From patchwork Fri Oct 11 17:58:31 2013 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Seif Mazareeb X-Patchwork-Id: 282884 X-Patchwork-Delegate: davem@davemloft.net Return-Path: X-Original-To: patchwork-incoming@ozlabs.org Delivered-To: patchwork-incoming@ozlabs.org Received: from vger.kernel.org (vger.kernel.org [209.132.180.67]) by ozlabs.org (Postfix) with ESMTP id DFB292C016E for ; Sat, 12 Oct 2013 04:58:42 +1100 (EST) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1754354Ab3JKR6j (ORCPT ); Fri, 11 Oct 2013 13:58:39 -0400 Received: from mx0b-0016f401.pphosted.com ([67.231.156.173]:51346 "EHLO mx0b-0016f401.pphosted.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1752772Ab3JKR6i convert rfc822-to-8bit (ORCPT ); Fri, 11 Oct 2013 13:58:38 -0400 Received: from pps.filterd (m0045851.ppops.net [127.0.0.1]) by mx0b-0016f401.pphosted.com (8.14.5/8.14.5) with SMTP id r9BHwYPJ011048; Fri, 11 Oct 2013 10:58:34 -0700 Received: from sc-owa.marvell.com ([199.233.58.135]) by mx0b-0016f401.pphosted.com with ESMTP id 1feh5th9ys-3 (version=TLSv1/SSLv3 cipher=AES128-SHA bits=128 verify=NOT); Fri, 11 Oct 2013 10:58:34 -0700 Received: from SC-vEXCH2.marvell.com ([10.93.76.134]) by SC-OWA.marvell.com ([::1]) with mapi; Fri, 11 Oct 2013 10:58:32 -0700 From: Seif Mazareeb To: "davem@davemloft.net" , "paul@paul-moore.com" , "netdev@vger.kernel.org" CC: "thomas.petazzoni@free-electrons.com" , Dmitri Epshtein Date: Fri, 11 Oct 2013 10:58:31 -0700 Subject: [PATCH 1/1] net: fix cipso packet validation when !NETLABEL Thread-Topic: [PATCH 1/1] net: fix cipso packet validation when !NETLABEL Thread-Index: Ac7Gq37oxrTPVgk+TlKpBj5lbA08nw== Message-ID: <0DB595A2CB707F458400BE9663B6A72269C0047793@SC-VEXCH2.marvell.com> Accept-Language: en-US Content-Language: en-US X-MS-Has-Attach: X-MS-TNEF-Correlator: acceptlanguage: en-US MIME-Version: 1.0 X-Proofpoint-Virus-Version: vendor=fsecure engine=2.50.10432:5.10.8794, 1.0.431, 0.0.0000 definitions=2013-10-11_07:2013-10-11, 2013-10-11, 1970-01-01 signatures=0 X-Proofpoint-Spam-Details: rule=outbound_notspam policy=outbound score=0 spamscore=0 suspectscore=0 phishscore=0 adultscore=0 bulkscore=0 classifier=spam adjust=0 reason=mlx scancount=1 engine=7.0.1-1305240000 definitions=main-1310110075 Sender: netdev-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: netdev@vger.kernel.org When CONFIG_NETLABEL is disabled, the cipso_v4_validate() function could loop forever in the main loop if opt[opt_iter +1] == 0, this will causing a kernel crash in an SMP system, since the CPU executing this function will stall /not respond to IPIs. This problem can be reproduced by running the IP Stack Integrity Checker (http://isic.sourceforge.net) using the following command on a Linux machine connected to DUT: "icmpsic -s rand -d -r 123456" wait (1-2 min) Signed-off-by: Seif Mazareeb --- include/net/cipso_ipv4.h | 4 ++++ 1 file changed, 4 insertions(+) -- 1.8.1.2 -- To unsubscribe from this list: send the line "unsubscribe netdev" in the body of a message to majordomo@vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html diff --git a/include/net/cipso_ipv4.h b/include/net/cipso_ipv4.h index a7a683e..047f1f6 100644 --- a/include/net/cipso_ipv4.h +++ b/include/net/cipso_ipv4.h @@ -306,6 +306,10 @@ static inline int cipso_v4_validate(const struct sk_buff *skb, err_offset = opt_iter + 1; goto out; } + + if (opt[opt_iter + 1] == 0) + break; + opt_iter += opt[opt_iter + 1]; }