From patchwork Mon Jan 30 08:12:45 2012 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Wei Yongjun X-Patchwork-Id: 138528 X-Patchwork-Delegate: davem@davemloft.net Return-Path: X-Original-To: patchwork-incoming@ozlabs.org Delivered-To: patchwork-incoming@ozlabs.org Received: from vger.kernel.org (vger.kernel.org [209.132.180.67]) by ozlabs.org (Postfix) with ESMTP id 4ACECB6EFE for ; Mon, 30 Jan 2012 19:12:49 +1100 (EST) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1753539Ab2A3IMr (ORCPT ); Mon, 30 Jan 2012 03:12:47 -0500 Received: from mail-qy0-f174.google.com ([209.85.216.174]:58559 "EHLO mail-qy0-f174.google.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1752642Ab2A3IMq (ORCPT ); Mon, 30 Jan 2012 03:12:46 -0500 Received: by qcsg15 with SMTP id g15so2065938qcs.19 for ; Mon, 30 Jan 2012 00:12:45 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=gamma; h=mime-version:date:message-id:subject:from:to:cc:content-type; bh=CmNGTwQhEeO9cfD3ule/S51VtCLNk0iHGgdSlJp68nc=; b=RV9ufTWgTDexeEanBKnQJP+857OUKZSat2v5r1J08Y8I7KiBwvHSixZdU+wYPid6lb EQcW9Lb0PnaM0N4C8amSj2a05TszGcVNW0ioPoQYPxN/0oMW1kSBDKOUDAw+j6/gq+JV w8pGFpUU8pdKDAvQuUIPynfGbHqqAOqwudH1o= MIME-Version: 1.0 Received: by 10.229.77.67 with SMTP id f3mr6036038qck.19.1327911165623; Mon, 30 Jan 2012 00:12:45 -0800 (PST) Received: by 10.229.192.10 with HTTP; Mon, 30 Jan 2012 00:12:45 -0800 (PST) Date: Mon, 30 Jan 2012 16:12:45 +0800 Message-ID: Subject: [PATCH] net/hyperv: fix the issue that large packets be dropped by bridge From: Wei Yongjun To: davem@davemloft.net Cc: haiyangz@microsoft.com, kys@microsoft.com, netdev@vger.kernel.org Sender: netdev-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: netdev@vger.kernel.org From: Wei Yongjun The packets with size larger than 1452 will be dropped by bridge which with two hyperv netdevice ports. This cause by hyperv netvsc driver always copy the trailer padding to the data packet, and then the skb received from netdevice may include wrong skb->len (20 bytes larger than the real size normally). The captured packet may like this: Ethernet II, Src: Microsof_00:00:07 (00:15:5d:00:00:07), Dst: HewlettP_00:00:4e (00:1f:29:00:00:4e) Destination: HewlettP_e6:00:4e (00:1f:29:00:00:4e) Source: Microsof_f6:6d:07 (00:15:5d:f6:6d:07) Type: IP (0x0800) Trailer: 1415161718191A1B1C1D1E1F20212223 Frame check sequence: 0x24252627 [incorrect, should be 0x7c2e5a5e] The following command help to reproduction it, and the ping ICMP packets will be dropped by bridge. $ ping ip -s 1453 This patch fixed it by removing the trailer padding from the data packet. Signed-off-by: Wei Yongjun --- drivers/net/hyperv/rndis_filter.c | 19 +++++++++++++++++++ 1 files changed, 19 insertions(+), 0 deletions(-) diff --git a/drivers/net/hyperv/rndis_filter.c b/drivers/net/hyperv/rndis_filter.c index da181f9..7568984 100644 --- a/drivers/net/hyperv/rndis_filter.c +++ b/drivers/net/hyperv/rndis_filter.c @@ -321,6 +321,25 @@ static void rndis_filter_receive_data(struct rndis_device *dev, data_offset = RNDIS_HEADER_SIZE + rndis_pkt->data_offset; pkt->total_data_buflen -= data_offset; + + /* + * Make sure we got a valid packet message, now total_data_buflen + * should be the data packet size plus the trailer padding size + */ + if (pkt->total_data_buflen < rndis_pkt->data_len) { + netdev_err(dev->net_dev->ndev, "incoming packet message " + "buffer overflow detected (got %u, min %u)" + "...dropping this message!\n", + pkt->total_data_buflen, rndis_pkt->data_len); + return; + } + + /* + * Remove the rndis trailer padding from packet message + * rndis_pkt->data_len tell us the real data length, we only copy + * the data packet to the stack, without the rndis trailer padding + */ + pkt->total_data_buflen = rndis_pkt->data_len; pkt->data = (void *)((unsigned long)pkt->data + data_offset); pkt->is_data_pkt = true;