Re: [RFC PATCH-for-5.2 1/2] net: Do not accept packets bigger then NET

qemu-devel

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [RFC PATCH-for-5.2 1/2] net: Do not accept packets bigger then NET_B

From:	Jason Wang
Subject:	Re: [RFC PATCH-for-5.2 1/2] net: Do not accept packets bigger then NET_BUFSIZE
Date:	Mon, 30 Nov 2020 10:36:18 +0800
User-agent:	Mozilla/5.0 (X11; Linux x86_64; rv:68.0) Gecko/20100101 Thunderbird/68.10.0


On 2020/11/27 下午11:45, Philippe Mathieu-Daudé wrote:

Do not allow qemu_send_packet*() and qemu_net_queue_send()
functions to accept packets bigger then NET_BUFSIZE.

Signed-off-by: Philippe Mathieu-Daudé <philmd@redhat.com>
---
We have to put a limit somewhere. NET_BUFSIZE is defined as:

  /* Maximum GSO packet size (64k) plus plenty of room for
   * the ethernet and virtio_net headers
   */
  #define NET_BUFSIZE (4096 + 65536)

If we do want to accept bigger packets (i.e. multiple GSO packets
in a IOV), we could use INT32_MAX as limit...



This looks like a complaint for:

commit 25c01bd19d0e4b66f357618aeefda1ef7a41e21a
Author: Jason Wang <jasowang@redhat.com>
Date:   Tue Dec 4 11:53:43 2018 +0800

    net: drop too large packet early

which only fixes the iov version of the function.

If you don't see any real bug, I suggest to merge the fix in next release.

Thanks

---
  net/net.c   | 4 ++++
  net/queue.c | 4 ++++
  2 files changed, 8 insertions(+)

diff --git a/net/net.c b/net/net.c
index 6a2c3d95670..f29bfac2b11 100644
--- a/net/net.c
+++ b/net/net.c
@@ -644,6 +644,10 @@ static ssize_t 
qemu_send_packet_async_with_flags(NetClientState *sender,
      qemu_hexdump(stdout, "net", buf, size);
  #endif

+ if (size > NET_BUFSIZE) {

+        return -1;
+    }
+
      if (sender->link_down || !sender->peer) {
          return size;
      }
diff --git a/net/queue.c b/net/queue.c
index 19e32c80fda..221a1c87961 100644
--- a/net/queue.c
+++ b/net/queue.c
@@ -191,6 +191,10 @@ ssize_t qemu_net_queue_send(NetQueue *queue,
  {
      ssize_t ret;

+ if (size > NET_BUFSIZE) {

+        return -1;
+    }
+
      if (queue->delivering || !qemu_can_send_packet(sender)) {
          qemu_net_queue_append(queue, sender, flags, data, size, sent_cb);
          return 0;

[Prev in Thread]

Current Thread

[Next in Thread]

[RFC PATCH-for-5.2 0/2] net: Do not accept packets with invalid huge size, Philippe Mathieu-Daudé, 2020/11/27
- [RFC PATCH-for-5.2 1/2] net: Do not accept packets bigger then NET_BUFSIZE, Philippe Mathieu-Daudé, 2020/11/27
  - Re: [RFC PATCH-for-5.2 1/2] net: Do not accept packets bigger then NET_BUFSIZE, Jason Wang <=
    - Re: [RFC PATCH-for-5.2 1/2] net: Do not accept packets bigger then NET_BUFSIZE, Mauro Matteo Cascella, 2020/11/30
    - Re: [RFC PATCH-for-5.2 1/2] net: Do not accept packets bigger then NET_BUFSIZE, Philippe Mathieu-Daudé, 2020/11/30
- [RFC PATCH-for-5.2 2/2] net: Assert no packet bigger than NET_BUFSIZE is queued, Philippe Mathieu-Daudé, 2020/11/27
  - Re: [RFC PATCH-for-5.2 2/2] net: Assert no packet bigger than NET_BUFSIZE is queued, Jason Wang, 2020/11/29
- Re: [RFC PATCH-for-5.2 0/2] net: Do not accept packets with invalid huge size, Philippe Mathieu-Daudé, 2020/11/27
- Re: [RFC PATCH-for-5.2 0/2] net: Do not accept packets with invalid huge size, Peter Maydell, 2020/11/28
  - Re: [RFC PATCH-for-5.2 0/2] net: Do not accept packets with invalid huge size, Philippe Mathieu-Daudé, 2020/11/30

Prev by Date: [RFC v7 21/22] cpu-exec: refactor realizefn for all targets
Next by Date: Re: [PATCH 8/8] hw/arm/virt: Disable highmem when on hypervisor.framework
Previous by thread: [RFC PATCH-for-5.2 1/2] net: Do not accept packets bigger then NET_BUFSIZE
Next by thread: Re: [RFC PATCH-for-5.2 1/2] net: Do not accept packets bigger then NET_BUFSIZE
Index(es):
- Date
- Thread