* [PATCH v2] virtio-net: Add validation for used length
@ 2021-05-27 7:36 Xie Yongji
2021-05-27 18:07 ` Jakub Kicinski
0 siblings, 1 reply; 3+ messages in thread
From: Xie Yongji @ 2021-05-27 7:36 UTC (permalink / raw)
To: mst, jasowang; +Cc: virtualization, netdev, linux-kernel
This adds validation for used length (might come
from an untrusted device) to avoid data corruption
or loss.
Signed-off-by: Xie Yongji <xieyongji@bytedance.com>
---
drivers/net/virtio_net.c | 28 +++++++++++++++++++++-------
1 file changed, 21 insertions(+), 7 deletions(-)
diff --git a/drivers/net/virtio_net.c b/drivers/net/virtio_net.c
index c4711e23af88..01f10049f686 100644
--- a/drivers/net/virtio_net.c
+++ b/drivers/net/virtio_net.c
@@ -661,6 +661,17 @@ static struct sk_buff *receive_small(struct net_device *dev,
rcu_read_lock();
xdp_prog = rcu_dereference(rq->xdp_prog);
+ if (unlikely(len > GOOD_PACKET_LEN)) {
+ pr_debug("%s: rx error: len %u exceeds max size %d\n",
+ dev->name, len, GOOD_PACKET_LEN);
+ dev->stats.rx_length_errors++;
+ if (xdp_prog)
+ goto err_xdp;
+
+ rcu_read_unlock();
+ put_page(page);
+ return NULL;
+ }
if (xdp_prog) {
struct virtio_net_hdr_mrg_rxbuf *hdr = buf + header_offset;
struct xdp_frame *xdpf;
@@ -815,6 +826,16 @@ static struct sk_buff *receive_mergeable(struct net_device *dev,
rcu_read_lock();
xdp_prog = rcu_dereference(rq->xdp_prog);
+ if (unlikely(len > truesize)) {
+ pr_debug("%s: rx error: len %u exceeds truesize %lu\n",
+ dev->name, len, (unsigned long)ctx);
+ dev->stats.rx_length_errors++;
+ if (xdp_prog)
+ goto err_xdp;
+
+ rcu_read_unlock();
+ goto err_skb;
+ }
if (xdp_prog) {
struct xdp_frame *xdpf;
struct page *xdp_page;
@@ -937,13 +958,6 @@ static struct sk_buff *receive_mergeable(struct net_device *dev,
}
rcu_read_unlock();
- if (unlikely(len > truesize)) {
- pr_debug("%s: rx error: len %u exceeds truesize %lu\n",
- dev->name, len, (unsigned long)ctx);
- dev->stats.rx_length_errors++;
- goto err_skb;
- }
-
head_skb = page_to_skb(vi, rq, page, offset, len, truesize, !xdp_prog,
metasize);
curr_skb = head_skb;
--
2.11.0
^ permalink raw reply related [flat|nested] 3+ messages in thread
* Re: [PATCH v2] virtio-net: Add validation for used length
2021-05-27 7:36 [PATCH v2] virtio-net: Add validation for used length Xie Yongji
@ 2021-05-27 18:07 ` Jakub Kicinski
2021-05-28 3:10 ` Yongji Xie
0 siblings, 1 reply; 3+ messages in thread
From: Jakub Kicinski @ 2021-05-27 18:07 UTC (permalink / raw)
To: Xie Yongji; +Cc: mst, jasowang, virtualization, netdev, linux-kernel
On Thu, 27 May 2021 15:36:43 +0800 Xie Yongji wrote:
> This adds validation for used length (might come
> from an untrusted device) to avoid data corruption
> or loss.
>
> Signed-off-by: Xie Yongji <xieyongji@bytedance.com>
This does not apply to net nor net-next.
^ permalink raw reply [flat|nested] 3+ messages in thread
* Re: Re: [PATCH v2] virtio-net: Add validation for used length
2021-05-27 18:07 ` Jakub Kicinski
@ 2021-05-28 3:10 ` Yongji Xie
0 siblings, 0 replies; 3+ messages in thread
From: Yongji Xie @ 2021-05-28 3:10 UTC (permalink / raw)
To: Jakub Kicinski
Cc: Michael S. Tsirkin, Jason Wang, virtualization, netdev, linux-kernel
On Fri, May 28, 2021 at 2:07 AM Jakub Kicinski <kuba@kernel.org> wrote:
>
> On Thu, 27 May 2021 15:36:43 +0800 Xie Yongji wrote:
> > This adds validation for used length (might come
> > from an untrusted device) to avoid data corruption
> > or loss.
> >
> > Signed-off-by: Xie Yongji <xieyongji@bytedance.com>
>
> This does not apply to net nor net-next.
Will send v3. Thanks for the reminder.
Thanks,
Yongji
^ permalink raw reply [flat|nested] 3+ messages in thread
end of thread, other threads:[~2021-05-28 3:11 UTC | newest]
Thread overview: 3+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2021-05-27 7:36 [PATCH v2] virtio-net: Add validation for used length Xie Yongji
2021-05-27 18:07 ` Jakub Kicinski
2021-05-28 3:10 ` Yongji Xie
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.