From: Zhang Chen <chen.zhang@intel.com>
To: Jason Wang <jasowang@redhat.com>,
Peter Maydell <peter.maydell@linaro.org>,
Li Zhijian <lizhijian@fujitsu.com>,
qemu-dev <qemu-devel@nongnu.org>
Cc: Zhang Chen <chen.zhang@intel.com>
Subject: [PATCH V4 RESEND] net/colo.c: Fix the pointer issue reported by Coverity.
Date: Tue, 9 Aug 2022 16:48:54 +0800 [thread overview]
Message-ID: <20220809084854.217943-1-chen.zhang@intel.com> (raw)
When enabled the virtio-net-pci, guest network packet will
load the vnet_hdr. In COLO status, the primary VM's network
packet maybe redirect to another VM, it need filter-redirect
enable the vnet_hdr flag at the same time, COLO-proxy will
correctly parse the original network packet. If have any
misconfiguration here, the vnet_hdr_len is wrong for parse
the packet, the data+offset will point to wrong place.
Signed-off-by: Zhang Chen <chen.zhang@intel.com>
---
net/colo.c | 18 ++++++++++--------
net/colo.h | 1 +
2 files changed, 11 insertions(+), 8 deletions(-)
diff --git a/net/colo.c b/net/colo.c
index 6b0ff562ad..2b5568fff4 100644
--- a/net/colo.c
+++ b/net/colo.c
@@ -44,21 +44,23 @@ int parse_packet_early(Packet *pkt)
{
int network_length;
static const uint8_t vlan[] = {0x81, 0x00};
- uint8_t *data = pkt->data + pkt->vnet_hdr_len;
+ uint8_t *data = pkt->data;
uint16_t l3_proto;
ssize_t l2hdr_len;
- if (data == NULL) {
- trace_colo_proxy_main_vnet_info("This packet is not parsed correctly, "
+ assert(data);
+
+ /* Check the received vnet_hdr_len then add the offset */
+ if ((pkt->vnet_hdr_len > sizeof(struct virtio_net_hdr_v1_hash)) ||
+ (pkt->size < sizeof(struct eth_header) + sizeof(struct vlan_header)
+ + pkt->vnet_hdr_len)) {
+ trace_colo_proxy_main_vnet_info("This packet may be load wrong "
"pkt->vnet_hdr_len", pkt->vnet_hdr_len);
return 1;
}
- l2hdr_len = eth_get_l2_hdr_length(data);
+ data += pkt->vnet_hdr_len;
- if (pkt->size < ETH_HLEN + pkt->vnet_hdr_len) {
- trace_colo_proxy_main("pkt->size < ETH_HLEN");
- return 1;
- }
+ l2hdr_len = eth_get_l2_hdr_length(data);
/*
* TODO: support vlan.
diff --git a/net/colo.h b/net/colo.h
index 8b3e8d5a83..22fc3031f7 100644
--- a/net/colo.h
+++ b/net/colo.h
@@ -18,6 +18,7 @@
#include "qemu/jhash.h"
#include "qemu/timer.h"
#include "net/eth.h"
+#include "standard-headers/linux/virtio_net.h"
#define HASHTABLE_MAX_SIZE 16384
--
2.25.1
next reply other threads:[~2022-08-09 9:06 UTC|newest]
Thread overview: 4+ messages / expand[flat|nested] mbox.gz Atom feed top
2022-08-09 8:48 Zhang Chen [this message]
2022-08-17 7:44 ` [PATCH V4 RESEND] net/colo.c: Fix the pointer issue reported by Coverity Zhang, Chen
2022-08-18 8:04 ` Jason Wang
2022-08-19 2:59 ` Zhang, Chen
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20220809084854.217943-1-chen.zhang@intel.com \
--to=chen.zhang@intel.com \
--cc=jasowang@redhat.com \
--cc=lizhijian@fujitsu.com \
--cc=peter.maydell@linaro.org \
--cc=qemu-devel@nongnu.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.