Author: luigi
Date: Fri Jun 6 10:50:14 2014
New Revision: 267151
URL: http://svnweb.freebsd.org/changeset/base/267151
Log:
add checks for invalid buffer pointers and lengths
Modified:
head/sys/dev/netmap/netmap_vale.c
Modified: head/sys/dev/netmap/netmap_vale.c
==============================================================================
--- head/sys/dev/netmap/netmap_vale.c Fri Jun 6 10:40:20 2014
(r267150)
+++ head/sys/dev/netmap/netmap_vale.c Fri Jun 6 10:50:14 2014
(r267151)
@@ -959,6 +959,14 @@ nm_bdg_preflush(struct netmap_vp_adapter
ft[ft_i].ft_next = NM_FT_NULL;
buf = ft[ft_i].ft_buf = (slot->flags & NS_INDIRECT) ?
(void *)(uintptr_t)slot->ptr : BDG_NMB(&na->up, slot);
+ if (unlikely(buf == NULL)) {
+ RD(5, "NULL %s buffer pointer from %s slot %d len %d",
+ (slot->flags & NS_INDIRECT) ? "INDIRECT" :
"DIRECT",
+ kring->name, j, ft[ft_i].ft_len);
+ buf = ft[ft_i].ft_buf = NMB_VA(0); /* the 'null' buffer
*/
+ ft[ft_i].ft_len = 0;
+ ft[ft_i].ft_flags = 0;
+ }
__builtin_prefetch(buf);
++ft_i;
if (slot->flags & NS_MOREFRAG) {
@@ -1312,6 +1320,7 @@ nm_bdg_flush(struct nm_bdg_fwd *ft, u_in
needed = d->bq_len + brddst->bq_len;
if (unlikely(dst_na->virt_hdr_len != na->virt_hdr_len)) {
+ RD(3, "virt_hdr_mismatch, src %d len %d",
na->virt_hdr_len, dst_na->virt_hdr_len);
/* There is a virtio-net header/offloadings mismatch
between
* source and destination. The slower mismatch datapath
will
* be used to cope with all the mismatches.
@@ -1412,6 +1421,11 @@ retry:
/* round to a multiple of 64 */
copy_len = (copy_len + 63) & ~63;
+ if (unlikely(copy_len > NETMAP_BUF_SIZE
||
+ copy_len >
NETMAP_BUF_SIZE)) {
+ RD(5, "invalid len %d, down to
64", (int)copy_len);
+ copy_len = dst_len = 64; // XXX
+ }
if (ft_p->ft_flags & NS_INDIRECT) {
if (copyin(src, dst, copy_len))
{
// invalid user
pointer, pretend len is 0
_______________________________________________
[email protected] mailing list
http://lists.freebsd.org/mailman/listinfo/svn-src-head
To unsubscribe, send any mail to "[email protected]"
