From mboxrd@z Thu Jan 1 00:00:00 1970 Received: from us-smtp-delivery-124.mimecast.com (us-smtp-delivery-124.mimecast.com [170.10.129.124]) by passt.top (Postfix) with ESMTP id 8EDE15A0271 for ; Wed, 9 Aug 2023 17:44:29 +0200 (CEST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=redhat.com; s=mimecast20190719; t=1691595868; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=H7LbPxg1SDPLIKyY06q9+o7lDIgAkllKYH8xF0cGpuU=; b=dwvlNgGV3AF102TcbKkvF1thHwGHsNUON3uqiR1lMx/8SQkPOjCDmGhVSgxqhRKg+boGlL w8joE3xIMYvcafP73iUpsdboaV9xGLm4V+mXow7QQn5/3bk3HrIyTlUz/rq01g1nmEtx74 LTeYe1qz3NF1UBe7W4Lzq8hvKcXfIfo= Received: from mail-qk1-f200.google.com (mail-qk1-f200.google.com [209.85.222.200]) by relay.mimecast.com with ESMTP with STARTTLS (version=TLSv1.3, cipher=TLS_AES_256_GCM_SHA384) id us-mta-513-Uv3BkwbwPXOfQZ_urG8S5Q-1; Wed, 09 Aug 2023 11:44:27 -0400 X-MC-Unique: Uv3BkwbwPXOfQZ_urG8S5Q-1 Received: by mail-qk1-f200.google.com with SMTP id af79cd13be357-76c562323fbso2050785a.0 for ; Wed, 09 Aug 2023 08:44:27 -0700 (PDT) X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20221208; t=1691595866; x=1692200666; h=content-transfer-encoding:in-reply-to:from:references:to :content-language:subject:user-agent:mime-version:date:message-id :x-gm-message-state:from:to:cc:subject:date:message-id:reply-to; bh=H7LbPxg1SDPLIKyY06q9+o7lDIgAkllKYH8xF0cGpuU=; b=BSxjfXieG+WEzOADyPAkHSxq6orpYwNg2cQD7mxQbLYYXc0DpUocqzsuqKkOmI0XwR HHaHZsfKJZ5wKkmhusfipUsXyRIHFC1J5X6aeenFadLaHNfC14HBcJPS3MvH88gzvDnV FAC52Tq8WLrnCrYXOa1IB+yyyXV2qaVnTh9l3FjmotOuTpKbnUjr+CPM7/Jdl6Ck08vE 6UVuPd90yPGFipnu8Gu047KGHFbmCR3Jkuo28wL/s0qIzN6OaV5SSxyfA5ETq42+ZoCA 6XxwG6twZczMsATiZExsm6d8xCY8rXDbdc8WgF5gdqCAeZka5WnXAZFTLS1sc4AQy9mT Z67g== X-Gm-Message-State: AOJu0YzbKsxBmYFJZfIXZWUq90x9b1C3ugBmbg7eTtl4PeN7xytxMFg/ sNrxFK7TQnv2IqlXHzWZQybCFpCZzPgQSI68Hiqjvt4dkQp4h7wu61YxZOI9wAIDX40g1DrL6+j uxVQb/i3szWM78Z2FX+iITD2M4SBFBaCBqUBGdVo+X2E57SPFkAbWy0Ix28vRoDsKRtZOIMM= X-Received: by 2002:a05:620a:b81:b0:76c:b53b:8702 with SMTP id k1-20020a05620a0b8100b0076cb53b8702mr3065232qkh.26.1691595866326; Wed, 09 Aug 2023 08:44:26 -0700 (PDT) X-Google-Smtp-Source: AGHT+IGnTV2K5qdrlL8cPb0eFqWpUFV7IA9nt1KzG/zBWdZzq1+ck1rl0QnUwgiQpk7aWaojwe3m/A== X-Received: by 2002:a05:620a:b81:b0:76c:b53b:8702 with SMTP id k1-20020a05620a0b8100b0076cb53b8702mr3065221qkh.26.1691595866014; Wed, 09 Aug 2023 08:44:26 -0700 (PDT) Received: from [192.168.100.28] ([82.142.8.70]) by smtp.gmail.com with ESMTPSA id p12-20020a05620a112c00b00767291640e8sm4062332qkk.90.2023.08.09.08.44.24 for (version=TLS1_3 cipher=TLS_AES_128_GCM_SHA256 bits=128/128); Wed, 09 Aug 2023 08:44:25 -0700 (PDT) Message-ID: <4864b329-2f2b-33e1-0c6b-bbd2bce4f99a@redhat.com> Date: Wed, 9 Aug 2023 17:44:23 +0200 MIME-Version: 1.0 User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:102.0) Gecko/20100101 Thunderbird/102.13.0 Subject: Re: [PATCH] tap: fix seq->p.count limit To: passt-dev@passt.top References: <20230809092342.2299907-1-lvivier@redhat.com> From: Laurent Vivier In-Reply-To: <20230809092342.2299907-1-lvivier@redhat.com> X-Mimecast-Spam-Score: 0 X-Mimecast-Originator: redhat.com Content-Language: en-US Content-Type: text/plain; charset=UTF-8; format=flowed Content-Transfer-Encoding: 7bit Message-ID-Hash: BT67UD3MEFVWLCV76DBRNVWZM3ES4GVG X-Message-ID-Hash: BT67UD3MEFVWLCV76DBRNVWZM3ES4GVG X-MailFrom: lvivier@redhat.com X-Mailman-Rule-Misses: dmarc-mitigation; no-senders; approved; emergency; loop; banned-address; member-moderation; nonmember-moderation; administrivia; implicit-dest; max-recipients; max-size; news-moderation; no-subject; digests; suspicious-header X-Mailman-Version: 3.3.8 Precedence: list List-Id: Development discussion and patches for passt Archived-At: Archived-At: List-Archive: List-Archive: List-Help: List-Owner: List-Post: List-Subscribe: List-Unsubscribe: On 8/9/23 11:23, Laurent Vivier wrote: > The number of items in pool_l4_t is defined to UIO_MAXIOV, > not TAP_SEQS. TAP_SEQS is the number of the messages. > > Fix the value used to compare seq->p.count with. > > Fix: bb708111833e ("treewide: Packet abstraction with mandatory boundary checks") In fact, it actually fixes: Fix: 37c228ada88b ("tap, tcp, udp, icmp: Cut down on some oversized buffers") that replaces UIO_MAXIOV by TAP_SEQS in the array declaration and didn't correclty update the code. Thanks, Laurent > Signed-off-by: Laurent Vivier > --- > tap.c | 8 ++++---- > 1 file changed, 4 insertions(+), 4 deletions(-) > > diff --git a/tap.c b/tap.c > index e034f9468267..69bd19a2a91a 100644 > --- a/tap.c > +++ b/tap.c > @@ -678,7 +678,7 @@ resume: > seq->daddr.s_addr = iph->daddr; \ > } while (0) > > - if (seq && L4_MATCH(iph, uh, seq) && seq->p.count < TAP_SEQS) > + if (seq && L4_MATCH(iph, uh, seq) && seq->p.count < UIO_MAXIOV) > goto append; > > if (seq_count == TAP_SEQS) > @@ -686,7 +686,7 @@ resume: > > for (seq = tap4_l4 + seq_count - 1; seq >= tap4_l4; seq--) { > if (L4_MATCH(iph, uh, seq)) { > - if (seq->p.count >= TAP_SEQS) > + if (seq->p.count >= UIO_MAXIOV) > seq = NULL; > break; > } > @@ -840,7 +840,7 @@ resume: > } while (0) > > if (seq && L4_MATCH(ip6h, proto, uh, seq) && > - seq->p.count < TAP_SEQS) > + seq->p.count < UIO_MAXIOV) > goto append; > > if (seq_count == TAP_SEQS) > @@ -848,7 +848,7 @@ resume: > > for (seq = tap6_l4 + seq_count - 1; seq >= tap6_l4; seq--) { > if (L4_MATCH(ip6h, proto, uh, seq)) { > - if (seq->p.count >= TAP_SEQS) > + if (seq->p.count >= UIO_MAXIOV) > seq = NULL; > break; > }