[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[Xen-changelog] [qemu-xen-traditional stable-4.6] rtl8139: avoid nested ifs in IP header parsing



commit ac45414eb0e96aad963c9ecc804676a1e3d257dd
Author:     Stefan Hajnoczi <stefanha@xxxxxxxxxx>
AuthorDate: Wed Jul 15 18:16:58 2015 +0100
Commit:     Ian Jackson <Ian.Jackson@xxxxxxxxxxxxx>
CommitDate: Tue May 10 19:15:12 2016 +0100

    rtl8139: avoid nested ifs in IP header parsing
    
    Transmit offload needs to parse packet headers.  If header fields have
    unexpected values the offload processing is skipped.
    
    The code currently uses nested ifs because there is relatively little
    input validation.  The next patches will add missing input validation
    and a goto label is more appropriate to avoid deep if statement nesting.
    
    Signed-off-by: Stefan Hajnoczi <stefanha@xxxxxxxxxx>
    [Backport to qemu-xen-tradition]
    Signed-off-by: Andrew Cooper <andrew.cooper3@xxxxxxxxxx>
---
 hw/rtl8139.c | 33 +++++++++++++++++++--------------
 1 file changed, 19 insertions(+), 14 deletions(-)

diff --git a/hw/rtl8139.c b/hw/rtl8139.c
index 20e486a..44c221c 100644
--- a/hw/rtl8139.c
+++ b/hw/rtl8139.c
@@ -2113,26 +2113,30 @@ static int rtl8139_cplus_transmit_one(RTL8139State *s)
             size_t   eth_payload_len  = 0;
 
             int proto = be16_to_cpu(*(uint16_t *)(saved_buffer + 12));
-            if (proto == ETH_P_IP)
+            if (proto != ETH_P_IP)
             {
-                DEBUG_PRINT(("RTL8139: +++ C+ mode has IP packet\n"));
+                goto skip_offload;
+            }
 
-                /* not aligned */
-                eth_payload_data = saved_buffer + ETH_HLEN;
-                eth_payload_len  = saved_size   - ETH_HLEN;
+            DEBUG_PRINT(("RTL8139: +++ C+ mode has IP packet\n"));
 
-                ip = (ip_header*)eth_payload_data;
+            /* not aligned */
+            eth_payload_data = saved_buffer + ETH_HLEN;
+            eth_payload_len  = saved_size   - ETH_HLEN;
 
-                if (IP_HEADER_VERSION(ip) != IP_HEADER_VERSION_4) {
-                    DEBUG_PRINT(("RTL8139: +++ C+ mode packet has bad IP 
version %d expected %d\n", IP_HEADER_VERSION(ip), IP_HEADER_VERSION_4));
-                    ip = NULL;
-                } else {
-                    hlen = IP_HEADER_LENGTH(ip);
-                    ip_protocol = ip->ip_p;
-                    ip_data_len = be16_to_cpu(ip->ip_len) - hlen;
-                }
+            ip = (ip_header*)eth_payload_data;
+
+            if (IP_HEADER_VERSION(ip) != IP_HEADER_VERSION_4) {
+                DEBUG_PRINT(("RTL8139: +++ C+ mode packet has bad IP version 
%d "
+                             "expected %d\n", IP_HEADER_VERSION(ip),
+                             IP_HEADER_VERSION_4));
+                goto skip_offload;
             }
 
+            hlen = IP_HEADER_LENGTH(ip);
+            ip_protocol = ip->ip_p;
+            ip_data_len = be16_to_cpu(ip->ip_len) - hlen;
+
             if (ip)
             {
                 if (txdw0 & CP_TX_IPCS)
@@ -2315,6 +2319,7 @@ static int rtl8139_cplus_transmit_one(RTL8139State *s)
             }
         }
 
+skip_offload:
         /* update tally counter */
         ++s->tally_counters.TxOk;
 
--
generated by git-patchbot for /home/xen/git/qemu-xen-traditional.git#stable-4.6

_______________________________________________
Xen-changelog mailing list
Xen-changelog@xxxxxxxxxxxxx
http://lists.xensource.com/xen-changelog

 


Rackspace

Lists.xenproject.org is hosted with RackSpace, monitoring our
servers 24x7x365 and backed by RackSpace's Fanatical Support®.