From mboxrd@z Thu Jan 1 00:00:00 1970 Authentication-Results: passt.top; dmarc=none (p=none dis=none) header.from=gibson.dropbear.id.au Authentication-Results: passt.top; dkim=pass (2048-bit key; secure) header.d=gibson.dropbear.id.au header.i=@gibson.dropbear.id.au header.a=rsa-sha256 header.s=202502 header.b=GZqeIWrM; dkim-atps=neutral Received: from mail.ozlabs.org (mail.ozlabs.org [IPv6:2404:9400:2221:ea00::3]) by passt.top (Postfix) with ESMTPS id AA5FC5A0275 for ; Thu, 13 Mar 2025 06:40:56 +0100 (CET) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gibson.dropbear.id.au; s=202502; t=1741844452; bh=qUrA+8L9w5DdKMdB+sQRqx5Z6lEYMQ80Ej4R6Dgk7MU=; h=From:To:Cc:Subject:Date:In-Reply-To:References:From; b=GZqeIWrMm/pAmfVZpVmlxs+AyC95D9NR9JQmwmGkL+WUNG68xh9FhRh5kGZGyhnDo z92OhFKb3GBcvDbZ6LoVDzCkZpg6gxmWoWubwPj4TL+oVKPSd4rrOsPP5Ge5Zw6yet 9/4VzpdaHTrqiPQuqNCgcbj0ZzwEoI0VlFSXIDVTfdCmnpDZnLdVvQ0Nx6WU5RomRH xAY9yaFti5PpYNFlBSEBtTHqgHO0XQ7Z1j413HOTZ9LxYnpllqPUhkeeQH+TPaN1tE ePKz//OZTaXjG1VdZge3k08iLwO5xFhYDp6+9oEzcebhZkDJaJSTfwgywzmpZTA1Vu eqd6HSJ7b2WxA== Received: by gandalf.ozlabs.org (Postfix, from userid 1007) id 4ZCxDh4QJnz4wj2; Thu, 13 Mar 2025 16:40:52 +1100 (AEDT) From: David Gibson To: passt-dev@passt.top, Stefano Brivio Subject: [PATCH 1/4] vu_common: Tighten vu_packet_check_range() Date: Thu, 13 Mar 2025 16:40:47 +1100 Message-ID: <20250313054050.642978-2-david@gibson.dropbear.id.au> X-Mailer: git-send-email 2.48.1 In-Reply-To: <20250313054050.642978-1-david@gibson.dropbear.id.au> References: <20250313054050.642978-1-david@gibson.dropbear.id.au> MIME-Version: 1.0 Content-Transfer-Encoding: 8bit Message-ID-Hash: RUYD5ZCVXYA5R57JFTWBRL4MM4TWNEYY X-Message-ID-Hash: RUYD5ZCVXYA5R57JFTWBRL4MM4TWNEYY X-MailFrom: dgibson@gandalf.ozlabs.org X-Mailman-Rule-Misses: dmarc-mitigation; no-senders; approved; emergency; loop; banned-address; member-moderation; nonmember-moderation; administrivia; implicit-dest; max-recipients; max-size; news-moderation; no-subject; digests; suspicious-header CC: David Gibson X-Mailman-Version: 3.3.8 Precedence: list List-Id: Development discussion and patches for passt Archived-At: Archived-At: List-Archive: List-Archive: List-Help: List-Owner: List-Post: List-Subscribe: List-Unsubscribe: This function verifies that the given packet is within the mmap()ed memory region of the vhost-user device. We can do better, however. The packet should be not only within the mmap()ed range, but specifically in the subsection of that range set aside for shared buffers, which starts at dev_region->mmap_offset within there. Signed-off-by: David Gibson --- vu_common.c | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/vu_common.c b/vu_common.c index 686a09b2..9eea4f2f 100644 --- a/vu_common.c +++ b/vu_common.c @@ -37,10 +37,10 @@ int vu_packet_check_range(void *buf, const char *ptr, size_t len) for (dev_region = buf; dev_region->mmap_addr; dev_region++) { /* NOLINTNEXTLINE(performance-no-int-to-ptr) */ - char *m = (char *)(uintptr_t)dev_region->mmap_addr; + char *m = (char *)(uintptr_t)dev_region->mmap_addr + + dev_region->mmap_offset; - if (m <= ptr && - ptr + len <= m + dev_region->mmap_offset + dev_region->size) + if (m <= ptr && ptr + len <= m + dev_region->size) return 0; } -- 2.48.1