From mboxrd@z Thu Jan 1 00:00:00 1970 Authentication-Results: passt.top; dmarc=none (p=none dis=none) header.from=gibson.dropbear.id.au Authentication-Results: passt.top; dkim=pass (2048-bit key; secure) header.d=gibson.dropbear.id.au header.i=@gibson.dropbear.id.au header.a=rsa-sha256 header.s=202502 header.b=FiUVSNRb; dkim-atps=neutral Received: from mail.ozlabs.org (mail.ozlabs.org [IPv6:2404:9400:2221:ea00::3]) by passt.top (Postfix) with ESMTPS id A9D2F5A077D for ; Mon, 17 Mar 2025 11:02:28 +0100 (CET) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gibson.dropbear.id.au; s=202502; t=1742205731; bh=p21fP33fA6A9cdWnAQNcyWsTdDew87TG5KakxImkiRs=; h=From:To:Cc:Subject:Date:From; b=FiUVSNRbeQ+zOfA9EFfoIZNkC0vYuAgK2+Gjmeiwin6pPwO1gdInS6sHnnPVWIoIM nBtd9Y82OUcBiSJ1l6k6HmTmZusQeUfAJG5d7x2v5UPqf4uoRsIgdKazAiAY5FA6LM w90TF0WrWvGi/otPcECfKuCJE7kFIf/c0hSxWZacFVfY8ttZOQo6FKk/1606BRD3k7 HNeHlRESk1cOfZX5EtXuPcgCO4nAAWxmwUhhnM8q5k/1kut9sUOzG/njM5xox5i5wr n+fL+YOE+NW+LRW9sSrvMSi0V+XKDGHmarZpI2IEkDsRvfKtoSlrmSh78MYFblabQJ fb3eB08YKdrlg== Received: by gandalf.ozlabs.org (Postfix, from userid 1007) id 4ZGVrM5kgLz4x8R; Mon, 17 Mar 2025 21:02:11 +1100 (AEDT) From: David Gibson To: passt-dev@passt.top, Stefano Brivio Subject: [PATCH v2 00/11] Improve robustness of calculations related to frame size limits Date: Mon, 17 Mar 2025 20:24:13 +1100 Message-ID: <20250317092424.1461719-1-david@gibson.dropbear.id.au> X-Mailer: git-send-email 2.48.1 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 8bit Message-ID-Hash: E64ZVTQJ4FDQFLAZLKTOC5RK2XNK55YO X-Message-ID-Hash: E64ZVTQJ4FDQFLAZLKTOC5RK2XNK55YO X-MailFrom: dgibson@gandalf.ozlabs.org X-Mailman-Rule-Misses: dmarc-mitigation; no-senders; approved; emergency; loop; banned-address; member-moderation; nonmember-moderation; administrivia; implicit-dest; max-recipients; max-size; news-moderation; no-subject; digests; suspicious-header CC: David Gibson X-Mailman-Version: 3.3.8 Precedence: list List-Id: Development discussion and patches for passt Archived-At: Archived-At: List-Archive: List-Archive: List-Help: List-Owner: List-Post: List-Subscribe: List-Unsubscribe: There are a number of places where we make calculations and checks around how large frames can be and where they sit in memory. Several of these are roughly correct, but can be wrong in certain edge cases. Improve robustness by clarifying what we're doing and being more careful about the edge cases. v2: * Added additional patches 5..11 * Patches 1..4 rebased but unchanged David Gibson (11): vu_common: Tighten vu_packet_check_range() packet: More cautious checks to avoid pointer arithmetic UB tap: Make size of pool_tap[46] purely a tuning parameter tap: Clarify calculation of TAP_MSGS packet: Correct type of PACKET_MAX_LEN packet: Avoid integer overflows in packet_get_do() packet: Move checks against PACKET_MAX_LEN to packet_check_range() packet: Rework packet_get() versus packet_get_try() util: Add abort_with_msg() and ASSERT_WITH_MSG() helpers packet: ASSERT on signs of pool corruption packet: Upgrade severity of most packet errors packet.c | 110 ++++++++++++++++++++++++++++++++++------------------ packet.h | 13 +++++-- passt.h | 2 - tap.c | 43 ++++++++++++++++---- tap.h | 3 +- util.c | 19 +++++++++ util.h | 25 +++++------- vu_common.c | 15 ++++--- 8 files changed, 158 insertions(+), 72 deletions(-) -- 2.48.1