public inbox for passt-dev@passt.top
 help / color / mirror / code / Atom feed
From: David Gibson <david@gibson.dropbear.id.au>
To: Stefano Brivio <sbrivio@redhat.com>, passt-dev@passt.top
Cc: David Gibson <david@gibson.dropbear.id.au>
Subject: [PATCH 2/2] tcp: Avoid overlapping memcpy() in DUP_ACK handling
Date: Thu, 12 Sep 2024 16:59:40 +1000	[thread overview]
Message-ID: <20240912065940.1738239-3-david@gibson.dropbear.id.au> (raw)
In-Reply-To: <20240912065940.1738239-1-david@gibson.dropbear.id.au>

When handling the DUP_ACK flag, we copy all the buffers making up the ack
frame.  However, all our frames share the same buffer for the Ethernet
header (tcp4_eth_src or tcp6_eth_src), so copying the TCP_IOV_ETH will
result in a (perfectly) overlapping memcpy().  This seems to have been
harmless so far, but overlapping ranges to memcpy() is undefined behaviour,
so we really should avoid it.

Signed-off-by: David Gibson <david@gibson.dropbear.id.au>
---
 tcp_buf.c | 10 +++++++---
 1 file changed, 7 insertions(+), 3 deletions(-)

diff --git a/tcp_buf.c b/tcp_buf.c
index 2e044b27..1a398461 100644
--- a/tcp_buf.c
+++ b/tcp_buf.c
@@ -332,9 +332,13 @@ int tcp_buf_send_flag(struct ctx *c, struct tcp_tap_conn *conn, int flags)
 		else
 			dup_iov = tcp6_l2_flags_iov[tcp6_flags_used++];
 
-		for (i = 0; i < TCP_NUM_IOVS; i++)
-			memcpy(dup_iov[i].iov_base, iov[i].iov_base,
-			       iov[i].iov_len);
+		for (i = 0; i < TCP_NUM_IOVS; i++) {
+			/* All frames share the same ethernet header buffer */
+			if (i != TCP_IOV_ETH) {
+				memcpy(dup_iov[i].iov_base, iov[i].iov_base,
+				       iov[i].iov_len);
+			}
+		}
 		dup_iov[TCP_IOV_PAYLOAD].iov_len = iov[TCP_IOV_PAYLOAD].iov_len;
 	}
 
-- 
@@ -332,9 +332,13 @@ int tcp_buf_send_flag(struct ctx *c, struct tcp_tap_conn *conn, int flags)
 		else
 			dup_iov = tcp6_l2_flags_iov[tcp6_flags_used++];
 
-		for (i = 0; i < TCP_NUM_IOVS; i++)
-			memcpy(dup_iov[i].iov_base, iov[i].iov_base,
-			       iov[i].iov_len);
+		for (i = 0; i < TCP_NUM_IOVS; i++) {
+			/* All frames share the same ethernet header buffer */
+			if (i != TCP_IOV_ETH) {
+				memcpy(dup_iov[i].iov_base, iov[i].iov_base,
+				       iov[i].iov_len);
+			}
+		}
 		dup_iov[TCP_IOV_PAYLOAD].iov_len = iov[TCP_IOV_PAYLOAD].iov_len;
 	}
 
-- 
2.46.0


  parent reply	other threads:[~2024-09-12  6:59 UTC|newest]

Thread overview: 4+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2024-09-12  6:59 [PATCH 0/2] Avoid overlapping mempcy() in DUP_ACK handling David Gibson
2024-09-12  6:59 ` [PATCH 1/2] tcp: Remove redundant initialisation of iov[TCP_IOV_ETH].iov_base David Gibson
2024-09-12  6:59 ` David Gibson [this message]
2024-09-12  7:54 ` [PATCH 0/2] Avoid overlapping mempcy() in DUP_ACK handling Stefano Brivio

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=20240912065940.1738239-3-david@gibson.dropbear.id.au \
    --to=david@gibson.dropbear.id.au \
    --cc=passt-dev@passt.top \
    --cc=sbrivio@redhat.com \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line before the message body.
Code repositories for project(s) associated with this public inbox

	https://passt.top/passt

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for IMAP folder(s).