Re: [ovs-dev] [PATCH v12 1/8] lib: Add non-null assertions to some return values of `dp_packet_data`

Eelco Chaudron Tue, 11 Jul 2023 02:50:57 -0700

On 13 Jun 2023, at 20:34, James Raphael Tiovalen wrote:

> This commit adds some `ovs_assert()` checks to some return values of
> `dp_packet_data()` to ensure that they are not NULL and to prevent
> null-pointer dereferences, which might lead to unwanted crashes. We use
> assertions since it should be impossible for these calls to
> `dp_packet_data()` to return NULL.
>
> Signed-off-by: James Raphael Tiovalen <[email protected]>
> Reviewed-by: Simon Horman <[email protected]>

This patch looks good, however, it needs a re-work due to changes to tunnel 
checksum handling.

//Eelco


> ---
>  lib/dp-packet.c         | 15 ++++++++++-----
>  lib/netdev-native-tnl.c | 17 +++++++++++------
>  lib/pcap-file.c         |  4 +++-
>  3 files changed, 24 insertions(+), 12 deletions(-)
>
> diff --git a/lib/dp-packet.c b/lib/dp-packet.c
> index ae8ab5800..445cb4761 100644
> --- a/lib/dp-packet.c
> +++ b/lib/dp-packet.c
> @@ -183,9 +183,12 @@ dp_packet_clone_with_headroom(const struct dp_packet 
> *buffer, size_t headroom)
>      struct dp_packet *new_buffer;
>      uint32_t mark;
>
> -    new_buffer = dp_packet_clone_data_with_headroom(dp_packet_data(buffer),
> -                                                 dp_packet_size(buffer),
> -                                                 headroom);
> +    const void *data_dp = dp_packet_data(buffer);
> +    ovs_assert(data_dp);
> +
> +    new_buffer = dp_packet_clone_data_with_headroom(data_dp,
> +                                                    dp_packet_size(buffer),
> +                                                    headroom);
>      /* Copy the following fields into the returned buffer: l2_pad_size,
>       * l2_5_ofs, l3_ofs, l4_ofs, cutlen, packet_type and md. */
>      memcpy(&new_buffer->l2_pad_size, &buffer->l2_pad_size,
> @@ -322,8 +325,10 @@ dp_packet_shift(struct dp_packet *b, int delta)
>                 : true);
>
>      if (delta != 0) {
> -        char *dst = (char *) dp_packet_data(b) + delta;
> -        memmove(dst, dp_packet_data(b), dp_packet_size(b));
> +        const void *data_dp = dp_packet_data(b);
> +        ovs_assert(data_dp);
> +        char *dst = (char *) data_dp + delta;
> +        memmove(dst, data_dp, dp_packet_size(b));
>          dp_packet_set_data(b, dst);
>      }
>  }
> diff --git a/lib/netdev-native-tnl.c b/lib/netdev-native-tnl.c
> index c2c6ca559..7781b162d 100644
> --- a/lib/netdev-native-tnl.c
> +++ b/lib/netdev-native-tnl.c
> @@ -43,6 +43,7 @@
>  #include "seq.h"
>  #include "unaligned.h"
>  #include "unixctl.h"
> +#include "util.h"
>  #include "openvswitch/vlog.h"
>
>  VLOG_DEFINE_THIS_MODULE(native_tnl);
> @@ -222,12 +223,13 @@ netdev_tnl_calc_udp_csum(struct udp_header *udp, struct 
> dp_packet *packet,
>  {
>      uint32_t csum;
>
> -    if (netdev_tnl_is_header_ipv6(dp_packet_data(packet))) {
> -        csum = packet_csum_pseudoheader6(netdev_tnl_ipv6_hdr(
> -                                         dp_packet_data(packet)));
> +    void *data_dp = dp_packet_data(packet);
> +    ovs_assert(data_dp);
> +
> +    if (netdev_tnl_is_header_ipv6(data_dp)) {
> +        csum = packet_csum_pseudoheader6(netdev_tnl_ipv6_hdr(data_dp));
>      } else {
> -        csum = packet_csum_pseudoheader(netdev_tnl_ip_hdr(
> -                                        dp_packet_data(packet)));
> +        csum = packet_csum_pseudoheader(netdev_tnl_ip_hdr(data_dp));
>      }
>
>      csum = csum_continue(csum, udp, ip_tot_size);
> @@ -428,7 +430,10 @@ netdev_gre_pop_header(struct dp_packet *packet)
>      struct flow_tnl *tnl = &md->tunnel;
>      int hlen = sizeof(struct eth_header) + 4;
>
> -    hlen += netdev_tnl_is_header_ipv6(dp_packet_data(packet)) ?
> +    const void *data_dp = dp_packet_data(packet);
> +    ovs_assert(data_dp);
> +
> +    hlen += netdev_tnl_is_header_ipv6(data_dp) ?
>              IPV6_HEADER_LEN : IP_HEADER_LEN;
>
>      pkt_metadata_init_tnl(md);
> diff --git a/lib/pcap-file.c b/lib/pcap-file.c
> index 3ed7ea488..9f4e2e1e2 100644
> --- a/lib/pcap-file.c
> +++ b/lib/pcap-file.c
> @@ -284,6 +284,8 @@ ovs_pcap_write(struct pcap_file *p_file, struct dp_packet 
> *buf)
>      struct timeval tv;
>
>      ovs_assert(dp_packet_is_eth(buf));
> +    const void *data_dp = dp_packet_data(buf);
> +    ovs_assert(data_dp);
>
>      xgettimeofday(&tv);
>      prh.ts_sec = tv.tv_sec;
> @@ -291,7 +293,7 @@ ovs_pcap_write(struct pcap_file *p_file, struct dp_packet 
> *buf)
>      prh.incl_len = dp_packet_size(buf);
>      prh.orig_len = dp_packet_size(buf);
>      ignore(fwrite(&prh, sizeof prh, 1, p_file->file));
> -    ignore(fwrite(dp_packet_data(buf), dp_packet_size(buf), 1, 
> p_file->file));
> +    ignore(fwrite(data_dp, dp_packet_size(buf), 1, p_file->file));
>      fflush(p_file->file);
>  }
>
> -- 
> 2.40.1
>
> _______________________________________________
> dev mailing list
> [email protected]
> https://mail.openvswitch.org/mailman/listinfo/ovs-dev

_______________________________________________
dev mailing list
[email protected]
https://mail.openvswitch.org/mailman/listinfo/ovs-dev
Re: [ovs-dev] [PATCH v12 1/8] lib: Add non-null assertions to some return values of `dp_packet_data`

Reply via email to
