net: check the existence of peer before trying to pad

[PATCH for 6.0] net: check the existence of peer before trying to pad

Posted by Jason Wang 3 years ago

There could be case that peer is NULL. This can happen when during
network device hot-add where net device needs to be added first. So
the patch check the existence of peer before trying to do the pad.

Fixes: 969e50b61a285 ("net: Pad short frames to minimum size before sending from SLiRP/TAP")
Signed-off-by: Jason Wang <jasowang@redhat.com>
---
 include/net/net.h | 5 +++++
 net/slirp.c       | 2 +-
 net/tap-win32.c   | 2 +-
 net/tap.c         | 2 +-
 4 files changed, 8 insertions(+), 3 deletions(-)

diff --git a/include/net/net.h b/include/net/net.h
index eff24519d2..1ef536d771 100644
--- a/include/net/net.h
+++ b/include/net/net.h
@@ -241,4 +241,9 @@ uint32_t net_crc32_le(const uint8_t *p, int len);
     .offset     = vmstate_offset_macaddr(_state, _field),            \
 }
 
+static inline bool net_peer_needs_padding(NetClientState *nc)
+{
+  return nc->peer && !nc->peer->do_not_pad;
+}
+
 #endif
diff --git a/net/slirp.c b/net/slirp.c
index a01a0fccd3..7a4e96db5c 100644
--- a/net/slirp.c
+++ b/net/slirp.c
@@ -119,7 +119,7 @@ static ssize_t net_slirp_send_packet(const void *pkt, size_t pkt_len,
     uint8_t min_pkt[ETH_ZLEN];
     size_t min_pktsz = sizeof(min_pkt);
 
-    if (!s->nc.peer->do_not_pad) {
+    if (net_peer_needs_padding(&s->nc)) {
         if (eth_pad_short_frame(min_pkt, &min_pktsz, pkt, pkt_len)) {
             pkt = min_pkt;
             pkt_len = min_pktsz;
diff --git a/net/tap-win32.c b/net/tap-win32.c
index 897bd18e32..6096972f5d 100644
--- a/net/tap-win32.c
+++ b/net/tap-win32.c
@@ -696,7 +696,7 @@ static void tap_win32_send(void *opaque)
     if (size > 0) {
         orig_buf = buf;
 
-        if (!s->nc.peer->do_not_pad) {
+        if (net_peer_needs_padding(&s->nc)) {
             if (eth_pad_short_frame(min_pkt, &min_pktsz, buf, size)) {
                 buf = min_pkt;
                 size = min_pktsz;
diff --git a/net/tap.c b/net/tap.c
index 7d53cedaec..820872fde8 100644
--- a/net/tap.c
+++ b/net/tap.c
@@ -203,7 +203,7 @@ static void tap_send(void *opaque)
             size -= s->host_vnet_hdr_len;
         }
 
-        if (!s->nc.peer->do_not_pad) {
+        if (net_peer_needs_padding(&s->nc)) {
             if (eth_pad_short_frame(min_pkt, &min_pktsz, buf, size)) {
                 buf = min_pkt;
                 size = min_pktsz;
-- 
2.25.1

Re: [PATCH for 6.0] net: check the existence of peer before trying to pad

Posted by Bin Meng 3 years ago

On Fri, Apr 23, 2021 at 11:18 AM Jason Wang <jasowang@redhat.com> wrote:
>
> There could be case that peer is NULL. This can happen when during
> network device hot-add where net device needs to be added first. So
> the patch check the existence of peer before trying to do the pad.
>
> Fixes: 969e50b61a285 ("net: Pad short frames to minimum size before sending from SLiRP/TAP")
> Signed-off-by: Jason Wang <jasowang@redhat.com>
> ---
>  include/net/net.h | 5 +++++
>  net/slirp.c       | 2 +-
>  net/tap-win32.c   | 2 +-
>  net/tap.c         | 2 +-
>  4 files changed, 8 insertions(+), 3 deletions(-)
>

Reviewed-by: Bin Meng <bmeng.cn@gmail.com>

Re: [PATCH for 6.0] net: check the existence of peer before trying to pad

Posted by Stefan Weil 3 years ago

Am 23.04.21 um 05:18 schrieb Jason Wang:

> There could be case that peer is NULL. This can happen when during
> network device hot-add where net device needs to be added first. So
> the patch check the existence of peer before trying to do the pad.
>
> Fixes: 969e50b61a285 ("net: Pad short frames to minimum size before sending from SLiRP/TAP")
> Signed-off-by: Jason Wang <jasowang@redhat.com>
> ---
>   include/net/net.h | 5 +++++
>   net/slirp.c       | 2 +-
>   net/tap-win32.c   | 2 +-
>   net/tap.c         | 2 +-
>   4 files changed, 8 insertions(+), 3 deletions(-)
>
> diff --git a/include/net/net.h b/include/net/net.h
> index eff24519d2..1ef536d771 100644
> --- a/include/net/net.h
> +++ b/include/net/net.h
> @@ -241,4 +241,9 @@ uint32_t net_crc32_le(const uint8_t *p, int len);
>       .offset     = vmstate_offset_macaddr(_state, _field),           
 \
>   }
>   
> +static inline bool net_peer_needs_padding(NetClientState *nc)
> +{
> +  return nc->peer && !nc->peer->do_not_pad;
> +}
> +
>   #endif
> diff --git a/net/slirp.c b/net/slirp.c
> index a01a0fccd3..7a4e96db5c 100644
> --- a/net/slirp.c
> +++ b/net/slirp.c
> @@ -119,7 +119,7 @@ static ssize_t net_slirp_send_packet(const void *pkt, size_t pkt_len,
>       uint8_t min_pkt[ETH_ZLEN];
>       size_t min_pktsz = sizeof(min_pkt);
>   
> -    if (!s->nc.peer->do_not_pad) {
> +    if (net_peer_needs_padding(&s->nc)) {
>           if (eth_pad_short_frame(min_pkt, &min_pktsz, pkt, pkt_len)) {
>               pkt = min_pkt;
>               pkt_len = min_pktsz;
> diff --git a/net/tap-win32.c b/net/tap-win32.c
> index 897bd18e32..6096972f5d 100644
> --- a/net/tap-win32.c
> +++ b/net/tap-win32.c
> @@ -696,7 +696,7 @@ static void tap_win32_send(void *opaque)
>       if (size > 0) {
>           orig_buf = buf;
>   
> -        if (!s->nc.peer->do_not_pad) {
> +        if (net_peer_needs_padding(&s->nc)) {
>               if (eth_pad_short_frame(min_pkt, &min_pktsz, buf, size)) {
>                   buf = min_pkt;
>                   size = min_pktsz;
> diff --git a/net/tap.c b/net/tap.c
> index 7d53cedaec..820872fde8 100644
> --- a/net/tap.c
> +++ b/net/tap.c
> @@ -203,7 +203,7 @@ static void tap_send(void *opaque)
>               size -= s->host_vnet_hdr_len;
>           }
>   
> -        if (!s->nc.peer->do_not_pad) {
> +        if (net_peer_needs_padding(&s->nc)) {
>               if (eth_pad_short_frame(min_pkt, &min_pktsz, buf, size)) {
>                   buf = min_pkt;
>                   size = min_pktsz;


I assume that you had a test case which triggered that null pointer 
access? If yes, than this should indeed be applied before releasing 6.0.

The modification is simple enough for a last minute change.

Reviewed-by: Stefan Weil <sw@weilnetz.de>

Re: [PATCH for 6.0] net: check the existence of peer before trying to pad

Posted by Jason Wang 3 years ago

在 2021/4/23 下午1:42, Stefan Weil 写道:
> Am 23.04.21 um 05:18 schrieb Jason Wang:
>
>> There could be case that peer is NULL. This can happen when during
>> network device hot-add where net device needs to be added first. So
>> the patch check the existence of peer before trying to do the pad.
>>
>> Fixes: 969e50b61a285 ("net: Pad short frames to minimum size before 
>> sending from SLiRP/TAP")
>> Signed-off-by: Jason Wang <jasowang@redhat.com>
>> ---
>>   include/net/net.h | 5 +++++
>>   net/slirp.c       | 2 +-
>>   net/tap-win32.c   | 2 +-
>>   net/tap.c         | 2 +-
>>   4 files changed, 8 insertions(+), 3 deletions(-)
>>
>> diff --git a/include/net/net.h b/include/net/net.h
>> index eff24519d2..1ef536d771 100644
>> --- a/include/net/net.h
>> +++ b/include/net/net.h
>> @@ -241,4 +241,9 @@ uint32_t net_crc32_le(const uint8_t *p, int len);
>>       .offset     = vmstate_offset_macaddr(_state, _field), 
> \
>>   }
>>   +static inline bool net_peer_needs_padding(NetClientState *nc)
>> +{
>> +  return nc->peer && !nc->peer->do_not_pad;
>> +}
>> +
>>   #endif
>> diff --git a/net/slirp.c b/net/slirp.c
>> index a01a0fccd3..7a4e96db5c 100644
>> --- a/net/slirp.c
>> +++ b/net/slirp.c
>> @@ -119,7 +119,7 @@ static ssize_t net_slirp_send_packet(const void 
>> *pkt,size_t pkt_len,
>>       uint8_t min_pkt[ETH_ZLEN];
>>       size_t min_pktsz = sizeof(min_pkt);
>>   -    if (!s->nc.peer->do_not_pad) {
>> +    if (net_peer_needs_padding(&s->nc)) {
>>           if (eth_pad_short_frame(min_pkt, &min_pktsz, pkt, pkt_len)) {
>>               pkt = min_pkt;
>>               pkt_len = min_pktsz;
>> diff --git a/net/tap-win32.c b/net/tap-win32.c
>> index 897bd18e32..6096972f5d 100644
>> --- a/net/tap-win32.c
>> +++ b/net/tap-win32.c
>> @@ -696,7 +696,7 @@ static void tap_win32_send(void *opaque)
>>       if (size > 0) {
>>           orig_buf = buf;
>>   -        if (!s->nc.peer->do_not_pad) {
>> +        if (net_peer_needs_padding(&s->nc)) {
>>               if (eth_pad_short_frame(min_pkt, &min_pktsz, buf, size)) {
>>                   buf = min_pkt;
>>                   size = min_pktsz;
>> diff --git a/net/tap.c b/net/tap.c
>> index 7d53cedaec..820872fde8 100644
>> --- a/net/tap.c
>> +++ b/net/tap.c
>> @@ -203,7 +203,7 @@ static void tap_send(void *opaque)
>>               size -= s->host_vnet_hdr_len;
>>           }
>>   -        if (!s->nc.peer->do_not_pad) {
>> +        if (net_peer_needs_padding(&s->nc)) {
>>               if (eth_pad_short_frame(min_pkt, &min_pktsz, buf, size)) {
>>                   buf = min_pkt;
>>                   size = min_pktsz;
>
>
> I assume that you had a test case which triggered that null pointer 
> access?


Yes, it's simple to trigger by just adding a tap device and assign an IP 
to that.

Thanks


> If yes, than this should indeed be applied before releasing 6.0.
>
> The modification is simple enough for a last minute change.
>
> Reviewed-by: Stefan Weil <sw@weilnetz.de>
>
>
>
>

Re: [PATCH for 6.0] net: check the existence of peer before trying to pad

Posted by Peter Maydell 3 years ago

On Fri, 23 Apr 2021 at 04:18, Jason Wang <jasowang@redhat.com> wrote:
>
> There could be case that peer is NULL. This can happen when during
> network device hot-add where net device needs to be added first. So
> the patch check the existence of peer before trying to do the pad.
>
> Fixes: 969e50b61a285 ("net: Pad short frames to minimum size before sending from SLiRP/TAP")
> Signed-off-by: Jason Wang <jasowang@redhat.com>
> ---
>  include/net/net.h | 5 +++++
>  net/slirp.c       | 2 +-
>  net/tap-win32.c   | 2 +-
>  net/tap.c         | 2 +-
>  4 files changed, 8 insertions(+), 3 deletions(-)

Applied to master for 6.0 rc5; thanks.

-- PMM