diff mbox

[7/7] net,ipv4,ipv6: Correct assignment of skb->network_header to skb->tail

Message ID 1369805268-6291-8-git-send-email-horms@verge.net.au
State Superseded, archived
Delegated to: David Miller
Headers show

Commit Message

Simon Horman May 29, 2013, 5:27 a.m. UTC 
This corrects an regression introduced by "net: Use 16bits for *_headers
fields of struct skbuff" when NET_SKBUFF_DATA_USES_OFFSET is not set. In
that case skb->tail will be a pointer however skb->network_header is now
an offset.

This patch corrects the problem by adding a wrapper to return skb tail as
an offset regardless of the value of NET_SKBUFF_DATA_USES_OFFSET. It seems
that skb->tail that this offset may be more than 64k and some care has been
taken to treat such cases as an error.

Signed-off-by: Simon Horman <horms@verge.net.au>
---
 include/linux/skbuff.h |    9 +++++++++
 net/core/netpoll.c     |    9 ++++++++-
 net/core/pktgen.c      |   16 ++++++++++++++--
 net/ipv4/ipmr.c        |    8 +++++++-
 4 files changed, 38 insertions(+), 4 deletions(-)

Comments

Eric Dumazet May 29, 2013, 5:35 a.m. UTC | #1 
On Wed, 2013-05-29 at 14:27 +0900, Simon Horman wrote:
> This corrects an regression introduced by "net: Use 16bits for *_headers
> fields of struct skbuff" when NET_SKBUFF_DATA_USES_OFFSET is not set. In
> that case skb->tail will be a pointer however skb->network_header is now
> an offset.
> 
> This patch corrects the problem by adding a wrapper to return skb tail as
> an offset regardless of the value of NET_SKBUFF_DATA_USES_OFFSET. It seems
> that skb->tail that this offset may be more than 64k and some care has been
> taken to treat such cases as an error.
> 
> Signed-off-by: Simon Horman <horms@verge.net.au>
> ---
>  include/linux/skbuff.h |    9 +++++++++
>  net/core/netpoll.c     |    9 ++++++++-
>  net/core/pktgen.c      |   16 ++++++++++++++--
>  net/ipv4/ipmr.c        |    8 +++++++-
>  4 files changed, 38 insertions(+), 4 deletions(-)
> 
> diff --git a/include/linux/skbuff.h b/include/linux/skbuff.h
> index 8f2b830..26ed287 100644
> --- a/include/linux/skbuff.h
> +++ b/include/linux/skbuff.h
> @@ -1391,6 +1391,11 @@ static inline void skb_set_tail_pointer(struct sk_buff *skb, const int offset)
>  	skb_reset_tail_pointer(skb);
>  	skb->tail += offset;
>  }
> +
> +static inline __u64 skb_tail_offset(const struct sk_buff *skb)
> +{
> +	return skb->tail;
> +}
>  #else /* NET_SKBUFF_DATA_USES_OFFSET */
>  static inline unsigned char *skb_tail_pointer(const struct sk_buff *skb)
>  {
> @@ -1407,6 +1412,10 @@ static inline void skb_set_tail_pointer(struct sk_buff *skb, const int offset)
>  	skb->tail = skb->data + offset;
>  }
>  
> +static inline __u64 skb_tail_offset(const struct sk_buff *skb)
> +{
> +	return skb->tail - skb->head;
> +}
>  #endif /* NET_SKBUFF_DATA_USES_OFFSET */
>  

Are you sure __u64 is needed on 32bit arches ?



--
To unsubscribe from this list: send the line "unsubscribe netdev" in
the body of a message to majordomo@vger.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
David Miller May 29, 2013, 5:44 a.m. UTC | #2 
From: Eric Dumazet <eric.dumazet@gmail.com>
Date: Tue, 28 May 2013 22:35:51 -0700

> Are you sure __u64 is needed on 32bit arches ?

It should be "unsigned long" or similar.
--
To unsubscribe from this list: send the line "unsubscribe netdev" in
the body of a message to majordomo@vger.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Simon Horman May 29, 2013, 6:01 a.m. UTC | #3 
On Tue, May 28, 2013 at 10:44:33PM -0700, David Miller wrote:
> From: Eric Dumazet <eric.dumazet@gmail.com>
> Date: Tue, 28 May 2013 22:35:51 -0700
> 
> > Are you sure __u64 is needed on 32bit arches ?
> 
> It should be "unsigned long" or similar.

Thanks, I will fix that and re-post.

--
To unsubscribe from this list: send the line "unsubscribe netdev" in
the body of a message to majordomo@vger.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
diff mbox

Patch

diff --git a/include/linux/skbuff.h b/include/linux/skbuff.h
index 8f2b830..26ed287 100644
--- a/include/linux/skbuff.h
+++ b/include/linux/skbuff.h
@@ -1391,6 +1391,11 @@  static inline void skb_set_tail_pointer(struct sk_buff *skb, const int offset)
 	skb_reset_tail_pointer(skb);
 	skb->tail += offset;
 }
+
+static inline __u64 skb_tail_offset(const struct sk_buff *skb)
+{
+	return skb->tail;
+}
 #else /* NET_SKBUFF_DATA_USES_OFFSET */
 static inline unsigned char *skb_tail_pointer(const struct sk_buff *skb)
 {
@@ -1407,6 +1412,10 @@  static inline void skb_set_tail_pointer(struct sk_buff *skb, const int offset)
 	skb->tail = skb->data + offset;
 }
 
+static inline __u64 skb_tail_offset(const struct sk_buff *skb)
+{
+	return skb->tail - skb->head;
+}
 #endif /* NET_SKBUFF_DATA_USES_OFFSET */
 
 /*
diff --git a/net/core/netpoll.c b/net/core/netpoll.c
index 37deedd..d4da003 100644
--- a/net/core/netpoll.c
+++ b/net/core/netpoll.c
@@ -676,6 +676,8 @@  static void netpoll_neigh_reply(struct sk_buff *skb, struct netpoll_info *npinfo
 
 		spin_lock_irqsave(&npinfo->rx_lock, flags);
 		list_for_each_entry_safe(np, tmp, &npinfo->rx_np, rx) {
+			__u64 tail_offset;
+
 			if (!ipv6_addr_equal(daddr, &np->local_ip.in6))
 				continue;
 
@@ -700,7 +702,12 @@  static void netpoll_neigh_reply(struct sk_buff *skb, struct netpoll_info *npinfo
 			hdr->saddr = *saddr;
 			hdr->daddr = *daddr;
 
-			send_skb->transport_header = send_skb->tail;
+			tail_offset = skb_tail_offset(skb);
+			if (tail_offset > 0xffff) {
+				kfree_skb(send_skb);
+				continue;
+			}
+			skb_set_network_header(send_skb, tail_offset);
 			skb_put(send_skb, size);
 
 			icmp6h = (struct icmp6hdr *)skb_transport_header(skb);
diff --git a/net/core/pktgen.c b/net/core/pktgen.c
index 795498f..f2923ae 100644
--- a/net/core/pktgen.c
+++ b/net/core/pktgen.c
@@ -2642,6 +2642,7 @@  static struct sk_buff *fill_packet_ipv4(struct net_device *odev,
 	__be16 *svlan_tci = NULL;                /* Encapsulates priority and SVLAN ID */
 	__be16 *svlan_encapsulated_proto = NULL; /* packet type ID field (or len) for SVLAN tag */
 	u16 queue_map;
+	__u64 tail_offset;
 
 	if (pkt_dev->nr_labels)
 		protocol = htons(ETH_P_MPLS_UC);
@@ -2708,7 +2709,12 @@  static struct sk_buff *fill_packet_ipv4(struct net_device *odev,
 		*vlan_encapsulated_proto = htons(ETH_P_IP);
 	}
 
-	skb->network_header = skb->tail;
+	tail_offset = skb_tail_offset(skb);
+	if (tail_offset > 0xffff) {
+		kfree_skb(skb);
+		return NULL;
+	}
+	skb_set_network_header(skb, tail_offset);
 	skb->transport_header = skb->network_header + sizeof(struct iphdr);
 	skb_put(skb, sizeof(struct iphdr) + sizeof(struct udphdr));
 	skb_set_queue_mapping(skb, queue_map);
@@ -2775,6 +2781,7 @@  static struct sk_buff *fill_packet_ipv6(struct net_device *odev,
 	__be16 *svlan_tci = NULL;                /* Encapsulates priority and SVLAN ID */
 	__be16 *svlan_encapsulated_proto = NULL; /* packet type ID field (or len) for SVLAN tag */
 	u16 queue_map;
+	__u64 tail_offset;
 
 	if (pkt_dev->nr_labels)
 		protocol = htons(ETH_P_MPLS_UC);
@@ -2822,7 +2829,12 @@  static struct sk_buff *fill_packet_ipv6(struct net_device *odev,
 		*vlan_encapsulated_proto = htons(ETH_P_IPV6);
 	}
 
-	skb->network_header = skb->tail;
+	tail_offset = skb_tail_offset(skb);
+	if (tail_offset > 0xffff) {
+		kfree_skb(skb);
+		return NULL;
+	}
+	skb_set_network_header(skb, tail_offset);
 	skb->transport_header = skb->network_header + sizeof(struct ipv6hdr);
 	skb_put(skb, sizeof(struct ipv6hdr) + sizeof(struct udphdr));
 	skb_set_queue_mapping(skb, queue_map);
diff --git a/net/ipv4/ipmr.c b/net/ipv4/ipmr.c
index f975399..d5b8b4b 100644
--- a/net/ipv4/ipmr.c
+++ b/net/ipv4/ipmr.c
@@ -945,6 +945,7 @@  static int ipmr_cache_report(struct mr_table *mrt,
 	struct igmpmsg *msg;
 	struct sock *mroute_sk;
 	int ret;
+	__be64 tail_offset;
 
 #ifdef CONFIG_IP_PIMSM
 	if (assert == IGMPMSG_WHOLEPKT)
@@ -980,7 +981,12 @@  static int ipmr_cache_report(struct mr_table *mrt,
 
 	/* Copy the IP header */
 
-	skb->network_header = skb->tail;
+	tail_offset = skb_tail_offset(skb);
+	if (tail_offset > 0xffff) {
+		kfree_skb(skb);
+		return -EINVAL;
+	}
+	skb_set_network_header(skb, tail_offset);
 	skb_put(skb, ihl);
 	skb_copy_to_linear_data(skb, pkt->data, ihl);
 	ip_hdr(skb)->protocol = 0;	/* Flag to the kernel this is a route add */