From 78e18981fb0a3a86ad9342f94ed28f9c7458e2cd Mon Sep 17 00:00:00 2001 From: Sebastian Sumpf Date: Wed, 7 Oct 2015 10:38:41 +0200 Subject: [PATCH] nic session: fix quota check Check for overflow. Issue #1735 --- repos/dde_linux/src/lib/usb/include/usb_nic_component.h | 8 +++----- repos/dde_linux/src/lib/wifi/nic.cc | 8 +++----- repos/os/include/nic/root.h | 8 +++----- repos/os/src/drivers/nic/spec/lan9118/main.cc | 8 +++----- repos/os/src/server/nic_loopback/main.cc | 8 +++----- repos/ports/src/app/openvpn/main.cc | 8 +++----- 6 files changed, 18 insertions(+), 30 deletions(-) diff --git a/repos/dde_linux/src/lib/usb/include/usb_nic_component.h b/repos/dde_linux/src/lib/usb/include/usb_nic_component.h index 84f3ce125..fd1da5973 100644 --- a/repos/dde_linux/src/lib/usb/include/usb_nic_component.h +++ b/repos/dde_linux/src/lib/usb/include/usb_nic_component.h @@ -242,12 +242,10 @@ class Root : public Root_component /* * Check if donated ram quota suffices for both communication - * buffers. Also check both sizes separately to handle a - * possible overflow of the sum of both sizes. + * buffers and check for overflow */ - if (tx_buf_size > ram_quota - session_size - || rx_buf_size > ram_quota - session_size - || tx_buf_size + rx_buf_size > ram_quota - session_size) { + if (tx_buf_size + rx_buf_size < tx_buf_size || + tx_buf_size + rx_buf_size > ram_quota - session_size) { PERR("insufficient 'ram_quota', got %zd, need %zd", ram_quota, tx_buf_size + rx_buf_size + session_size); throw Genode::Root::Quota_exceeded(); diff --git a/repos/dde_linux/src/lib/wifi/nic.cc b/repos/dde_linux/src/lib/wifi/nic.cc index 27bc5f5f3..57d481607 100644 --- a/repos/dde_linux/src/lib/wifi/nic.cc +++ b/repos/dde_linux/src/lib/wifi/nic.cc @@ -203,12 +203,10 @@ class Root : public Genode::Root_component ram_quota - session_size - || rx_buf_size > ram_quota - session_size - || tx_buf_size + rx_buf_size > ram_quota - session_size) { + if (tx_buf_size + rx_buf_size < tx_buf_size || + tx_buf_size + rx_buf_size > ram_quota - session_size) { PERR("insufficient 'ram_quota', got %zd, need %zd", ram_quota, tx_buf_size + rx_buf_size + session_size); throw Genode::Root::Quota_exceeded(); diff --git a/repos/os/include/nic/root.h b/repos/os/include/nic/root.h index 741717087..9993ee06b 100644 --- a/repos/os/include/nic/root.h +++ b/repos/os/include/nic/root.h @@ -48,12 +48,10 @@ class Nic::Root : public Genode::Root_component ram_quota - session_size - || rx_buf_size > ram_quota - session_size - || tx_buf_size + rx_buf_size > ram_quota - session_size) { + if (tx_buf_size + rx_buf_size < tx_buf_size || + tx_buf_size + rx_buf_size > ram_quota - session_size) { PERR("insufficient 'ram_quota', got %zd, need %zd", ram_quota, tx_buf_size + rx_buf_size + session_size); throw Genode::Root::Quota_exceeded(); diff --git a/repos/os/src/drivers/nic/spec/lan9118/main.cc b/repos/os/src/drivers/nic/spec/lan9118/main.cc index 2099cbb08..2a5c428ed 100644 --- a/repos/os/src/drivers/nic/spec/lan9118/main.cc +++ b/repos/os/src/drivers/nic/spec/lan9118/main.cc @@ -52,12 +52,10 @@ class Root : public Genode::Root_component /* * Check if donated ram quota suffices for both communication - * buffers. Also check both sizes separately to handle a - * possible overflow of the sum of both sizes. + * buffers and check for overflow */ - if (tx_buf_size > ram_quota - session_size - || rx_buf_size > ram_quota - session_size - || tx_buf_size + rx_buf_size > ram_quota - session_size) { + if (tx_buf_size + rx_buf_size < tx_buf_size || + tx_buf_size + rx_buf_size > ram_quota - session_size) { PERR("insufficient 'ram_quota', got %zd, need %zd", ram_quota, tx_buf_size + rx_buf_size + session_size); throw Genode::Root::Quota_exceeded(); diff --git a/repos/os/src/server/nic_loopback/main.cc b/repos/os/src/server/nic_loopback/main.cc index 0e1a37794..e134ceec6 100644 --- a/repos/os/src/server/nic_loopback/main.cc +++ b/repos/os/src/server/nic_loopback/main.cc @@ -166,12 +166,10 @@ class Nic::Root : public Genode::Root_component /* * Check if donated ram quota suffices for both communication - * buffers. Also check both sizes separately to handle a - * possible overflow of the sum of both sizes. + * buffers and check for overflow */ - if (tx_buf_size > ram_quota - session_size - || rx_buf_size > ram_quota - session_size - || tx_buf_size + rx_buf_size > ram_quota - session_size) { + if (tx_buf_size + rx_buf_size < tx_buf_size || + tx_buf_size + rx_buf_size > ram_quota - session_size) { PERR("insufficient 'ram_quota', got %zd, need %zd", ram_quota, tx_buf_size + rx_buf_size + session_size); throw Root::Quota_exceeded(); diff --git a/repos/ports/src/app/openvpn/main.cc b/repos/ports/src/app/openvpn/main.cc index c7852918a..aeb03e02a 100644 --- a/repos/ports/src/app/openvpn/main.cc +++ b/repos/ports/src/app/openvpn/main.cc @@ -230,12 +230,10 @@ class Root : public Genode::Root_component ram_quota - session_size - || rx_buf_size > ram_quota - session_size - || tx_buf_size + rx_buf_size > ram_quota - session_size) { + if (tx_buf_size + rx_buf_size < tx_buf_size || + tx_buf_size + rx_buf_size > ram_quota - session_size) { PERR("insufficient 'ram_quota', got %zd, need %zd", ram_quota, tx_buf_size + rx_buf_size + session_size); throw Genode::Root::Quota_exceeded();