From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-6.8 required=3.0 tests=DKIM_SIGNED,DKIM_VALID, HEADER_FROM_DIFFERENT_DOMAINS,INCLUDES_PATCH,MAILING_LIST_MULTI,SIGNED_OFF_BY, SPF_HELO_NONE,SPF_PASS,URIBL_BLOCKED autolearn=ham autolearn_force=no version=3.4.0 Received: from mail.kernel.org (mail.kernel.org [198.145.29.99]) by smtp.lore.kernel.org (Postfix) with ESMTP id C673BC74A35 for ; Thu, 11 Jul 2019 15:33:47 +0000 (UTC) Received: from dpdk.org (dpdk.org [92.243.14.124]) by mail.kernel.org (Postfix) with ESMTP id 52AF0206B8 for ; Thu, 11 Jul 2019 15:33:47 +0000 (UTC) Authentication-Results: mail.kernel.org; dkim=pass (2048-bit key) header.d=networkplumber-org.20150623.gappssmtp.com header.i=@networkplumber-org.20150623.gappssmtp.com header.b="G9bQ4VcZ" DMARC-Filter: OpenDMARC Filter v1.3.2 mail.kernel.org 52AF0206B8 Authentication-Results: mail.kernel.org; dmarc=none (p=none dis=none) header.from=networkplumber.org Authentication-Results: mail.kernel.org; spf=pass smtp.mailfrom=dev-bounces@dpdk.org Received: from [92.243.14.124] (localhost [127.0.0.1]) by dpdk.org (Postfix) with ESMTP id 2375D532C; Thu, 11 Jul 2019 17:33:46 +0200 (CEST) Received: from mail-pg1-f194.google.com (mail-pg1-f194.google.com [209.85.215.194]) by dpdk.org (Postfix) with ESMTP id 90E8A31FC for ; Thu, 11 Jul 2019 17:33:44 +0200 (CEST) Received: by mail-pg1-f194.google.com with SMTP id g15so3125413pgi.4 for ; Thu, 11 Jul 2019 08:33:44 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=networkplumber-org.20150623.gappssmtp.com; s=20150623; h=date:from:to:cc:subject:message-id:in-reply-to:references :mime-version:content-transfer-encoding; bh=T2To/yFCgy3skAWz30NlVGK0mgsV7Nr0TY3bpKjflII=; b=G9bQ4VcZNhfmKdEQI7SEktWfCTnj+3QVXJJY3TTqwwwHq6ypXSej7AnKeEGcuMusDN 9uPlNjH7pFy/D3PF/oGFka6/aaEufYbvFblXyN8k38ACq2icA6ipSF9ASlH57YcFqII+ +MqXHNi03YNucbhSBmlmff7AQGO3UHsoBJO8ht3Fw8KUrDIqZ3GHj5iQMl0jCB09qYud U+GpmH+tRsfRAQIaTmnjhmLFIoB/sYqPAXaMrHNuD2eItfzq+EquhpcOCdLze4vzMiBp 5wL0okVoc2LIfsuMk6tz2AVzRbIfuGsiNRjN9Fjjz1uKXE4Mgv5cMv3wd4pbr1G84wAK Pk/g== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:date:from:to:cc:subject:message-id:in-reply-to :references:mime-version:content-transfer-encoding; bh=T2To/yFCgy3skAWz30NlVGK0mgsV7Nr0TY3bpKjflII=; b=RHQ3OCrd/5nDC1XK7wzAdVCcLxDhu9qn/LuKOMH7F21XUcyWG92BXQ8mhzzvKdQ5ZK GuYk0oIvnNL4gJ47dxTy080f28FG+3nNNvnuD3AnPkbhg5ZbrQELcOpOqA9WJz9YjWlw 5ow742+Wk70+sfFTYXNmTdDV2Jc+TLMAVS4QX1FwaFJdgLgsbzjmHGY+UwqyXMV4MoBV GlzAOhA9rbXNCAxNEEMJab0625ZzgRR1TOuomJyKv/G4Bwga6sjFdWEIo3PeBmMzZ0k/ rjdw2oJJFZlTwIYMqTkOw3OJTMUdDIBnkm22IERBuIWTFIREPeRUzSvc3bayrBYGhS4g wvDQ== X-Gm-Message-State: APjAAAWGVEJ2G2lZyHMR0qGDZRZ+xeZ94xLSuqecEUkeiZfrifqLgVHR ifxy/DHr0rK2Ttn5DSDIed0= X-Google-Smtp-Source: APXvYqwSE1zadmd2ON7M0lrwEKBXRr/ZqbmWBwcr22qb9YsQiP/Q7oUJLs8UGLFdJq53zYSC1ILtYg== X-Received: by 2002:a17:90a:c391:: with SMTP id h17mr5551972pjt.131.1562859223506; Thu, 11 Jul 2019 08:33:43 -0700 (PDT) Received: from hermes.lan (204-195-22-127.wavecable.com. [204.195.22.127]) by smtp.gmail.com with ESMTPSA id o14sm5027134pjp.19.2019.07.11.08.33.43 (version=TLS1_3 cipher=AEAD-AES256-GCM-SHA384 bits=256/256); Thu, 11 Jul 2019 08:33:43 -0700 (PDT) Date: Thu, 11 Jul 2019 08:33:35 -0700 From: Stephen Hemminger To: Ferruh Yigit Cc: dev@dpdk.org, Yangchao Zhou Message-ID: <20190711083335.55356aeb@hermes.lan> In-Reply-To: <20190711123508.45219-1-ferruh.yigit@intel.com> References: <20190711123508.45219-1-ferruh.yigit@intel.com> MIME-Version: 1.0 Content-Type: text/plain; charset=US-ASCII Content-Transfer-Encoding: 7bit Subject: Re: [dpdk-dev] [PATCH] kni: fix possible buffer overflow X-BeenThere: dev@dpdk.org X-Mailman-Version: 2.1.15 Precedence: list List-Id: DPDK patches and discussions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: dev-bounces@dpdk.org Sender: "dev" On Thu, 11 Jul 2019 13:35:07 +0100 Ferruh Yigit wrote: > 'kni_net_rx_lo_fifo()' can get segmented buffers, using 'pkt_len' for > that case will be wrong and some values can cause buffer overflow > in destination mbuf data. > > Signed-off-by: Ferruh Yigit > --- > kernel/linux/kni/kni_net.c | 2 +- > 1 file changed, 1 insertion(+), 1 deletion(-) > > diff --git a/kernel/linux/kni/kni_net.c b/kernel/linux/kni/kni_net.c > index ad8365877..84341ac92 100644 > --- a/kernel/linux/kni/kni_net.c > +++ b/kernel/linux/kni/kni_net.c > @@ -435,7 +435,7 @@ kni_net_rx_lo_fifo(struct kni_dev *kni) > /* Copy mbufs */ > for (i = 0; i < num; i++) { > kva = pa2kva(kni->pa[i]); > - len = kva->pkt_len; > + len = kva->data_len; > data_kva = kva2data_kva(kva); > kni->va[i] = pa2va(kni->pa[i], kva); > Acked-by: Stephen Hemminger