Netdev Archive on lore.kernel.org
 help / color / Atom feed
* [PATCH bpf v2] xsk: fix for xp_aligned_validate_desc() when len == chunk_size
@ 2021-04-28  9:44 Xuan Zhuo
  2021-05-03 22:40 ` patchwork-bot+netdevbpf
  0 siblings, 1 reply; 2+ messages in thread
From: Xuan Zhuo @ 2021-04-28  9:44 UTC (permalink / raw)
  To: bpf
  Cc: Björn Töpel, Magnus Karlsson, Jonathan Lemon,
	David S. Miller, Jakub Kicinski, Alexei Starovoitov,
	Daniel Borkmann, Jesper Dangaard Brouer, John Fastabend,
	Andrii Nakryiko, Martin KaFai Lau, Song Liu, Yonghong Song,
	KP Singh, netdev

When desc->len is equal to chunk_size, it is legal. But
xp_aligned_validate_desc() got "chunk_end" by desc->addr + desc->len
pointing to the next chunk during the check, which caused the check to
fail.

Related commit:
commit 2b43470add8c ("xsk: Introduce AF_XDP buffer allocation API")
commit 26062b185eee ("xsk: Explicitly inline functions and move
                    definitions")

This problem was first introduced in "bbff2f321a86". Later in
"2b43470add8c" this piece of code was moved into the new function
xp_aligned_validate_desc(). Later this function was moved into the file
xsk_queue.h in "26062b185eee".

Fixes: bbff2f321a86 ("xsk: new descriptor addressing scheme")
Signed-off-by: Xuan Zhuo <xuanzhuo@linux.alibaba.com>
Acked-by: Magnus Karlsson <magnus.karlsson@intel.com>
---
 net/xdp/xsk_queue.h | 7 +++----
 1 file changed, 3 insertions(+), 4 deletions(-)

diff --git a/net/xdp/xsk_queue.h b/net/xdp/xsk_queue.h
index 2823b7c3302d..40f359bf2044 100644
--- a/net/xdp/xsk_queue.h
+++ b/net/xdp/xsk_queue.h
@@ -128,13 +128,12 @@ static inline bool xskq_cons_read_addr_unchecked(struct xsk_queue *q, u64 *addr)
 static inline bool xp_aligned_validate_desc(struct xsk_buff_pool *pool,
 					    struct xdp_desc *desc)
 {
-	u64 chunk, chunk_end;
+	u64 chunk;
 
-	chunk = xp_aligned_extract_addr(pool, desc->addr);
-	chunk_end = xp_aligned_extract_addr(pool, desc->addr + desc->len);
-	if (chunk != chunk_end)
+	if (desc->len > pool->chunk_size)
 		return false;
 
+	chunk = xp_aligned_extract_addr(pool, desc->addr);
 	if (chunk >= pool->addrs_cnt)
 		return false;
 
-- 
2.31.0


^ permalink raw reply	[flat|nested] 2+ messages in thread

* Re: [PATCH bpf v2] xsk: fix for xp_aligned_validate_desc() when len == chunk_size
  2021-04-28  9:44 [PATCH bpf v2] xsk: fix for xp_aligned_validate_desc() when len == chunk_size Xuan Zhuo
@ 2021-05-03 22:40 ` patchwork-bot+netdevbpf
  0 siblings, 0 replies; 2+ messages in thread
From: patchwork-bot+netdevbpf @ 2021-05-03 22:40 UTC (permalink / raw)
  To: Xuan Zhuo
  Cc: bpf, bjorn, magnus.karlsson, jonathan.lemon, davem, kuba, ast,
	daniel, hawk, john.fastabend, andrii, kafai, songliubraving, yhs,
	kpsingh, netdev

Hello:

This patch was applied to bpf/bpf.git (refs/heads/master):

On Wed, 28 Apr 2021 17:44:24 +0800 you wrote:
> When desc->len is equal to chunk_size, it is legal. But
> xp_aligned_validate_desc() got "chunk_end" by desc->addr + desc->len
> pointing to the next chunk during the check, which caused the check to
> fail.
> 
> Related commit:
> commit 2b43470add8c ("xsk: Introduce AF_XDP buffer allocation API")
> commit 26062b185eee ("xsk: Explicitly inline functions and move
>                     definitions")
> 
> [...]

Here is the summary with links:
  - [bpf,v2] xsk: fix for xp_aligned_validate_desc() when len == chunk_size
    https://git.kernel.org/bpf/bpf/c/ac31565c2193

You are awesome, thank you!
--
Deet-doot-dot, I am a bot.
https://korg.docs.kernel.org/patchwork/pwbot.html



^ permalink raw reply	[flat|nested] 2+ messages in thread

end of thread, back to index

Thread overview: 2+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2021-04-28  9:44 [PATCH bpf v2] xsk: fix for xp_aligned_validate_desc() when len == chunk_size Xuan Zhuo
2021-05-03 22:40 ` patchwork-bot+netdevbpf

Netdev Archive on lore.kernel.org

Archives are clonable:
	git clone --mirror https://lore.kernel.org/netdev/0 netdev/git/0.git
	git clone --mirror https://lore.kernel.org/netdev/1 netdev/git/1.git

	# If you have public-inbox 1.1+ installed, you may
	# initialize and index your mirror using the following commands:
	public-inbox-init -V2 netdev netdev/ https://lore.kernel.org/netdev \
		netdev@vger.kernel.org
	public-inbox-index netdev

Example config snippet for mirrors

Newsgroup available over NNTP:
	nntp://nntp.lore.kernel.org/org.kernel.vger.netdev


AGPL code for this site: git clone https://public-inbox.org/public-inbox.git