This patch checks the packet length offset value, and checks if the extra bytes
inside buffer
cross page boundary.
Signed-off-by: Changchun Ouyang <changchun.ouyang at intel.com>
---
examples/vhost/main.c | 7 +++++--
1 file changed, 5 insertions(+), 2 deletions(-)
diff --git a/examples/vhost/main.c b/examples/vhost/main.c
index 2916313..a93f7a0 100644
--- a/examples/vhost/main.c
+++ b/examples/vhost/main.c
@@ -1110,7 +1110,8 @@ virtio_tx_route(struct vhost_dev *vdev, struct rte_mbuf
*m, uint16_t vlan_tag)
}
if (vm2vm_mode == VM2VM_HARDWARE) {
- if (find_local_dest(dev, m, &offset, &vlan_tag) != 0) {
+ if (find_local_dest(dev, m, &offset, &vlan_tag) != 0 ||
+ offset > rte_pktmbuf_tailroom(m)) {
rte_pktmbuf_free(m);
return;
}
@@ -1896,7 +1897,9 @@ virtio_dev_tx_zcp(struct virtio_net *dev)
/* Buffer address translation. */
buff_addr = gpa_to_vva(dev, desc->addr);
- phys_addr = gpa_to_hpa(vdev, desc->addr, desc->len, &addr_type);
+ /* Need check extra VLAN_HLEN size for inserting VLAN tag */
+ phys_addr = gpa_to_hpa(vdev, desc->addr, desc->len + VLAN_HLEN,
+ &addr_type);
if (likely(packet_success < (free_entries - 1)))
/* Prefetch descriptor index. */
--
1.8.4.2
