mbox series

[V4,for,3.1,0/4] Fix possible OOB during queuing packets

Message ID 20181203100608.28538-1-jasowang@redhat.com
Headers show
Series Fix possible OOB during queuing packets | expand

Message

Jason Wang Dec. 3, 2018, 10:06 a.m. UTC 
Hi:

This series tries to fix a possible OOB during queueing packets
through qemu_net_queue_append_iov(). This could happen when it tries
to queue a packet whose size is larger than INT_MAX which may lead
integer overflow. We've fixed similar issue in the past during
qemu_net_queue_deliver_iov() by ignoring large packets there. Let's
just move the check earlier to qemu_sendv_packet_async() and reduce
the limitation to NET_BUFSIZE. A simple qtest were also added this.

Please review.

Thanks

Changes from V1:
- slient compiling warnings
Changes from V2:
- annotate pci_test_start() with GCC_FMT_ATTR()
- drop intermediate cmd string variable

Jason Wang (4):
  net: drop too large packet early
  virtio-net-test: accept variable length argument in pci_test_start()
  virtio-net-test: remove unused macro
  virtio-net-test: add large tx buffer test

 net/net.c               | 13 +++++----
 tests/virtio-net-test.c | 62 ++++++++++++++++++++++++++++++++++++-----
 2 files changed, 62 insertions(+), 13 deletions(-)

Comments

Peter Maydell Dec. 3, 2018, 4:18 p.m. UTC | #1 
On Mon, 3 Dec 2018 at 10:06, Jason Wang <jasowang@redhat.com> wrote:
>
> Hi:
>
> This series tries to fix a possible OOB during queueing packets
> through qemu_net_queue_append_iov(). This could happen when it tries
> to queue a packet whose size is larger than INT_MAX which may lead
> integer overflow. We've fixed similar issue in the past during
> qemu_net_queue_deliver_iov() by ignoring large packets there. Let's
> just move the check earlier to qemu_sendv_packet_async() and reduce
> the limitation to NET_BUFSIZE. A simple qtest were also added this.
>
> Please review.

I did a test build and run, and the new test generates warning
messages during "make check":
  /ppc64/virtio/net/pci/large_tx:
qemu-system-ppc64: warning: hub 0 is not connected to host network
(similarly for /i386/ and /x86_64/).

thank
-- PMM
Jason Wang Dec. 4, 2018, 2:28 a.m. UTC | #2 
On 2018/12/4 上午12:18, Peter Maydell wrote:
> On Mon, 3 Dec 2018 at 10:06, Jason Wang <jasowang@redhat.com> wrote:
>> Hi:
>>
>> This series tries to fix a possible OOB during queueing packets
>> through qemu_net_queue_append_iov(). This could happen when it tries
>> to queue a packet whose size is larger than INT_MAX which may lead
>> integer overflow. We've fixed similar issue in the past during
>> qemu_net_queue_deliver_iov() by ignoring large packets there. Let's
>> just move the check earlier to qemu_sendv_packet_async() and reduce
>> the limitation to NET_BUFSIZE. A simple qtest were also added this.
>>
>> Please review.
> I did a test build and run, and the new test generates warning
> messages during "make check":
>    /ppc64/virtio/net/pci/large_tx:
> qemu-system-ppc64: warning: hub 0 is not connected to host network
> (similarly for /i386/ and /x86_64/).
>
> thank
> -- PMM


This is intended, we don't need any host networking device. This makes 
it very simpler and easier to trigger the queuing at hub. I can add a 
patch to suppress this warning if qtest is enabled.

Thanks