[PATCH 0/2] Avoid overlapping mempcy() in DUP_ACK handling - dev - passt

newer
[PATCH v4 0/4] Add vhost-user...

[PATCH 0/2] Avoid overlapping mempcy() in DUP_ACK handling

older
Re: Porting to macOS

David Gibson

12 Sep 2024 12 Sep '24

8:59 a.m.

Spotted this so-far harmless, but technically undefined behaviour while looking at other things. Fixed one other nit at the same time. David Gibson (2): tcp: Remove redundant initialisation of iov[TCP_IOV_ETH].iov_base tcp: Avoid overlapping memcpy() in DUP_ACK handling tcp_buf.c | 11 +++++++---- 1 file changed, 7 insertions(+), 4 deletions(-) -- 2.46.0

Reply

Sign in to reply online Use email software

Show replies by date

David Gibson

12 Sep 12 Sep

8:59 a.m.

New subject: [PATCH 1/2] tcp: Remove redundant initialisation of iov[TCP_IOV_ETH].iov_base

This initialisation for IPv4 flags buffers is redundant with the very next line which sets both iov_base and iov_len. Signed-off-by: David Gibson --- tcp_buf.c | 1 - 1 file changed, 1 deletion(-) diff --git a/tcp_buf.c b/tcp_buf.c index c31e9f31..2e044b27 100644 --- a/tcp_buf.c +++ b/tcp_buf.c @@ -168,7 +168,6 @@ void tcp_sock4_iov_init(const struct ctx *c) iov = tcp4_l2_flags_iov[i]; iov[TCP_IOV_TAP] = tap_hdr_iov(c, &tcp4_flags_tap_hdr[i]); - iov[TCP_IOV_ETH].iov_base = &tcp4_eth_src; iov[TCP_IOV_ETH] = IOV_OF_LVALUE(tcp4_eth_src); iov[TCP_IOV_IP] = IOV_OF_LVALUE(tcp4_flags_ip[i]); iov[TCP_IOV_PAYLOAD].iov_base = &tcp4_flags[i]; -- 2.46.0

Reply

Sign in to reply online Use email software

David Gibson

8:59 a.m.

New subject: [PATCH 2/2] tcp: Avoid overlapping memcpy() in DUP_ACK handling

When handling the DUP_ACK flag, we copy all the buffers making up the ack frame. However, all our frames share the same buffer for the Ethernet header (tcp4_eth_src or tcp6_eth_src), so copying the TCP_IOV_ETH will result in a (perfectly) overlapping memcpy(). This seems to have been harmless so far, but overlapping ranges to memcpy() is undefined behaviour, so we really should avoid it. Signed-off-by: David Gibson --- tcp_buf.c | 10 +++++++--- 1 file changed, 7 insertions(+), 3 deletions(-) diff --git a/tcp_buf.c b/tcp_buf.c index 2e044b27..1a398461 100644 --- a/tcp_buf.c +++ b/tcp_buf.c @@ -332,9 +332,13 @@ int tcp_buf_send_flag(struct ctx *c, struct tcp_tap_conn *conn, int flags) else dup_iov = tcp6_l2_flags_iov[tcp6_flags_used++]; - for (i = 0; i < TCP_NUM_IOVS; i++) - memcpy(dup_iov[i].iov_base, iov[i].iov_base, - iov[i].iov_len); + for (i = 0; i < TCP_NUM_IOVS; i++) { + /* All frames share the same ethernet header buffer */ + if (i != TCP_IOV_ETH) { + memcpy(dup_iov[i].iov_base, iov[i].iov_base, + iov[i].iov_len); + } + } dup_iov[TCP_IOV_PAYLOAD].iov_len = iov[TCP_IOV_PAYLOAD].iov_len; } -- 2.46.0

Reply

Sign in to reply online Use email software

Stefano Brivio

9:54 a.m.

On Thu, 12 Sep 2024 16:59:38 +1000 David Gibson wrote:

Spotted this so-far harmless, but technically undefined behaviour while looking at other things. Fixed one other nit at the same time.

David Gibson (2): tcp: Remove redundant initialisation of iov[TCP_IOV_ETH].iov_base tcp: Avoid overlapping memcpy() in DUP_ACK handling

tcp_buf.c | 11 +++++++---- 1 file changed, 7 insertions(+), 4 deletions(-)

Applied. -- Stefano

Reply

Sign in to reply online Use email software

259

Age (days ago)

259

Last active (days ago)

Download

3 comments

2 participants

tags

participants (2)

David Gibson
Stefano Brivio