From patchwork Wed Sep 12 23:32:49 2012 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Nishank Trivedi X-Patchwork-Id: 183471 X-Patchwork-Delegate: davem@davemloft.net Return-Path: X-Original-To: patchwork-incoming@ozlabs.org Delivered-To: patchwork-incoming@ozlabs.org Received: from vger.kernel.org (vger.kernel.org [209.132.180.67]) by ozlabs.org (Postfix) with ESMTP id 4B9432C00C0 for ; Thu, 13 Sep 2012 09:57:50 +1000 (EST) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1757336Ab2ILX5f (ORCPT ); Wed, 12 Sep 2012 19:57:35 -0400 Received: from mtv-iport-3.cisco.com ([173.36.130.14]:61728 "EHLO mtv-iport-3.cisco.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S933080Ab2ILXmc (ORCPT ); Wed, 12 Sep 2012 19:42:32 -0400 X-Greylist: delayed 576 seconds by postgrey-1.27 at vger.kernel.org; Wed, 12 Sep 2012 19:42:32 EDT DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=cisco.com; i=@cisco.com; l=1776; q=dns/txt; s=iport; t=1347493352; x=1348702952; h=from:to:cc:subject:date:message-id; bh=ORe/Qbc253825X78TPavzEXKqTZ3FHZommOUDiifd4o=; b=FXFnH7pgf50yr3wrrMJTt1mRfQybmB5eYyCnAMsBaBrgxzFKnIjbTvRH KOwx8U+FtC+Zh3Yukbux3tvbK03f0tvaNLG4hFtbKSbCHrMC5E7S/GRmL PJnyUrnqM/XYxUrfro6Oy7CeGVLeOxD2tPDfgmkcySGF74z1VUr4z1q3L U=; X-IronPort-AV: E=Sophos;i="4.80,413,1344211200"; d="scan'208";a="55499299" Received: from mtv-core-3.cisco.com ([171.68.58.8]) by mtv-iport-3.cisco.com with ESMTP; 12 Sep 2012 23:32:54 +0000 Received: from kernelpanic.cisco.com (kernelpanic.cisco.com [171.71.12.106]) (authenticated bits=0) by mtv-core-3.cisco.com (8.14.5/8.14.5) with ESMTP id q8CNWprA017448 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=NO); Wed, 12 Sep 2012 23:32:54 GMT From: Nishank Trivedi To: netdev@vger.kernel.org Cc: benve@cisco.com, Nishank Trivedi Subject: [PATCH] pktgen: fix crash with vlan and packet size less than 46 Date: Wed, 12 Sep 2012 16:32:49 -0700 Message-Id: <1347492769-32409-1-git-send-email-nistrive@cisco.com> X-Mailer: git-send-email 1.7.11.4 X-Authenticated-User: nistrive@cisco.com Sender: netdev-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: netdev@vger.kernel.org If vlan option is being specified in the pktgen and packet size being requested is less than 46 bytes, despite being illogical request, pktgen should not crash the kernel. BUG: unable to handle kernel paging request at ffff88021fb82000 Process kpktgend_0 (pid: 1184, threadinfo ffff880215f1a000, task ffff880218544530) Call Trace: [] ? pktgen_finalize_skb+0x222/0x300 [pktgen] [] ? build_skb+0x34/0x1c0 [] pktgen_thread_worker+0x5d1/0x1790 [pktgen] [] ? igb_xmit_frame_ring+0xa30/0xa30 [igb] [] ? wake_up_bit+0x40/0x40 [] ? wake_up_bit+0x40/0x40 [] ? spin+0x240/0x240 [pktgen] [] kthread+0x93/0xa0 [] kernel_thread_helper+0x4/0x10 [] ? flush_kthread_worker+0x80/0x80 [] ? gs_change+0x13/0x13 The root cause of why pktgen is not able to handle this case is due to comparison of signed (datalen) and unsigned data (sizeof), which eventually passes a huge number to skb_put(). Signed-off-by: Nishank Trivedi --- net/core/pktgen.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/net/core/pktgen.c b/net/core/pktgen.c index cce9e53..148e73d 100644 --- a/net/core/pktgen.c +++ b/net/core/pktgen.c @@ -2721,7 +2721,7 @@ static struct sk_buff *fill_packet_ipv4(struct net_device *odev, /* Eth + IPh + UDPh + mpls */ datalen = pkt_dev->cur_pkt_size - 14 - 20 - 8 - pkt_dev->pkt_overhead; - if (datalen < sizeof(struct pktgen_hdr)) + if (datalen < 0 || datalen < sizeof(struct pktgen_hdr)) datalen = sizeof(struct pktgen_hdr); udph->source = htons(pkt_dev->cur_udp_src);