Bug 241462

Summary: netgraph/ng_tag: Variable length data can not be set for all length
Product: Base System Reporter: Lutz Donnerhacke <donner>
Component: kernAssignee: freebsd-net (Nobody) <net>
Status: Closed FIXED    
Severity: Affects Some People    
Priority: ---    
Version: CURRENT   
Hardware: Any   
OS: Any   

Description Lutz Donnerhacke freebsd_committer freebsd_triage 2019-10-24 11:33:25 UTC 
ng_tag does can operator on arbitary data of mbuf_tags.
This only works for any data sets.

+ mkpeer . tag t t
+ msg t sethookin { thisHook="t" tag_len=4 tag_data=[1] }

works. But the following does not:

+ msg t sethookin { thisHook="t" tag_len=1 tag_data=[1] }
ngctl: send msg: Invalid argument

Especially in the case of checking for mbuf_tag values, the length
of checked data is important.

The reason behind this behavior is, that the record size
is padded to the next multiple of the alignment. Therefore
it's sufficient to check for large enough data received.

Patch is in review D22140
Comment 1 commit-hook freebsd_committer freebsd_triage 2021-01-18 12:32:35 UTC 
A commit in branch main references this bug:

URL: https://cgit.FreeBSD.org/src/commit/?id=7c7c231c14246a709270bf3f3a4593208e84d01a

commit 7c7c231c14246a709270bf3f3a4593208e84d01a
Author:     Lutz Donnerhacke <lutz@donnerhacke.de>
AuthorDate: 2021-01-02 13:58:17 +0000
Commit:     Lutz Donnerhacke <donner@FreeBSD.org>
CommitDate: 2021-01-18 12:23:22 +0000

    netgraph/ng_tag: permit variable length data

    ng_tag(4) operate on arbitrary data of mbuf_tags(9).  Those structures
    are padded to the next multiple of the alignment by the compiler.
    Hence a valid argument has be at most as long as the data received.

    PR:             241462
    Reviewed by:    kp
    Approved by:    kp (mentor)
    MFC after:      2 weeks
    Differential Revision: https://reviews.freebsd.org/D22140

 sys/netgraph/ng_tag.c | 10 ++++------
 1 file changed, 4 insertions(+), 6 deletions(-)
Comment 2 commit-hook freebsd_committer freebsd_triage 2021-02-01 13:58:40 UTC 
A commit in branch stable/12 references this bug:

URL: https://cgit.FreeBSD.org/src/commit/?id=305b3ca5f40cbfff1e29f7e2e10a636331a8575c

commit 305b3ca5f40cbfff1e29f7e2e10a636331a8575c
Author:     Lutz Donnerhacke <lutz@donnerhacke.de>
AuthorDate: 2021-01-02 13:58:17 +0000
Commit:     Lutz Donnerhacke <donner@FreeBSD.org>
CommitDate: 2021-02-01 13:55:42 +0000

    netgraph/ng_tag: permit variable length data

    ng_tag(4) operate on arbitrary data of mbuf_tags(9).  Those structures
    are padded to the next multiple of the alignment by the compiler.
    Hence a valid argument has be at most as long as the data received.

    PR:             241462
    Reviewed by:    kp
    Approved by:    philip (mentor)
    Differential Revision: https://reviews.freebsd.org/D22140

    (cherry picked from commit 7c7c231c14246a709270bf3f3a4593208e84d01a)

 sys/netgraph/ng_tag.c | 10 ++++------
 1 file changed, 4 insertions(+), 6 deletions(-)
Comment 3 commit-hook freebsd_committer freebsd_triage 2021-02-01 14:08:44 UTC 
A commit in branch stable/11 references this bug:

URL: https://cgit.FreeBSD.org/src/commit/?id=90d158c0cf2598fde2ea1c7cd58909cf5a21c471

commit 90d158c0cf2598fde2ea1c7cd58909cf5a21c471
Author:     Lutz Donnerhacke <donner@FreeBSD.org>
AuthorDate: 2021-01-02 13:58:17 +0000
Commit:     Lutz Donnerhacke <donner@FreeBSD.org>
CommitDate: 2021-02-01 14:07:31 +0000

    netgraph/ng_tag: permit variable length data

    ng_tag(4) operate on arbitrary data of mbuf_tags(9).  Those structures
    are padded to the next multiple of the alignment by the compiler.
    Hence a valid argument has be at most as long as the data received.

    PR:             241462
    Reviewed by:    kp
    Approved by:    philip (mentor)
    Differential Revision: https://reviews.freebsd.org/D22140

    (cherry picked from commit 7c7c231c14246a709270bf3f3a4593208e84d01a)

 sys/netgraph/ng_tag.c | 10 ++++------
 1 file changed, 4 insertions(+), 6 deletions(-)