|
From: | Jason Wang |
Subject: | Re: [RFC PATCH-for-5.2 1/2] net: Do not accept packets bigger then NET_BUFSIZE |
Date: | Mon, 30 Nov 2020 10:36:18 +0800 |
User-agent: | Mozilla/5.0 (X11; Linux x86_64; rv:68.0) Gecko/20100101 Thunderbird/68.10.0 |
On 2020/11/27 下午11:45, Philippe Mathieu-Daudé wrote:
Do not allow qemu_send_packet*() and qemu_net_queue_send() functions to accept packets bigger then NET_BUFSIZE. Signed-off-by: Philippe Mathieu-Daudé <philmd@redhat.com> --- We have to put a limit somewhere. NET_BUFSIZE is defined as: /* Maximum GSO packet size (64k) plus plenty of room for * the ethernet and virtio_net headers */ #define NET_BUFSIZE (4096 + 65536) If we do want to accept bigger packets (i.e. multiple GSO packets in a IOV), we could use INT32_MAX as limit...
This looks like a complaint for: commit 25c01bd19d0e4b66f357618aeefda1ef7a41e21a Author: Jason Wang <jasowang@redhat.com> Date: Tue Dec 4 11:53:43 2018 +0800 net: drop too large packet early which only fixes the iov version of the function. If you don't see any real bug, I suggest to merge the fix in next release. Thanks
--- net/net.c | 4 ++++ net/queue.c | 4 ++++ 2 files changed, 8 insertions(+) diff --git a/net/net.c b/net/net.c index 6a2c3d95670..f29bfac2b11 100644 --- a/net/net.c +++ b/net/net.c @@ -644,6 +644,10 @@ static ssize_t qemu_send_packet_async_with_flags(NetClientState *sender, qemu_hexdump(stdout, "net", buf, size); #endif+ if (size > NET_BUFSIZE) {+ return -1; + } + if (sender->link_down || !sender->peer) { return size; } diff --git a/net/queue.c b/net/queue.c index 19e32c80fda..221a1c87961 100644 --- a/net/queue.c +++ b/net/queue.c @@ -191,6 +191,10 @@ ssize_t qemu_net_queue_send(NetQueue *queue, { ssize_t ret;+ if (size > NET_BUFSIZE) {+ return -1; + } + if (queue->delivering || !qemu_can_send_packet(sender)) { qemu_net_queue_append(queue, sender, flags, data, size, sent_cb); return 0;
[Prev in Thread] | Current Thread | [Next in Thread] |