From: Jesse Brandeburg <jesse.brandeburg@intel.com>
To: zhudi <zhudi21@huawei.com>
Cc: <davem@davemloft.net>, <kuba@kernel.org>,
<netdev@vger.kernel.org>, <rose.chen@huawei.com>,
David Ahern <dsahern@gmail.com>
Subject: Re: [PATCH] rtnetlink: fix data overflow in rtnl_calcit()
Date: Fri, 16 Oct 2020 14:36:25 -0700 [thread overview]
Message-ID: <20201016143625.00005f4e@intel.com> (raw)
In-Reply-To: <20201016020238.22445-1-zhudi21@huawei.com>
zhudi wrote:
> "ip addr show" command execute error when we have a physical
> network card with number of VFs larger than 247.
Oh man, this bug has been hurting us forever and I've tried to fix it
several times without much luck, so thanks for working on it!
CC: David Ahern <dsahern@gmail.com>
As he's mentioned this bug.
> The return value of if_nlmsg_size() in rtnl_calcit() will exceed
> range of u16 data type when any network cards has a larger number of
> VFs. rtnl_vfinfo_size() will significant increase needed dump size when
> the value of num_vfs is larger.
>
> Eventually we get a wrong value of min_ifinfo_dump_size because of overflow
> which decides the memory size needed by netlink dump and netlink_dump()
> will return -EMSGSIZE because of not enough memory was allocated.
>
> So fix it by promoting min_dump_alloc data type to u32 to
> avoid data overflow and it's also align with the data type of
> struct netlink_callback{}.min_dump_alloc which is assigned by
> return value of rtnl_calcit()
I defer to others here on whether this is an acceptable API change.
> Signed-off-by: zhudi <zhudi21@huawei.com>
Kernel documentation says for you to use your real name, please do so,
unless you're a rock star and have officially changed your name to
zhudi.
> ---
> include/linux/netlink.h | 2 +-
> net/core/rtnetlink.c | 8 ++++----
> 2 files changed, 5 insertions(+), 5 deletions(-)
Does it work without any changes to iproute2?
>
> diff --git a/include/linux/netlink.h b/include/linux/netlink.h
> index e3e49f0e5c13..0a7db41b9e42 100644
> --- a/include/linux/netlink.h
> +++ b/include/linux/netlink.h
> @@ -230,7 +230,7 @@ struct netlink_dump_control {
> int (*done)(struct netlink_callback *);
> void *data;
> struct module *module;
> - u16 min_dump_alloc;
> + u32 min_dump_alloc;
> };
As long as nothing in the API depends on the length of this struct, it
should work.
next prev parent reply other threads:[~2020-10-16 21:36 UTC|newest]
Thread overview: 10+ messages / expand[flat|nested] mbox.gz Atom feed top
2020-10-16 2:02 [PATCH] rtnetlink: fix data overflow in rtnl_calcit() zhudi
2020-10-16 21:36 ` Jesse Brandeburg [this message]
2020-10-16 22:45 ` Vladimir Oltean
2020-10-17 0:44 ` Jesse Brandeburg
2020-10-19 1:35 ` 答复: " zhudi (J)
2020-10-17 12:34 ` Michal Kubecek
2020-10-18 18:41 ` Jakub Kicinski
2020-10-19 1:09 zhudi (J)
2020-10-19 1:59 zhudi (J)
2020-10-19 17:15 ` Jakub Kicinski
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20201016143625.00005f4e@intel.com \
--to=jesse.brandeburg@intel.com \
--cc=davem@davemloft.net \
--cc=dsahern@gmail.com \
--cc=kuba@kernel.org \
--cc=netdev@vger.kernel.org \
--cc=rose.chen@huawei.com \
--cc=zhudi21@huawei.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).