From: "Michael S. Tsirkin" <mst@redhat.com>
To: "Oleinik, Alexander" <alxndr@bu.edu>
Cc: "bsd@redhat.com" <bsd@redhat.com>,
"pbonzini@redhat.com" <pbonzini@redhat.com>,
"jasowang@redhat.com" <jasowang@redhat.com>,
"qemu-devel@nongnu.org" <qemu-devel@nongnu.org>,
"stefanha@redhat.com" <stefanha@redhat.com>
Subject: Re: [Qemu-devel] [PATCH 1/1] virtio-net: check guest header length is valid
Date: Tue, 16 Jul 2019 04:01:11 -0400 [thread overview]
Message-ID: <20190716035715-mutt-send-email-mst@kernel.org> (raw)
In-Reply-To: <20190716033719.2866-2-alxndr@bu.edu>
On Tue, Jul 16, 2019 at 03:38:09AM +0000, Oleinik, Alexander wrote:
> virtio-net checks that the "out" sg is longer than the guest header, but
> this check can be skipped if has_net_hdr is 0. Also perform this check
> if host_hdr_len != guest_hdr_len
This explanation is way less clear than what you have in 0/1.
I suggest you just move the log here.
>
> Signed-off-by: Alexander Oleinik <alxndr@bu.edu>
> ---
> hw/net/virtio-net.c | 13 ++++++++++++-
> 1 file changed, 12 insertions(+), 1 deletion(-)
>
> diff --git a/hw/net/virtio-net.c b/hw/net/virtio-net.c
> index b9e1cd71cf..46d715b4f5 100644
> --- a/hw/net/virtio-net.c
> +++ b/hw/net/virtio-net.c
> @@ -2064,7 +2064,18 @@ static int32_t virtio_net_flush_tx(VirtIONetQueue *q)
> */
> assert(n->host_hdr_len <= n->guest_hdr_len);
> if (n->host_hdr_len != n->guest_hdr_len) {
> - unsigned sg_num = iov_copy(sg, ARRAY_SIZE(sg),
> + unsigned sg_num;
> +
> + if (!n->has_vnet_hdr) {
> + if (iov_to_buf(out_sg, out_num, 0, &mhdr, n->guest_hdr_len) <
> + n->guest_hdr_len) {
> + virtio_error(vdev, "virtio-net header incorrect");
> + virtqueue_detach_element(q->tx_vq, elem, 0);
> + g_free(elem);
> + return -EINVAL;
> + }
> + }
This code is duplicated from above. I also suspect some parts are missing
here (such as header endian-ness swap).
Pls find a way not to duplicate the code.
> + sg_num = iov_copy(sg, ARRAY_SIZE(sg),
> out_sg, out_num,
> 0, n->host_hdr_len);
> sg_num += iov_copy(sg + sg_num, ARRAY_SIZE(sg) - sg_num,
> --
> 2.20.1
next prev parent reply other threads:[~2019-07-16 8:01 UTC|newest]
Thread overview: 4+ messages / expand[flat|nested] mbox.gz Atom feed top
2019-07-16 3:38 [Qemu-devel] [PATCH 0/1] Add check for header length in virtio-net-tx Oleinik, Alexander
2019-07-16 3:38 ` [Qemu-devel] [PATCH 1/1] virtio-net: check guest header length is valid Oleinik, Alexander
2019-07-16 8:01 ` Michael S. Tsirkin [this message]
2019-07-16 8:14 ` [Qemu-devel] [PATCH 0/1] Add check for header length in virtio-net-tx Michael S. Tsirkin
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20190716035715-mutt-send-email-mst@kernel.org \
--to=mst@redhat.com \
--cc=alxndr@bu.edu \
--cc=bsd@redhat.com \
--cc=jasowang@redhat.com \
--cc=pbonzini@redhat.com \
--cc=qemu-devel@nongnu.org \
--cc=stefanha@redhat.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.