Re: [PATCH v5 0/3] net: tulip: add checks to avoid OOB access

[Jason Wang]

On 2020/3/23 上午11:43, Jason Wang wrote:
> On 2020/3/20 上午1:40, P J P wrote:
> > From: Prasad J Pandit <address@hidden>
> >
> > Hello,
> >
> > * This series adds checks to avoid potential OOB access and infinite 
> > loop
> >    issues while processing rx/tx data.
> >
> > * Tulip tx descriptors are capped at 128 to avoid infinite loop in
> >    tulip_xmit_list_update(), wrt Tulip kernel driver
> >    -> 
> > https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/tree/drivers/net/ethernet/dec/tulip/tulip.h#n319
> >
> > * Update v3: add .can_receive routine
> >    -> 
> > https://lists.gnu.org/archive/html/qemu-devel/2020-02/msg06275.html
> >
> > * Update v4: flush queued packets once they are received
> >    -> 
> > https://lists.gnu.org/archive/html/qemu-devel/2020-03/msg05868.html
> >
> > * Update v5: fixed a typo in patch commit message
> >    -> 
> > https://lists.gnu.org/archive/html/qemu-devel/2020-03/msg06209.html
> >
> > Thank you.
>
>
> Looks good to me.
>
> Qiang, any change to give a test with your reproducer?
>
> Thanks


Ok, I get this:

hw/net/tulip.c:305:20: error: initialization of ‘_Bool 
(*)(NetClientState *)’ {aka ‘_Bool (*)(struct NetClientState *)’} from 
incompatible pointer type ‘int (*)(NetClientState *)’ {aka ‘int 
(*)(struct NetClientState *)’} [-Werror=incompatible-pointer-types]
     .can_receive = tulip_can_receive,
                    ^~~~~~~~~~~~~~~~~

Prasad, please fix this and post a new version.

While at it, I prefer to squash patch 3 into patch 2 since patch 3 fixes 
the issue introduced by patch 2.

Thanks


> > --
> > Prasad J Pandit (3):
> >    net: tulip: check frame size and r/w data length
> >    net: tulip: add .can_receive routine
> >    net: tulip: flush queued packets post receive
> >
> >   hw/net/tulip.c | 51 +++++++++++++++++++++++++++++++++++++++++---------
> >   1 file changed, 42 insertions(+), 9 deletions(-)
> >
> > --
> > 2.25.1