static inline int xfrm_mark_get() broken

Message ID	4C28EE19.2090502@hsr.ch
State	Superseded, archived
Delegated to:	David Miller
Headers	show Return-Path: <netdev-owner@vger.kernel.org> Message-ID: <4C28EE19.2090502@hsr.ch> Date: Mon, 28 Jun 2010 20:46:49 +0200 From: Andreas Steffen <andreas.steffen@hsr.ch> Organization: HSR Hochschule fuer Technik Rapperswil User-Agent: Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.9.1.9) Gecko/20100423 Thunderbird/3.0.4 MIME-Version: 1.0 To: <netdev@vger.kernel.org> Subject: static inline int xfrm_mark_get() broken Content-Type: multipart/mixed; boundary="------------020600090607000701070809" Sender: netdev-owner@vger.kernel.org Precedence: bulk

Message ID

4C28EE19.2090502@hsr.ch

State

Superseded, archived

Delegated to:

David Miller

Headers

Message-ID: <4C28EE19.2090502@hsr.ch>
Date: Mon, 28 Jun 2010 20:46:49 +0200
From: Andreas Steffen <andreas.steffen@hsr.ch>
Organization: HSR Hochschule fuer Technik Rapperswil
User-Agent: Mozilla/5.0 (X11; U; Linux i686; en-US;
	rv:1.9.1.9) Gecko/20100423 Thunderbird/3.0.4
MIME-Version: 1.0
To: <netdev@vger.kernel.org>
Subject: static inline int xfrm_mark_get() broken
Content-Type: multipart/mixed;
	boundary="------------020600090607000701070809"
Sender: netdev-owner@vger.kernel.org
Precedence: bulk

Commit Message

Andreas Steffen June 28, 2010, 6:46 p.m. UTC

Hi,

experimenting with the new XFRM_MARK feature of the 2.6.34 kernel
I found out that the extraction of the mark mask might accidentally
work on 64 bit platforms but on 32 bit platforms the function is
awfully broken. The rather trivial patch attached to this mail fixes
the problem. Otherwise the XFRM_MARK feature seems quite promising!

Best regards

Andreas

======================================================================
Andreas Steffen                         e-mail: andreas.steffen@hsr.ch
Institute for Internet Technologies and Applications
Hochschule fuer Technik Rapperswil      phone:  +41 55 222 42 68
CH-8640 Rapperswil (Switzerland)        mobile: +41 76 340 25 56
===========================================================[ITA-HSR]==

Comments

Simon Horman June 30, 2010, 4:46 a.m. UTC | #1

On Mon, Jun 28, 2010 at 08:46:49PM +0200, Andreas Steffen wrote:
> Hi,
> 
> experimenting with the new XFRM_MARK feature of the 2.6.34 kernel
> I found out that the extraction of the mark mask might accidentally
> work on 64 bit platforms but on 32 bit platforms the function is
> awfully broken. The rather trivial patch attached to this mail fixes
> the problem. Otherwise the XFRM_MARK feature seems quite promising!
> 
> Best regards
> 
> Andreas
> 
> ======================================================================
> Andreas Steffen                         e-mail: andreas.steffen@hsr.ch
> Institute for Internet Technologies and Applications
> Hochschule fuer Technik Rapperswil      phone:  +41 55 222 42 68
> CH-8640 Rapperswil (Switzerland)        mobile: +41 76 340 25 56
> ===========================================================[ITA-HSR]==

> --- linux/include/net/xfrm.h.ori	2010-06-28 18:53:28.229489876 +0200
> +++ linux/include/net/xfrm.h	2010-06-28 18:53:50.745487383 +0200
> @@ -1587,7 +1587,7 @@
>  static inline int xfrm_mark_get(struct nlattr **attrs, struct xfrm_mark *m)
>  {
>  	if (attrs[XFRMA_MARK])
> -		memcpy(m, nla_data(attrs[XFRMA_MARK]), sizeof(m));
> +		memcpy(m, nla_data(attrs[XFRMA_MARK]), sizeof(struct xfrm_mark));

This fix looks correct to me, but
I believe that sizeof(*m) is the preferred style.

>  	else
>  		m->v = m->m = 0;
>  

--
To unsubscribe from this list: send the line "unsubscribe netdev" in
the body of a message to majordomo@vger.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html

Andreas Steffen June 30, 2010, 5:03 a.m. UTC | #2

Hello Simon,

actually I don't care how this bug is going to be fixed, but with
sizeof(struct xfrm_mark) I'm dead certain that both the mark
value and mask are being copied. Actually in the next inline
function right below sizeof(struct xfrm_mark) is used, too:

static inline int xfrm_mark_put(struct sk_buff *skb, struct xfrm_mark *m)
{
    if (m->m | m->v)
       NLA_PUT(skb, XFRMA_MARK, sizeof(struct xfrm_mark), m);
    return 0;

Regards

Andreas

On 06/30/2010 06:46 AM, Simon Horman wrote:
> On Mon, Jun 28, 2010 at 08:46:49PM +0200, Andreas Steffen wrote:
>> Hi,
>>
>> experimenting with the new XFRM_MARK feature of the 2.6.34 kernel
>> I found out that the extraction of the mark mask might accidentally
>> work on 64 bit platforms but on 32 bit platforms the function is
>> awfully broken. The rather trivial patch attached to this mail fixes
>> the problem. Otherwise the XFRM_MARK feature seems quite promising!
>>
>> Best regards
>>
>> Andreas
>>
>> ======================================================================
>> Andreas Steffen                         e-mail: andreas.steffen@hsr.ch
>> Institute for Internet Technologies and Applications
>> Hochschule fuer Technik Rapperswil      phone:  +41 55 222 42 68
>> CH-8640 Rapperswil (Switzerland)        mobile: +41 76 340 25 56
>> ===========================================================[ITA-HSR]==
> 
>> --- linux/include/net/xfrm.h.ori	2010-06-28 18:53:28.229489876 +0200
>> +++ linux/include/net/xfrm.h	2010-06-28 18:53:50.745487383 +0200
>> @@ -1587,7 +1587,7 @@
>>  static inline int xfrm_mark_get(struct nlattr **attrs, struct xfrm_mark *m)
>>  {
>>  	if (attrs[XFRMA_MARK])
>> -		memcpy(m, nla_data(attrs[XFRMA_MARK]), sizeof(m));
>> +		memcpy(m, nla_data(attrs[XFRMA_MARK]), sizeof(struct xfrm_mark));
> 
> This fix looks correct to me, but
> I believe that sizeof(*m) is the preferred style.
> 
>>  	else
>>  		m->v = m->m = 0;

======================================================================
Andreas Steffen                         e-mail: andreas.steffen@hsr.ch
Institute for Internet Technologies and Applications
Hochschule fuer Technik Rapperswil      phone:  +41 55 222 42 68
CH-8640 Rapperswil (Switzerland)        mobile: +41 76 340 25 56
===========================================================[ITA-HSR]==
--
To unsubscribe from this list: send the line "unsubscribe netdev" in
the body of a message to majordomo@vger.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html

Simon Horman June 30, 2010, 7:01 a.m. UTC | #3

On Wed, Jun 30, 2010 at 07:03:05AM +0200, Andreas Steffen wrote:
> Hello Simon,
> 
> actually I don't care how this bug is going to be fixed, but with
> sizeof(struct xfrm_mark) I'm dead certain that both the mark
> value and mask are being copied. Actually in the next inline
> function right below sizeof(struct xfrm_mark) is used, too:
> 
> static inline int xfrm_mark_put(struct sk_buff *skb, struct xfrm_mark *m)
> {
>     if (m->m | m->v)
>        NLA_PUT(skb, XFRMA_MARK, sizeof(struct xfrm_mark), m);
>     return 0;

In that case I withdraw my suggestion.
--
To unsubscribe from this list: send the line "unsubscribe netdev" in
the body of a message to majordomo@vger.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html

--- linux/include/net/xfrm.h.ori	2010-06-28 18:53:28.229489876 +0200
+++ linux/include/net/xfrm.h	2010-06-28 18:53:50.745487383 +0200
@@ -1587,7 +1587,7 @@ 
 static inline int xfrm_mark_get(struct nlattr **attrs, struct xfrm_mark *m)
 {
 	if (attrs[XFRMA_MARK])
-		memcpy(m, nla_data(attrs[XFRMA_MARK]), sizeof(m));
+		memcpy(m, nla_data(attrs[XFRMA_MARK]), sizeof(struct xfrm_mark));
 	else
 		m->v = m->m = 0;

static inline int xfrm_mark_get() broken

Commit Message

Comments

Patch