aboutgitcodebugslistschat
diff options
context:
space:
mode:
authorStefano Brivio <sbrivio@redhat.com>2022-11-08 08:31:59 +0100
committerStefano Brivio <sbrivio@redhat.com>2022-11-10 11:17:50 +0100
commit510dace86ccf0bd63be3b1dbd35ae9c0b0538e5b (patch)
treed4f8a673d811a82cc71dc11f0c2c2521cf566065
parente308018bbe2a42a9ad9af5302fe855eee508acc2 (diff)
downloadpasst-510dace86ccf0bd63be3b1dbd35ae9c0b0538e5b.tar
passt-510dace86ccf0bd63be3b1dbd35ae9c0b0538e5b.tar.gz
passt-510dace86ccf0bd63be3b1dbd35ae9c0b0538e5b.tar.bz2
passt-510dace86ccf0bd63be3b1dbd35ae9c0b0538e5b.tar.lz
passt-510dace86ccf0bd63be3b1dbd35ae9c0b0538e5b.tar.xz
passt-510dace86ccf0bd63be3b1dbd35ae9c0b0538e5b.tar.zst
passt-510dace86ccf0bd63be3b1dbd35ae9c0b0538e5b.zip
tap: Keep stream consistent if qemu length descriptor spans two recv() calls
I got all paranoid after triggering a divide-by-zero general protection fault in passt with a qemu version without the virtio_net TX hang fix, while flooding UDP. I start thinking this was actually coming from some random changes I was playing with, but before reaching this conclusion I reviewed once more the relatively short path in tap_handler_passt() before we start using packet_*() functions, and found this. Never observed in practice, but artificially reproduced with changes in qemu's socket interface: if we don't receive from qemu a complete length descriptor in one recv() call, or if we receive a partial one at the end of one call, we currently disregard the rest, which would make the stream inconsistent. Nothing really bad happens, except that from that point on we would disregard all the packets we get until, if ever, we get the stream back in sync by chance. Force reading a complete packet length descriptor with a blocking recv(), if needed -- not just a complete packet later. Signed-off-by: Stefano Brivio <sbrivio@redhat.com>
-rw-r--r--tap.c18
1 files changed, 15 insertions, 3 deletions
diff --git a/tap.c b/tap.c
index f8314ef..11ac732 100644
--- a/tap.c
+++ b/tap.c
@@ -747,14 +747,26 @@ redo:
return -ECONNRESET;
}
- while (n > (ssize_t)sizeof(uint32_t)) {
- ssize_t len = ntohl(*(uint32_t *)p);
+ while (n > 0) {
+ ssize_t len;
+
+ /* Force receiving at least a complete length descriptor to
+ * avoid an inconsistent stream.
+ */
+ if (n < (ssize_t)sizeof(uint32_t)) {
+ rem = recv(c->fd_tap, p + n,
+ (ssize_t)sizeof(uint32_t) - n, 0);
+ if ((n += rem) != (ssize_t)sizeof(uint32_t))
+ return 0;
+ }
+
+ len = ntohl(*(uint32_t *)p);
p += sizeof(uint32_t);
n -= sizeof(uint32_t);
/* At most one packet might not fit in a single read, and this
- * needs to be blocking.
+ * also needs to be blocking.
*/
if (len > n) {
rem = recv(c->fd_tap, p + n, len - n, 0);