From e6329ada4401f4a7e418a48fe829bbc211e28b6f Mon Sep 17 00:00:00 2001 From: Steven Luong Date: Wed, 23 Oct 2019 13:28:37 -0700 Subject: devices: vhoost cpu->copy array overflow on tcp jumbo frame (65535 bytes) We reserve 40 slots in cpu->copy array prior to copy out to avoid overflowing the array. However, 40 is not enough for the jumbo frame because desceiptor buffer len is likely at 1536. Change the reserve to 200 and add ASSERT to avoid encountering the same problem in the future. Type: fix Signed-off-by: Steven Luong Change-Id: Ibf0c03c4b4f33e781d5be8679ccd6c3a4b4a646d (cherry picked from commit 7331005c16d0e1499080899b2a0676a0cd945595) --- src/vnet/devices/virtio/vhost_user_input.c | 1 + 1 file changed, 1 insertion(+) (limited to 'src/vnet/devices/virtio/vhost_user_input.c') diff --git a/src/vnet/devices/virtio/vhost_user_input.c b/src/vnet/devices/virtio/vhost_user_input.c index 79c66eecd90..2124ecd499f 100644 --- a/src/vnet/devices/virtio/vhost_user_input.c +++ b/src/vnet/devices/virtio/vhost_user_input.c @@ -532,6 +532,7 @@ vhost_user_if_input (vlib_main_t * vm, } /* Prepare a copy order executed later for the data */ + ASSERT (copy_len < VHOST_USER_COPY_ARRAY_N); vhost_copy_t *cpy = &cpu->copy[copy_len]; copy_len++; u32 desc_data_l = desc_table[desc_current].len - desc_data_offset; -- cgit 1.2.3-korg