Code Review / vpp.git / commitdiff
? search:
summary | shortlog | log | commit | commitdiff | review | tree
raw | patch | inline | side by side (parent: 39cdca3)
af_packet driver failure to check VLIB_BUFFER_NEXT_PRESENT flag 03/5903/2
authorJim Gibson <gibson+fdio@cisco.com>
Mon, 27 Mar 2017 20:19:54 +0000 (20:19 +0000)
committerDamjan Marion <dmarion.lists@gmail.com>
Wed, 29 Mar 2017 21:50:40 +0000 (21:50 +0000)
af_packet driver must check that VLIB_BUFFER_NEXT_PRESENT flag is set
when walking vlib_buffer_t next_buffer chain on transmit.
On buffer allocation:
- next_buffer is not and may contain a stale invalid value that
  should be ignored if not overwritten by a valid value.
- VLIB_BUFFER_NEXT_PRESENT flag is cleared and only set
  if a valid value is written to next_buffer.

Change-Id: Iebf76ce8eea24a0d63c7bf749e672d6a232c80e7
Signed-off-by: Jim Gibson <gibson+fdio@cisco.com>
src/vnet/devices/af_packet/device.c patch | blob | history

diff --git a/src/vnet/devices/af_packet/device.c b/src/vnet/devices/af_packet/device.c
index e3bf9bb..9a94fc5 100644 (file)
--- a/src/vnet/devices/af_packet/device.c
+++ b/src/vnet/devices/af_packet/device.c
@@ -125,7 +125,8 @@ af_packet_interface_tx (vlib_main_t * vm,
                       vlib_buffer_get_current (b0), len);
          offset += len;
        }
-      while ((bi = b0->next_buffer));
+      while ((bi =
+             (b0->flags & VLIB_BUFFER_NEXT_PRESENT) ? b0->next_buffer : 0));
 
       tph->tp_len = tph->tp_snaplen = offset;
       tph->tp_status = TP_STATUS_SEND_REQUEST;
Vector Packet Processing