All of lore.kernel.org
 help / color / mirror / Atom feed
From: Stefano Garzarella <sgarzare@redhat.com>
To: "Philippe Mathieu-Daudé" <philmd@redhat.com>
Cc: Laurent Vivier <lvivier@redhat.com>,
	Thomas Huth <thuth@redhat.com>,
	Dmitry Fleytman <dmitry.fleytman@gmail.com>,
	Jason Wang <jasowang@redhat.com>, Li Qiang <liq3ea@gmail.com>,
	qemu-devel@nongnu.org, Alexander Bulekov <alxndr@bu.edu>,
	Paolo Bonzini <pbonzini@redhat.com>,
	Miroslav Rezanina <mrezanin@redhat.com>
Subject: Re: [PATCH v4 6/6] net/eth: Return earlier in _eth_get_rss_ex_dst_addr()
Date: Wed, 10 Mar 2021 10:32:16 +0100	[thread overview]
Message-ID: <20210310093216.qsghuz3dsgwstie6@steredhat> (raw)
In-Reply-To: <20210309182709.810955-7-philmd@redhat.com>

On Tue, Mar 09, 2021 at 07:27:09PM +0100, Philippe Mathieu-Daudé wrote:
>Slightly simplify _eth_get_rss_ex_dst_addr() by returning earlier.
>
>Signed-off-by: Philippe Mathieu-Daudé <philmd@redhat.com>
>---
> net/eth.c | 16 +++++++---------
> 1 file changed, 7 insertions(+), 9 deletions(-)
>
>diff --git a/net/eth.c b/net/eth.c
>index e984edcfb0b..b44439d31c5 100644
>--- a/net/eth.c
>+++ b/net/eth.c
>@@ -407,23 +407,21 @@ _eth_get_rss_ex_dst_addr(const struct iovec *pkt, int pkt_frags,
> {
>     size_t input_size = iov_size(pkt, pkt_frags);
>     struct ip6_ext_hdr_routing *rthdr;
>+    size_t bytes_read;
>
>     if (input_size < ext_hdr_offset + sizeof(*rthdr)) {
>         return false;
>     }
>     rthdr = (struct ip6_ext_hdr_routing *) ext_hdr;
>
>-    if ((rthdr->rtype == 2) && (rthdr->segleft == 1)) {
>-        size_t bytes_read;
>-
>-        bytes_read = iov_to_buf(pkt, pkt_frags,
>-                                ext_hdr_offset + sizeof(*ext_hdr),
>-                                dst_addr, sizeof(*dst_addr));
>-
>-        return bytes_read == sizeof(*dst_addr);
>+    if ((rthdr->rtype != 2) || (rthdr->segleft != 1)) {
>+        return false;
>     }
>
>-    return false;
>+    bytes_read = iov_to_buf(pkt, pkt_frags, ext_hdr_offset + sizeof(*ext_hdr),
>+                            dst_addr, sizeof(*dst_addr));

Pre-existing issue, but looking at the Routing extension header format 
[1], I think the offset we're using here is wrong.

I had a doubt if the address started at ext_hdr_offset + 4 or 
ext_hdr_offset + 8 but looking in the linux code I think the offset we 
should use is ext_hdr_offset + sizeof(*rthdr).

This is the structure that I found in include/uapi/linux/ipv6.h:

     /*
      *	routing header type 2
      */

     struct rt2_hdr {
     	struct ipv6_rt_hdr	rt_hdr;
     	__u32			reserved;
     	struct in6_addr		addr;

     #define rt2_type		rt_hdr.type
     };

Thanks,
Stefano

[1] https://en.wikipedia.org/wiki/IPv6_packet#Routing



      reply	other threads:[~2021-03-10  9:35 UTC|newest]

Thread overview: 14+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2021-03-09 18:27 [PATCH v4 0/6] net/eth: Fix stack-buffer-overflow in _eth_get_rss_ex_dst_addr() Philippe Mathieu-Daudé
2021-03-09 18:27 ` [PATCH v4 1/6] net/eth: Simplify _eth_get_rss_ex_dst_addr() Philippe Mathieu-Daudé
2021-03-09 18:27 ` [PATCH v4 2/6] net/eth: Better describe _eth_get_rss_ex_dst_addr's offset argument Philippe Mathieu-Daudé
2021-03-10  8:41   ` Stefano Garzarella
2021-03-09 18:27 ` [PATCH v4 3/6] net/eth: Initialize input_size variable earlier Philippe Mathieu-Daudé
2021-03-10  8:41   ` Stefano Garzarella
2021-03-09 18:27 ` [PATCH v4 4/6] net/eth: Check rt_hdr size before casting to ip6_ext_hdr Philippe Mathieu-Daudé
2021-03-10  9:05   ` Stefano Garzarella
2021-03-10  9:35     ` Stefano Garzarella
2021-03-10  9:36   ` Miroslav Rezanina
2021-03-10 12:34     ` Philippe Mathieu-Daudé
2021-03-09 18:27 ` [PATCH v4 5/6] net/eth: Remove now useless size check Philippe Mathieu-Daudé
2021-03-09 18:27 ` [PATCH v4 6/6] net/eth: Return earlier in _eth_get_rss_ex_dst_addr() Philippe Mathieu-Daudé
2021-03-10  9:32   ` Stefano Garzarella [this message]

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=20210310093216.qsghuz3dsgwstie6@steredhat \
    --to=sgarzare@redhat.com \
    --cc=alxndr@bu.edu \
    --cc=dmitry.fleytman@gmail.com \
    --cc=jasowang@redhat.com \
    --cc=liq3ea@gmail.com \
    --cc=lvivier@redhat.com \
    --cc=mrezanin@redhat.com \
    --cc=pbonzini@redhat.com \
    --cc=philmd@redhat.com \
    --cc=qemu-devel@nongnu.org \
    --cc=thuth@redhat.com \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line before the message body. 
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.