From mboxrd@z Thu Jan  1 00:00:00 1970
Authentication-Results: passt.top; dmarc=none (p=none dis=none) header.from=gibson.dropbear.id.au
Authentication-Results: passt.top;
	dkim=pass (2048-bit key; secure) header.d=gibson.dropbear.id.au header.i=@gibson.dropbear.id.au header.a=rsa-sha256 header.s=202502 header.b=h6FOeHYy;
	dkim-atps=neutral
Received: from mail.ozlabs.org (gandalf.ozlabs.org [150.107.74.76])
	by passt.top (Postfix) with ESMTPS id 0D9855A0276
	for <passt-dev@passt.top>; Thu, 13 Mar 2025 06:40:57 +0100 (CET)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
	d=gibson.dropbear.id.au; s=202502; t=1741844452;
	bh=1jaflM7z4OoBgctUJZLQpWjABW6zU58xIKMrH6+RCp8=;
	h=From:To:Cc:Subject:Date:From;
	b=h6FOeHYyT+xVlbMMF9Kti1kd9AzaFjcnzf8VGoA4wEWnbD1F9R4bwzHvU44oM6PE6
	 qEFy5vTTyIjubRKEmanl1ysp/Fvo/H+5IrdZ68uiC5Hj3cpO3PXHtpzOj8xIq+iC0S
	 uor5n5dbZ724qIvF7R1kzmSD6ExidkEXJhW9vYPCGyNOhnqlhLtIZufbrp0maRyWI4
	 UJx6U/5aXqppvcij+2BqFmgCrDClrM2nuBt7KsaR5fQ0XI0OK1X/peBNNemBlcc48d
	 sARNgd8blIsS8bYeucHpnkF2LINtSeZYjEZMOo0TJsc+E1zI2F6Rt7SPOMH3f+sqi0
	 6cCs0PdY8JNKw==
Received: by gandalf.ozlabs.org (Postfix, from userid 1007)
	id 4ZCxDh4LDqz4x3q; Thu, 13 Mar 2025 16:40:52 +1100 (AEDT)
From: David Gibson <david@gibson.dropbear.id.au>
To: passt-dev@passt.top,
	Stefano Brivio <sbrivio@redhat.com>
Subject: [PATCH 0/4] Improve robustness of calculations related to frame size limits
Date: Thu, 13 Mar 2025 16:40:46 +1100
Message-ID: <20250313054050.642978-1-david@gibson.dropbear.id.au>
X-Mailer: git-send-email 2.48.1
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: 8bit
Message-ID-Hash: 3PVRZMN355WPUMU7DT44GD6FH4L6IDHJ
X-Message-ID-Hash: 3PVRZMN355WPUMU7DT44GD6FH4L6IDHJ
X-MailFrom: dgibson@gandalf.ozlabs.org
X-Mailman-Rule-Misses: dmarc-mitigation; no-senders; approved; emergency; loop; banned-address; member-moderation; nonmember-moderation; administrivia; implicit-dest; max-recipients; max-size; news-moderation; no-subject; digests; suspicious-header
CC: David Gibson <david@gibson.dropbear.id.au>
X-Mailman-Version: 3.3.8
Precedence: list
List-Id: Development discussion and patches for passt <passt-dev.passt.top>
Archived-At: <https://archives.passt.top/passt-dev/20250313054050.642978-1-david@gibson.dropbear.id.au/>
Archived-At: <https://passt.top/hyperkitty/list/passt-dev@passt.top/message/3PVRZMN355WPUMU7DT44GD6FH4L6IDHJ/>
List-Archive: <https://archives.passt.top/passt-dev/>
List-Archive: <https://passt.top/hyperkitty/list/passt-dev@passt.top/>
List-Help: <mailto:passt-dev-request@passt.top?subject=help>
List-Owner: <mailto:passt-dev-owner@passt.top>
List-Post: <mailto:passt-dev@passt.top>
List-Subscribe: <mailto:passt-dev-join@passt.top>
List-Unsubscribe: <mailto:passt-dev-leave@passt.top>

There are a number of places where we make calculations and checks
around how large frames can be and where they sit in memory.  Several
of these are roughly correct, but can be wrong in certain edge cases.
Improve robustness by clarifying what we're doing and being more
careful about the edge cases.

David Gibson (4):
  vu_common: Tighten vu_packet_check_range()
  packet: More cautious checks to avoid pointer arithmetic UB
  tap: Make size of pool_tap[46] purely a tuning parameter
  tap: Clarify calculation of TAP_MSGS

 packet.c    | 25 +++++++++++++++++++++----
 packet.h    |  3 +++
 passt.h     |  2 --
 tap.c       | 43 ++++++++++++++++++++++++++++++++++++-------
 tap.h       |  3 ++-
 vu_common.c | 15 ++++++++++-----
 6 files changed, 72 insertions(+), 19 deletions(-)

-- 
2.48.1