cc7301908c
If a malicious guest forges a dead loop desc chain (let desc->next point to itself) and desc->len is zero, this could lead to a dead loop in copy_mbuf_to_desc(following is a simplified code to show this issue clearly): while (mbuf_is_not_totally_consumed) { if (desc_avail == 0) { desc = &descs[desc->next]; desc_avail = desc->len; } COPY(desc, mbuf, desc_avail); } I have actually fixed a same issue before: commit |
||
---|---|---|
app | ||
buildtools | ||
config | ||
devtools | ||
doc | ||
drivers | ||
examples | ||
lib | ||
mk | ||
pkg | ||
usertools | ||
.gitattributes | ||
.gitignore | ||
GNUmakefile | ||
LICENSE.GPL | ||
LICENSE.LGPL | ||
MAINTAINERS | ||
Makefile | ||
README |
DPDK is a set of libraries and drivers for fast packet processing. It supports many processor architectures and both FreeBSD and Linux. The DPDK uses the Open Source BSD license for the core libraries and drivers. The kernel components are GPLv2 licensed. Please check the doc directory for release notes, API documentation, and sample application information. For questions and usage discussions, subscribe to: users@dpdk.org Report bugs and issues to the development mailing list: dev@dpdk.org