[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[RFC PATCH-for-5.2 1/2] net: Do not accept packets bigger then NET_BUFSI
From: |
Philippe Mathieu-Daudé |
Subject: |
[RFC PATCH-for-5.2 1/2] net: Do not accept packets bigger then NET_BUFSIZE |
Date: |
Fri, 27 Nov 2020 16:45:23 +0100 |
Do not allow qemu_send_packet*() and qemu_net_queue_send()
functions to accept packets bigger then NET_BUFSIZE.
Signed-off-by: Philippe Mathieu-Daudé <philmd@redhat.com>
---
We have to put a limit somewhere. NET_BUFSIZE is defined as:
/* Maximum GSO packet size (64k) plus plenty of room for
* the ethernet and virtio_net headers
*/
#define NET_BUFSIZE (4096 + 65536)
If we do want to accept bigger packets (i.e. multiple GSO packets
in a IOV), we could use INT32_MAX as limit...
---
net/net.c | 4 ++++
net/queue.c | 4 ++++
2 files changed, 8 insertions(+)
diff --git a/net/net.c b/net/net.c
index 6a2c3d95670..f29bfac2b11 100644
--- a/net/net.c
+++ b/net/net.c
@@ -644,6 +644,10 @@ static ssize_t
qemu_send_packet_async_with_flags(NetClientState *sender,
qemu_hexdump(stdout, "net", buf, size);
#endif
+ if (size > NET_BUFSIZE) {
+ return -1;
+ }
+
if (sender->link_down || !sender->peer) {
return size;
}
diff --git a/net/queue.c b/net/queue.c
index 19e32c80fda..221a1c87961 100644
--- a/net/queue.c
+++ b/net/queue.c
@@ -191,6 +191,10 @@ ssize_t qemu_net_queue_send(NetQueue *queue,
{
ssize_t ret;
+ if (size > NET_BUFSIZE) {
+ return -1;
+ }
+
if (queue->delivering || !qemu_can_send_packet(sender)) {
qemu_net_queue_append(queue, sender, flags, data, size, sent_cb);
return 0;
--
2.26.2