* [PATCH for 6.0] net: check the existence of peer before trying to pad
@ 2021-04-23 3:18 Jason Wang
2021-04-23 3:24 ` Bin Meng
` (2 more replies)
0 siblings, 3 replies; 5+ messages in thread
From: Jason Wang @ 2021-04-23 3:18 UTC (permalink / raw)
To: jasowang, samuel.thibault, sw, qemu-devel
Cc: peter.maydell, bmeng.cn, philmd, crobinso
There could be case that peer is NULL. This can happen when during
network device hot-add where net device needs to be added first. So
the patch check the existence of peer before trying to do the pad.
Fixes: 969e50b61a285 ("net: Pad short frames to minimum size before sending from SLiRP/TAP")
Signed-off-by: Jason Wang <jasowang@redhat.com>
---
include/net/net.h | 5 +++++
net/slirp.c | 2 +-
net/tap-win32.c | 2 +-
net/tap.c | 2 +-
4 files changed, 8 insertions(+), 3 deletions(-)
diff --git a/include/net/net.h b/include/net/net.h
index eff24519d2..1ef536d771 100644
--- a/include/net/net.h
+++ b/include/net/net.h
@@ -241,4 +241,9 @@ uint32_t net_crc32_le(const uint8_t *p, int len);
.offset = vmstate_offset_macaddr(_state, _field), \
}
+static inline bool net_peer_needs_padding(NetClientState *nc)
+{
+ return nc->peer && !nc->peer->do_not_pad;
+}
+
#endif
diff --git a/net/slirp.c b/net/slirp.c
index a01a0fccd3..7a4e96db5c 100644
--- a/net/slirp.c
+++ b/net/slirp.c
@@ -119,7 +119,7 @@ static ssize_t net_slirp_send_packet(const void *pkt, size_t pkt_len,
uint8_t min_pkt[ETH_ZLEN];
size_t min_pktsz = sizeof(min_pkt);
- if (!s->nc.peer->do_not_pad) {
+ if (net_peer_needs_padding(&s->nc)) {
if (eth_pad_short_frame(min_pkt, &min_pktsz, pkt, pkt_len)) {
pkt = min_pkt;
pkt_len = min_pktsz;
diff --git a/net/tap-win32.c b/net/tap-win32.c
index 897bd18e32..6096972f5d 100644
--- a/net/tap-win32.c
+++ b/net/tap-win32.c
@@ -696,7 +696,7 @@ static void tap_win32_send(void *opaque)
if (size > 0) {
orig_buf = buf;
- if (!s->nc.peer->do_not_pad) {
+ if (net_peer_needs_padding(&s->nc)) {
if (eth_pad_short_frame(min_pkt, &min_pktsz, buf, size)) {
buf = min_pkt;
size = min_pktsz;
diff --git a/net/tap.c b/net/tap.c
index 7d53cedaec..820872fde8 100644
--- a/net/tap.c
+++ b/net/tap.c
@@ -203,7 +203,7 @@ static void tap_send(void *opaque)
size -= s->host_vnet_hdr_len;
}
- if (!s->nc.peer->do_not_pad) {
+ if (net_peer_needs_padding(&s->nc)) {
if (eth_pad_short_frame(min_pkt, &min_pktsz, buf, size)) {
buf = min_pkt;
size = min_pktsz;
--
2.25.1
^ permalink raw reply related [flat|nested] 5+ messages in thread
* Re: [PATCH for 6.0] net: check the existence of peer before trying to pad
2021-04-23 3:18 [PATCH for 6.0] net: check the existence of peer before trying to pad Jason Wang
@ 2021-04-23 3:24 ` Bin Meng
2021-04-23 5:42 ` Stefan Weil
2021-04-23 13:07 ` Peter Maydell
2 siblings, 0 replies; 5+ messages in thread
From: Bin Meng @ 2021-04-23 3:24 UTC (permalink / raw)
To: Jason Wang
Cc: Peter Maydell, Stefan Weil, qemu-devel@nongnu.org Developers,
Cole Robinson, Samuel Thibault, Philippe Mathieu-Daudé
On Fri, Apr 23, 2021 at 11:18 AM Jason Wang <jasowang@redhat.com> wrote:
>
> There could be case that peer is NULL. This can happen when during
> network device hot-add where net device needs to be added first. So
> the patch check the existence of peer before trying to do the pad.
>
> Fixes: 969e50b61a285 ("net: Pad short frames to minimum size before sending from SLiRP/TAP")
> Signed-off-by: Jason Wang <jasowang@redhat.com>
> ---
> include/net/net.h | 5 +++++
> net/slirp.c | 2 +-
> net/tap-win32.c | 2 +-
> net/tap.c | 2 +-
> 4 files changed, 8 insertions(+), 3 deletions(-)
>
Reviewed-by: Bin Meng <bmeng.cn@gmail.com>
^ permalink raw reply [flat|nested] 5+ messages in thread
* Re: [PATCH for 6.0] net: check the existence of peer before trying to pad
2021-04-23 3:18 [PATCH for 6.0] net: check the existence of peer before trying to pad Jason Wang
2021-04-23 3:24 ` Bin Meng
@ 2021-04-23 5:42 ` Stefan Weil
2021-04-23 6:02 ` Jason Wang
2021-04-23 13:07 ` Peter Maydell
2 siblings, 1 reply; 5+ messages in thread
From: Stefan Weil @ 2021-04-23 5:42 UTC (permalink / raw)
To: Jason Wang, samuel.thibault, qemu-devel
Cc: peter.maydell, bmeng.cn, philmd, crobinso
Am 23.04.21 um 05:18 schrieb Jason Wang:
> There could be case that peer is NULL. This can happen when during
> network device hot-add where net device needs to be added first. So
> the patch check the existence of peer before trying to do the pad.
>
> Fixes: 969e50b61a285 ("net: Pad short frames to minimum size before sending from SLiRP/TAP")
> Signed-off-by: Jason Wang <jasowang@redhat.com>
> ---
> include/net/net.h | 5 +++++
> net/slirp.c | 2 +-
> net/tap-win32.c | 2 +-
> net/tap.c | 2 +-
> 4 files changed, 8 insertions(+), 3 deletions(-)
>
> diff --git a/include/net/net.h b/include/net/net.h
> index eff24519d2..1ef536d771 100644
> --- a/include/net/net.h
> +++ b/include/net/net.h
> @@ -241,4 +241,9 @@ uint32_t net_crc32_le(const uint8_t *p, int len);
> .offset = vmstate_offset_macaddr(_state, _field),
\
> }
>
> +static inline bool net_peer_needs_padding(NetClientState *nc)
> +{
> + return nc->peer && !nc->peer->do_not_pad;
> +}
> +
> #endif
> diff --git a/net/slirp.c b/net/slirp.c
> index a01a0fccd3..7a4e96db5c 100644
> --- a/net/slirp.c
> +++ b/net/slirp.c
> @@ -119,7 +119,7 @@ static ssize_t net_slirp_send_packet(const void *pkt, size_t pkt_len,
> uint8_t min_pkt[ETH_ZLEN];
> size_t min_pktsz = sizeof(min_pkt);
>
> - if (!s->nc.peer->do_not_pad) {
> + if (net_peer_needs_padding(&s->nc)) {
> if (eth_pad_short_frame(min_pkt, &min_pktsz, pkt, pkt_len)) {
> pkt = min_pkt;
> pkt_len = min_pktsz;
> diff --git a/net/tap-win32.c b/net/tap-win32.c
> index 897bd18e32..6096972f5d 100644
> --- a/net/tap-win32.c
> +++ b/net/tap-win32.c
> @@ -696,7 +696,7 @@ static void tap_win32_send(void *opaque)
> if (size > 0) {
> orig_buf = buf;
>
> - if (!s->nc.peer->do_not_pad) {
> + if (net_peer_needs_padding(&s->nc)) {
> if (eth_pad_short_frame(min_pkt, &min_pktsz, buf, size)) {
> buf = min_pkt;
> size = min_pktsz;
> diff --git a/net/tap.c b/net/tap.c
> index 7d53cedaec..820872fde8 100644
> --- a/net/tap.c
> +++ b/net/tap.c
> @@ -203,7 +203,7 @@ static void tap_send(void *opaque)
> size -= s->host_vnet_hdr_len;
> }
>
> - if (!s->nc.peer->do_not_pad) {
> + if (net_peer_needs_padding(&s->nc)) {
> if (eth_pad_short_frame(min_pkt, &min_pktsz, buf, size)) {
> buf = min_pkt;
> size = min_pktsz;
I assume that you had a test case which triggered that null pointer
access? If yes, than this should indeed be applied before releasing 6.0.
The modification is simple enough for a last minute change.
Reviewed-by: Stefan Weil <sw@weilnetz.de>
^ permalink raw reply [flat|nested] 5+ messages in thread
* Re: [PATCH for 6.0] net: check the existence of peer before trying to pad
2021-04-23 5:42 ` Stefan Weil
@ 2021-04-23 6:02 ` Jason Wang
0 siblings, 0 replies; 5+ messages in thread
From: Jason Wang @ 2021-04-23 6:02 UTC (permalink / raw)
To: Stefan Weil, samuel.thibault, qemu-devel
Cc: peter.maydell, bmeng.cn, philmd, crobinso
在 2021/4/23 下午1:42, Stefan Weil 写道:
> Am 23.04.21 um 05:18 schrieb Jason Wang:
>
>> There could be case that peer is NULL. This can happen when during
>> network device hot-add where net device needs to be added first. So
>> the patch check the existence of peer before trying to do the pad.
>>
>> Fixes: 969e50b61a285 ("net: Pad short frames to minimum size before
>> sending from SLiRP/TAP")
>> Signed-off-by: Jason Wang <jasowang@redhat.com>
>> ---
>> include/net/net.h | 5 +++++
>> net/slirp.c | 2 +-
>> net/tap-win32.c | 2 +-
>> net/tap.c | 2 +-
>> 4 files changed, 8 insertions(+), 3 deletions(-)
>>
>> diff --git a/include/net/net.h b/include/net/net.h
>> index eff24519d2..1ef536d771 100644
>> --- a/include/net/net.h
>> +++ b/include/net/net.h
>> @@ -241,4 +241,9 @@ uint32_t net_crc32_le(const uint8_t *p, int len);
>> .offset = vmstate_offset_macaddr(_state, _field),
> \
>> }
>> +static inline bool net_peer_needs_padding(NetClientState *nc)
>> +{
>> + return nc->peer && !nc->peer->do_not_pad;
>> +}
>> +
>> #endif
>> diff --git a/net/slirp.c b/net/slirp.c
>> index a01a0fccd3..7a4e96db5c 100644
>> --- a/net/slirp.c
>> +++ b/net/slirp.c
>> @@ -119,7 +119,7 @@ static ssize_t net_slirp_send_packet(const void
>> *pkt,size_t pkt_len,
>> uint8_t min_pkt[ETH_ZLEN];
>> size_t min_pktsz = sizeof(min_pkt);
>> - if (!s->nc.peer->do_not_pad) {
>> + if (net_peer_needs_padding(&s->nc)) {
>> if (eth_pad_short_frame(min_pkt, &min_pktsz, pkt, pkt_len)) {
>> pkt = min_pkt;
>> pkt_len = min_pktsz;
>> diff --git a/net/tap-win32.c b/net/tap-win32.c
>> index 897bd18e32..6096972f5d 100644
>> --- a/net/tap-win32.c
>> +++ b/net/tap-win32.c
>> @@ -696,7 +696,7 @@ static void tap_win32_send(void *opaque)
>> if (size > 0) {
>> orig_buf = buf;
>> - if (!s->nc.peer->do_not_pad) {
>> + if (net_peer_needs_padding(&s->nc)) {
>> if (eth_pad_short_frame(min_pkt, &min_pktsz, buf, size)) {
>> buf = min_pkt;
>> size = min_pktsz;
>> diff --git a/net/tap.c b/net/tap.c
>> index 7d53cedaec..820872fde8 100644
>> --- a/net/tap.c
>> +++ b/net/tap.c
>> @@ -203,7 +203,7 @@ static void tap_send(void *opaque)
>> size -= s->host_vnet_hdr_len;
>> }
>> - if (!s->nc.peer->do_not_pad) {
>> + if (net_peer_needs_padding(&s->nc)) {
>> if (eth_pad_short_frame(min_pkt, &min_pktsz, buf, size)) {
>> buf = min_pkt;
>> size = min_pktsz;
>
>
> I assume that you had a test case which triggered that null pointer
> access?
Yes, it's simple to trigger by just adding a tap device and assign an IP
to that.
Thanks
> If yes, than this should indeed be applied before releasing 6.0.
>
> The modification is simple enough for a last minute change.
>
> Reviewed-by: Stefan Weil <sw@weilnetz.de>
>
>
>
>
^ permalink raw reply [flat|nested] 5+ messages in thread
* Re: [PATCH for 6.0] net: check the existence of peer before trying to pad
2021-04-23 3:18 [PATCH for 6.0] net: check the existence of peer before trying to pad Jason Wang
2021-04-23 3:24 ` Bin Meng
2021-04-23 5:42 ` Stefan Weil
@ 2021-04-23 13:07 ` Peter Maydell
2 siblings, 0 replies; 5+ messages in thread
From: Peter Maydell @ 2021-04-23 13:07 UTC (permalink / raw)
To: Jason Wang
Cc: Stefan Weil, QEMU Developers, Cole Robinson, Samuel Thibault,
Bin Meng, Philippe Mathieu-Daudé
On Fri, 23 Apr 2021 at 04:18, Jason Wang <jasowang@redhat.com> wrote:
>
> There could be case that peer is NULL. This can happen when during
> network device hot-add where net device needs to be added first. So
> the patch check the existence of peer before trying to do the pad.
>
> Fixes: 969e50b61a285 ("net: Pad short frames to minimum size before sending from SLiRP/TAP")
> Signed-off-by: Jason Wang <jasowang@redhat.com>
> ---
> include/net/net.h | 5 +++++
> net/slirp.c | 2 +-
> net/tap-win32.c | 2 +-
> net/tap.c | 2 +-
> 4 files changed, 8 insertions(+), 3 deletions(-)
Applied to master for 6.0 rc5; thanks.
-- PMM
^ permalink raw reply [flat|nested] 5+ messages in thread
end of thread, other threads:[~2021-04-23 13:09 UTC | newest]
Thread overview: 5+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2021-04-23 3:18 [PATCH for 6.0] net: check the existence of peer before trying to pad Jason Wang
2021-04-23 3:24 ` Bin Meng
2021-04-23 5:42 ` Stefan Weil
2021-04-23 6:02 ` Jason Wang
2021-04-23 13:07 ` Peter Maydell
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).