Changeset 104159 in vbox

Timestamp:

Apr 4, 2024 3:35:39 PM (10 months ago)

Author:

vboxsync

Message:

VBoxNetFlt: Fix UBSAN warnings by switching to flexible arrays, bugref:10585.

Location:

trunk

Files:

: 4 edited

include/VBox/intnet.h (modified) (1 diff)
src/VBox/Devices/Network/SrvIntNetR0.cpp (modified) (3 diffs)
src/VBox/Devices/Network/testcase/tstIntNetR0.cpp (modified) (2 diffs)
src/VBox/HostDrivers/VBoxNetFlt/win/drv/VBoxNetFltRt-win.cpp (modified) (1 diff)

Legend:

: Unmodified
: Added
: Removed

trunk/include/VBox/intnet.h

-              r104045
+              r104159
     uint16_t            cSegsUsed;
     /** Variable sized list of segments. */
+    INTNETSEG           aSegs[1];
+    RT_FLEXIBLE_ARRAY_EXTENSION
+    INTNETSEG           aSegs[RT_FLEXIBLE_ARRAY];
 } INTNETSG;
 AssertCompileSizeAlignment(INTNETSG, 8);

trunk/src/VBox/Devices/Network/SrvIntNetR0.cpp

-              r103025
+              r104159
              */
             INTNETSWDECISION    enmSwDecision = INTNETSWDECISION_BROADCAST;
+            INTNETSG            Sg; /** @todo this will have to be changed if we're going to use async sending
+                                     * with buffer sharing for some OS or service. Darwin copies everything so
+                                     * I won't bother allocating and managing SGs right now. Sorry. */
+            /** @todo this will have to be changed if we're going to use async sending
+             * with buffer sharing for some OS or service. Darwin copies everything so
+             * I won't bother allocating and managing SGs right now. Sorry. */
+            union
+            {
+                uint8_t     abBuf[sizeof(INTNETSG) + sizeof(INTNETSEG)];
+                INTNETSG    SG;
+            } u;
             PINTNETHDR          pHdr;
             while ((pHdr = IntNetRingGetNextFrameToRead(&pIf->pIntBuf->Send)) != NULL)
 …
                     /* Send regular frame. */
                     void *pvCurFrame = IntNetHdrGetFramePtr(pHdr, pIf->pIntBuf);
                     IntNetSgInitTemp(&Sg, pvCurFrame, pHdr->cbFrame);
+                    IntNetSgInitTemp(&u.SG, pvCurFrame, pHdr->cbFrame);
                     if (pNetwork->fFlags & INTNET_OPEN_FLAGS_SHARED_MAC_ON_WIRE)
                         intnetR0IfSnoopAddr(pIf, (uint8_t *)pvCurFrame, pHdr->cbFrame, false /*fGso*/, (uint16_t *)&Sg.fFlags);
                     enmSwDecision = intnetR0NetworkSend(pNetwork, pIf,  0 /*fSrc*/, &Sg, pDstTab);
+                        intnetR0IfSnoopAddr(pIf, (uint8_t *)pvCurFrame, pHdr->cbFrame, false /*fGso*/, (uint16_t *)&u.SG.fFlags);
+                    enmSwDecision = intnetR0NetworkSend(pNetwork, pIf,  0 /*fSrc*/, &u.SG, pDstTab);
+                }
                 else if (u8Type == INTNETHDR_TYPE_GSO)
 …
+                    {
                         void       *pvCurFrame = pGso + 1;
                         IntNetSgInitTempGso(&Sg, pvCurFrame, cbFrame, pGso);
+                        IntNetSgInitTempGso(&u.SG, pvCurFrame, cbFrame, pGso);
                         if (pNetwork->fFlags & INTNET_OPEN_FLAGS_SHARED_MAC_ON_WIRE)
                             intnetR0IfSnoopAddr(pIf, (uint8_t *)pvCurFrame, cbFrame, true /*fGso*/, (uint16_t *)&Sg.fFlags);
                         enmSwDecision = intnetR0NetworkSend(pNetwork, pIf, 0 /*fSrc*/, &Sg, pDstTab);
+                            intnetR0IfSnoopAddr(pIf, (uint8_t *)pvCurFrame, cbFrame, true /*fGso*/, (uint16_t *)&u.SG.fFlags);
+                        enmSwDecision = intnetR0NetworkSend(pNetwork, pIf, 0 /*fSrc*/, &u.SG, pDstTab);
+                    }
                     else

trunk/src/VBox/Devices/Network/testcase/tstIntNetR0.cpp

-              r98103
+              r104159
                             PSUPDRVSESSION pSession, void const *pvBuf, size_t cbBuf)
+{
+    INTNETSG Sg;
+    IntNetSgInitTemp(&Sg, (void *)pvBuf, (uint32_t)cbBuf);
+    int rc = intnetR0RingWriteFrame(pRingBuf, &Sg, NULL);
+    union
+    {
+        uint8_t abBuf[sizeof(INTNETSG) + sizeof(INTNETSEG)];
+        INTNETSG SG;
+    } u;
+    IntNetSgInitTemp(&u.SG, (void *)pvBuf, (uint32_t)cbBuf);
+    int rc = intnetR0RingWriteFrame(pRingBuf, &u.SG, NULL);
     if (RT_SUCCESS(rc))
         rc = IntNetR0IfSend(hIf, pSession);
 …
         pHdr->iFrame = iFrame;
+        INTNETSG Sg;
+        IntNetSgInitTemp(&Sg, abBuf, cb);
+        RTTEST_CHECK_RC_OK(g_hTest, rc = intnetR0RingWriteFrame(&pArgs->pBuf->Send, &Sg, NULL));
+        union
+        {
+            uint8_t abBuf[sizeof(INTNETSG) + sizeof(INTNETSEG)];
+            INTNETSG SG;
+        } u;
+        IntNetSgInitTemp(&u.SG, abBuf, cb);
+        RTTEST_CHECK_RC_OK(g_hTest, rc = intnetR0RingWriteFrame(&pArgs->pBuf->Send, &u.SG, NULL));
         if (RT_SUCCESS(rc))
             RTTEST_CHECK_RC_OK(g_hTest, rc = IntNetR0IfSend(pArgs->hIf, g_pSession));

trunk/src/VBox/HostDrivers/VBoxNetFlt/win/drv/VBoxNetFltRt-win.cpp

r98103	r104159
1142	1142	* 2. buffer of cbPacket containing the entire packet */
1143	1143	AssertCompileSizeAlignment(INTNETSG, sizeof(PVOID));
1144		Status = vboxNetFltWinMemAlloc((PVOID*)&pSG, cbPacket + ~~sizeof(INTNETSG~~));
	1144	Status = vboxNetFltWinMemAlloc((PVOID*)&pSG, cbPacket + RT_UOFFSETOF_DYN(INTNETSG, aSegs[1]));
1145	1145	if (Status == NDIS_STATUS_SUCCESS)
1146	1146	{

Note: See TracChangeset for help on using the changeset viewer.