe Mathieu-Daudé" <philmd@redhat.com>
> Sent: Wednesday, March 10, 2021 7:31:16 PM
> Subject: [PATCH v6 0/7] net/eth: Fix stack-buffer-overflow in _eth_get_rss_ex_dst_addr()
> 
> I had a look at the patch from Miroslav trying to silence a
> compiler warning which in fact is a nasty bug. Here is a fix.
> https://www.mail-archive.com/qemu-devel@nongnu.org/msg772735.html
>

Reviewed-by: Miroslav Rezanina <mrezanin@redhat.com>
 
> Since v5:
> - addressed Stefano's review comments:
> - add now patch fixing in6_address offset
> 
> Since v4:
> - reworked again, tested it with Fedora Raw Hide
> 
> Philippe Mathieu-Daudé (7):
>   net/eth: Use correct in6_address offset in _eth_get_rss_ex_dst_addr()
>   net/eth: Simplify _eth_get_rss_ex_dst_addr()
>   net/eth: Better describe _eth_get_rss_ex_dst_addr's offset argument
>   net/eth: Check size earlier in _eth_get_rss_ex_dst_addr()
>   net/eth: Check iovec has enough data earlier
>   net/eth: Read ip6_ext_hdr_routing buffer before accessing it
>   net/eth: Add an assert() and invert if() statement to simplify code
> 
>  net/eth.c                      | 46 ++++++++++++++---------------
>  tests/qtest/fuzz-e1000e-test.c | 53 ++++++++++++++++++++++++++++++++++
>  MAINTAINERS                    |  1 +
>  tests/qtest/meson.build        |  1 +
>  4 files changed, 78 insertions(+), 23 deletions(-)
>  create mode 100644 tests/qtest/fuzz-e1000e-test.c
> 
> --
> 2.26.2
> 
> 
> 

-- 
Miroslav Rezanina
Software Engineer - Virtualization Team Maintainer
Re: [PATCH v6 0/7] net/eth: Fix stack-buffer-overflow in _eth_get_rss_ex_dst_addr()
Posted by Jason Wang 3 years, 1 month ago 
在 2021/3/11 上午2:31, Philippe Mathieu-Daudé 写道:
> I had a look at the patch from Miroslav trying to silence a
> compiler warning which in fact is a nasty bug. Here is a fix.
> https://www.mail-archive.com/qemu-devel@nongnu.org/msg772735.html
>
> Since v5:
> - addressed Stefano's review comments:
> - add now patch fixing in6_address offset
>
> Since v4:
> - reworked again, tested it with Fedora Raw Hide
>
> Philippe Mathieu-Daudé (7):
>    net/eth: Use correct in6_address offset in _eth_get_rss_ex_dst_addr()
>    net/eth: Simplify _eth_get_rss_ex_dst_addr()
>    net/eth: Better describe _eth_get_rss_ex_dst_addr's offset argument
>    net/eth: Check size earlier in _eth_get_rss_ex_dst_addr()
>    net/eth: Check iovec has enough data earlier
>    net/eth: Read ip6_ext_hdr_routing buffer before accessing it
>    net/eth: Add an assert() and invert if() statement to simplify code
>
>   net/eth.c                      | 46 ++++++++++++++---------------
>   tests/qtest/fuzz-e1000e-test.c | 53 ++++++++++++++++++++++++++++++++++
>   MAINTAINERS                    |  1 +
>   tests/qtest/meson.build        |  1 +
>   4 files changed, 78 insertions(+), 23 deletions(-)
>   create mode 100644 tests/qtest/fuzz-e1000e-test.c


Applied.

Thanks


>

Patchew 2.1-devel-0870f84

© 2016 - 2024 Red Hat, Inc.