From patchwork Fri Apr 20 19:15:03 2018 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Alexander Aring X-Patchwork-Id: 902142 X-Patchwork-Delegate: davem@davemloft.net Return-Path: X-Original-To: patchwork-incoming-netdev@ozlabs.org Delivered-To: patchwork-incoming-netdev@ozlabs.org Authentication-Results: ozlabs.org; spf=none (mailfrom) smtp.mailfrom=vger.kernel.org (client-ip=209.132.180.67; helo=vger.kernel.org; envelope-from=netdev-owner@vger.kernel.org; receiver=) Authentication-Results: ozlabs.org; dmarc=none (p=none dis=none) header.from=mojatatu.com Authentication-Results: ozlabs.org; dkim=pass (2048-bit key; unprotected) header.d=mojatatu-com.20150623.gappssmtp.com header.i=@mojatatu-com.20150623.gappssmtp.com header.b="jY3TngwV"; dkim-atps=neutral Received: from vger.kernel.org (vger.kernel.org [209.132.180.67]) by ozlabs.org (Postfix) with ESMTP id 40SQZ42ZBkz9s1w for ; Sat, 21 Apr 2018 05:16:12 +1000 (AEST) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1752609AbeDTTQK (ORCPT ); Fri, 20 Apr 2018 15:16:10 -0400 Received: from mail-it0-f67.google.com ([209.85.214.67]:51001 "EHLO mail-it0-f67.google.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1752288AbeDTTQF (ORCPT ); Fri, 20 Apr 2018 15:16:05 -0400 Received: by mail-it0-f67.google.com with SMTP id p3-v6so3351537itc.0 for ; Fri, 20 Apr 2018 12:16:05 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=mojatatu-com.20150623.gappssmtp.com; s=20150623; h=from:to:cc:subject:date:message-id:in-reply-to:references; bh=ZC3fcZ+RpFyuXMDZj8NpR1HzBPSwIX4X3cK/ojdO6j0=; b=jY3TngwVUiOkHWBzYqVZQUm5oAK6n5yw7yWpDgam9Go46IWR8zR4Z/Z+DXLu/Sf4X+ Ej7sRK56dArBFYJw3zXx4FrkzdUoTupi2cUT2ugK8wR90y0LAfqROjjSrOOWtYs1ULwl IoYYKO4I+Jx0lfHXjPX9jvXwAUEsE5nZzAOqIe/2ekXk4S2dHsD7lbus9h9tWPHasNxt SzlMOjwtmCL0YzwZ+RD4TXHmr8rvRXmGf5Il158+JeeZm3zF66d4mIviJ3NPYcB7YqiU nIwZG694ol1L72cQ0OyAidd2X4tvZcrrM79lsV6S8macDRm/Rn2YzYXXOk4WsfsvasN3 i0gA== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:from:to:cc:subject:date:message-id:in-reply-to :references; bh=ZC3fcZ+RpFyuXMDZj8NpR1HzBPSwIX4X3cK/ojdO6j0=; b=sEHKM8aPyvLzv+U5Mz0N0/CckAQ6jyo6LRjfwpE1v5+tpp4rrmXUe/T5DQTCD6fS5E QrkLfYgUKnkic0JMVNwywbtBKdK2NdfXqKEGhq5vv1ImMne4G/25OPPL3y5APc1jKhrs JP9LidUgQ8VScfmCGVhgZueGwgt9PKER7IlIUqfxqy9yHYE/TcccthcOVfPQf2FtT3eV 4q6zCLkKThkgK2PtzTnNdsFMaytVAc1/Oi67N5uI6kIh3mnar/O+OX5WkY3ySXmiIdsN A7HlK0VxSdh0N97jYTYbMVhPeohlt5onPXvwQDGFyyI5BHPFoOZNzT2h1lM3jlG2SZTC N1+g== X-Gm-Message-State: ALQs6tAe6lCUr61B5zvbt/dBa6Vml7EBjdwA84tFqBuvm3i3qG1PvJeR 2TsdujPbJeC9e4t0b31a5RWndg== X-Google-Smtp-Source: AIpwx4/g2NEHKZ+hiiAqICk0gQCSWjsUwVYx/1MP0xqgr6crll7uhxgtSoVqC5jOIxknH0YqiF1a3w== X-Received: by 2002:a24:af02:: with SMTP id t2-v6mr4252707ite.11.1524251764901; Fri, 20 Apr 2018 12:16:04 -0700 (PDT) Received: from x220t.lan ([64.26.149.125]) by smtp.gmail.com with ESMTPSA id g202-v6sm1179368ita.13.2018.04.20.12.16.03 (version=TLS1_2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128); Fri, 20 Apr 2018 12:16:04 -0700 (PDT) From: Alexander Aring To: yotam.gi@gmail.com Cc: jhs@mojatatu.com, davem@davemloft.net, xiyou.wangcong@gmail.com, jiri@resnulli.us, yuvalm@mellanox.com, netdev@vger.kernel.org, kernel@mojatatu.com, Alexander Aring Subject: [PATCHv4 net 1/3] net: sched: ife: signal not finding metaid Date: Fri, 20 Apr 2018 15:15:03 -0400 Message-Id: <20180420191505.27633-2-aring@mojatatu.com> X-Mailer: git-send-email 2.11.0 In-Reply-To: <20180420191505.27633-1-aring@mojatatu.com> References: <20180420191505.27633-1-aring@mojatatu.com> Sender: netdev-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: netdev@vger.kernel.org We need to record stats for received metadata that we dont know how to process. Have find_decode_metaid() return -ENOENT to capture this. Signed-off-by: Alexander Aring Reviewed-by: Yotam Gigi Acked-by: Jamal Hadi Salim --- net/sched/act_ife.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/net/sched/act_ife.c b/net/sched/act_ife.c index a5994cf0512b..49b8ab551fbe 100644 --- a/net/sched/act_ife.c +++ b/net/sched/act_ife.c @@ -652,7 +652,7 @@ static int find_decode_metaid(struct sk_buff *skb, struct tcf_ife_info *ife, } } - return 0; + return -ENOENT; } static int tcf_ife_decode(struct sk_buff *skb, const struct tc_action *a, From patchwork Fri Apr 20 19:15:04 2018 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Alexander Aring X-Patchwork-Id: 902143 X-Patchwork-Delegate: davem@davemloft.net Return-Path: X-Original-To: patchwork-incoming-netdev@ozlabs.org Delivered-To: patchwork-incoming-netdev@ozlabs.org Authentication-Results: ozlabs.org; spf=none (mailfrom) smtp.mailfrom=vger.kernel.org (client-ip=209.132.180.67; helo=vger.kernel.org; envelope-from=netdev-owner@vger.kernel.org; receiver=) Authentication-Results: ozlabs.org; dmarc=none (p=none dis=none) header.from=mojatatu.com Authentication-Results: ozlabs.org; dkim=pass (2048-bit key; unprotected) header.d=mojatatu-com.20150623.gappssmtp.com header.i=@mojatatu-com.20150623.gappssmtp.com header.b="2FMNSGDj"; dkim-atps=neutral Received: from vger.kernel.org (vger.kernel.org [209.132.180.67]) by ozlabs.org (Postfix) with ESMTP id 40SQZ86fD2z9s1w for ; Sat, 21 Apr 2018 05:16:16 +1000 (AEST) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1752558AbeDTTQJ (ORCPT ); Fri, 20 Apr 2018 15:16:09 -0400 Received: from mail-io0-f193.google.com ([209.85.223.193]:41149 "EHLO mail-io0-f193.google.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1751293AbeDTTQG (ORCPT ); Fri, 20 Apr 2018 15:16:06 -0400 Received: by mail-io0-f193.google.com with SMTP id o7-v6so9901535iob.8 for ; Fri, 20 Apr 2018 12:16:06 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=mojatatu-com.20150623.gappssmtp.com; s=20150623; h=from:to:cc:subject:date:message-id:in-reply-to:references; bh=fQ+c5CThU/W/+XvIOAE9hvPo7oD5mP2q37ly5R4/DAI=; b=2FMNSGDj9FRO1pOKHlYBVSR2jv/n6YQbdD8q4K3WsVP8epwARK1mKeyvQziDSyeCEt 1ecWG9VQ5BFkJCyU/+AZxPuDUDaEO9ynBLmUz8JYULQkZu2V/2qOVPQGtHVPGbuKoc0F Urjjmw+2SMRktRYHz7tUCmss/1I7vhSE1nG1uy/5EBCAXRgBidvaH9dgWtlRRlw0l0gx 8TRqVZnPOoP7aPCFzG765dryn0DWiU7IN5rTnjF2SkZr4neabeh1KLpJDiqBS3TCqz2P 2mfTMc3WDLFrGx+u6JpYuZb1n99kFX1nc/+un1jzcoQmz/R48NN0gqcalg4Dxkdo/LG0 76bw== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:from:to:cc:subject:date:message-id:in-reply-to :references; bh=fQ+c5CThU/W/+XvIOAE9hvPo7oD5mP2q37ly5R4/DAI=; b=ppzs2bf235+07MaAH5MZZzfNiRTf4Z/nOYNp+kHrgGZklbSga2aKRMLK2oyaQIond/ wa2X/seBJV0scY81xFYMzBQujO3kYz2piySW9PfW5Zcs2MeSOhEGcBTSDzwP/tcHGbcO KQWKoP5yCrED7qvDMF94Qi7NOZ9pNxoefJRq8IOL5diDJVnj8yFMW4ZsMTfAbkX+grwf l3rfBQ0WCDqw+nd2Lu7PpZYZ8PxyVh/iglURkoVxYvl7spo8gVPkfJNnmcCIUaa6Z85w 8ZkL+nq9ALEBRGqm/gvaElCygw2vMYsU5MVayqHO2epYCNwkmdgsYE0RvTTbAIV1oV3h p0dw== X-Gm-Message-State: ALQs6tBxaaFbEwi5nquOIa4TJDJl178QTz0jIygTf+yJKj7Yy/3buzV+ 9qKam5jvlQC11T/2GjgxEDY39Q== X-Google-Smtp-Source: AB8JxZqI4uWC30w2FEf/3OvoDSX1QZY24uFVsi+TCraF4M1SGvbOAkyzD4MrfMJGigUOwQjxE9jedQ== X-Received: by 2002:a6b:c6cb:: with SMTP id w194-v6mr11508351iof.131.1524251766038; Fri, 20 Apr 2018 12:16:06 -0700 (PDT) Received: from x220t.lan ([64.26.149.125]) by smtp.gmail.com with ESMTPSA id g202-v6sm1179368ita.13.2018.04.20.12.16.04 (version=TLS1_2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128); Fri, 20 Apr 2018 12:16:05 -0700 (PDT) From: Alexander Aring To: yotam.gi@gmail.com Cc: jhs@mojatatu.com, davem@davemloft.net, xiyou.wangcong@gmail.com, jiri@resnulli.us, yuvalm@mellanox.com, netdev@vger.kernel.org, kernel@mojatatu.com, Alexander Aring Subject: [PATCHv4 net 2/3] net: sched: ife: handle malformed tlv length Date: Fri, 20 Apr 2018 15:15:04 -0400 Message-Id: <20180420191505.27633-3-aring@mojatatu.com> X-Mailer: git-send-email 2.11.0 In-Reply-To: <20180420191505.27633-1-aring@mojatatu.com> References: <20180420191505.27633-1-aring@mojatatu.com> Sender: netdev-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: netdev@vger.kernel.org There is currently no handling to check on a invalid tlv length. This patch adds such handling to avoid killing the kernel with a malformed ife packet. Signed-off-by: Alexander Aring Reviewed-by: Yotam Gigi Acked-by: Jamal Hadi Salim --- include/net/ife.h | 3 ++- net/ife/ife.c | 35 +++++++++++++++++++++++++++++++++-- net/sched/act_ife.c | 7 ++++++- 3 files changed, 41 insertions(+), 4 deletions(-) diff --git a/include/net/ife.h b/include/net/ife.h index 44b9c00f7223..e117617e3c34 100644 --- a/include/net/ife.h +++ b/include/net/ife.h @@ -12,7 +12,8 @@ void *ife_encode(struct sk_buff *skb, u16 metalen); void *ife_decode(struct sk_buff *skb, u16 *metalen); -void *ife_tlv_meta_decode(void *skbdata, u16 *attrtype, u16 *dlen, u16 *totlen); +void *ife_tlv_meta_decode(void *skbdata, const void *ifehdr_end, u16 *attrtype, + u16 *dlen, u16 *totlen); int ife_tlv_meta_encode(void *skbdata, u16 attrtype, u16 dlen, const void *dval); diff --git a/net/ife/ife.c b/net/ife/ife.c index 7d1ec76e7f43..7fbe70a0af4b 100644 --- a/net/ife/ife.c +++ b/net/ife/ife.c @@ -92,12 +92,43 @@ struct meta_tlvhdr { __be16 len; }; +static bool __ife_tlv_meta_valid(const unsigned char *skbdata, + const unsigned char *ifehdr_end) +{ + const struct meta_tlvhdr *tlv; + u16 tlvlen; + + if (unlikely(skbdata + sizeof(*tlv) > ifehdr_end)) + return false; + + tlv = (const struct meta_tlvhdr *)skbdata; + tlvlen = ntohs(tlv->len); + + /* tlv length field is inc header, check on minimum */ + if (tlvlen < NLA_HDRLEN) + return false; + + /* overflow by NLA_ALIGN check */ + if (NLA_ALIGN(tlvlen) < tlvlen) + return false; + + if (unlikely(skbdata + NLA_ALIGN(tlvlen) > ifehdr_end)) + return false; + + return true; +} + /* Caller takes care of presenting data in network order */ -void *ife_tlv_meta_decode(void *skbdata, u16 *attrtype, u16 *dlen, u16 *totlen) +void *ife_tlv_meta_decode(void *skbdata, const void *ifehdr_end, u16 *attrtype, + u16 *dlen, u16 *totlen) { - struct meta_tlvhdr *tlv = (struct meta_tlvhdr *) skbdata; + struct meta_tlvhdr *tlv; + + if (!__ife_tlv_meta_valid(skbdata, ifehdr_end)) + return NULL; + tlv = (struct meta_tlvhdr *)skbdata; *dlen = ntohs(tlv->len) - NLA_HDRLEN; *attrtype = ntohs(tlv->type); diff --git a/net/sched/act_ife.c b/net/sched/act_ife.c index 49b8ab551fbe..8527cfdc446d 100644 --- a/net/sched/act_ife.c +++ b/net/sched/act_ife.c @@ -682,7 +682,12 @@ static int tcf_ife_decode(struct sk_buff *skb, const struct tc_action *a, u16 mtype; u16 dlen; - curr_data = ife_tlv_meta_decode(tlv_data, &mtype, &dlen, NULL); + curr_data = ife_tlv_meta_decode(tlv_data, ifehdr_end, &mtype, + &dlen, NULL); + if (!curr_data) { + qstats_drop_inc(this_cpu_ptr(ife->common.cpu_qstats)); + return TC_ACT_SHOT; + } if (find_decode_metaid(skb, ife, mtype, dlen, curr_data)) { /* abuse overlimits to count when we receive metadata From patchwork Fri Apr 20 19:15:05 2018 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Alexander Aring X-Patchwork-Id: 902144 X-Patchwork-Delegate: davem@davemloft.net Return-Path: X-Original-To: patchwork-incoming-netdev@ozlabs.org Delivered-To: patchwork-incoming-netdev@ozlabs.org Authentication-Results: ozlabs.org; spf=none (mailfrom) smtp.mailfrom=vger.kernel.org (client-ip=209.132.180.67; helo=vger.kernel.org; envelope-from=netdev-owner@vger.kernel.org; receiver=) Authentication-Results: ozlabs.org; dmarc=none (p=none dis=none) header.from=mojatatu.com Authentication-Results: ozlabs.org; dkim=pass (2048-bit key; unprotected) header.d=mojatatu-com.20150623.gappssmtp.com header.i=@mojatatu-com.20150623.gappssmtp.com header.b="JbuwLfl0"; dkim-atps=neutral Received: from vger.kernel.org (vger.kernel.org [209.132.180.67]) by ozlabs.org (Postfix) with ESMTP id 40SQZF1JCXz9s1w for ; Sat, 21 Apr 2018 05:16:21 +1000 (AEST) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1752629AbeDTTQT (ORCPT ); Fri, 20 Apr 2018 15:16:19 -0400 Received: from mail-io0-f194.google.com ([209.85.223.194]:36209 "EHLO mail-io0-f194.google.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1752159AbeDTTQI (ORCPT ); Fri, 20 Apr 2018 15:16:08 -0400 Received: by mail-io0-f194.google.com with SMTP id c26-v6so11732674iob.3 for ; Fri, 20 Apr 2018 12:16:07 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=mojatatu-com.20150623.gappssmtp.com; s=20150623; h=from:to:cc:subject:date:message-id:in-reply-to:references; bh=4lMWGMMomKYweymg8NoZWUlZnT6SjyB5A/jYV1nwoFU=; b=JbuwLfl0DJ3DguMog3QHsvClTbYU9Bk1JA22/iZqyahCmHZWoTTavk3ahNIXbKu6sd uccRlrY1pswZum+Gsn1ovJMutzAW1NCUKPCA51xG1yBriU6yyHkGFV7S8/CWUTRIadz+ vBWLY+h2/n8i5/EQ38bkVjPAdcLiCyGTRmCTRgpK/6zjBaHYgL9c63INjJW+6llpT0LJ ArsIm5BEnPA4dNKbrrJPdmjgaU645WOcsZYO03K6GuJQv7M3peUFb1dGx75x4iBPMFEI a1s2IFPs1x7olv+dQSd/SMzg2lchHBFsgf2S025vAOt6r+1SzHU2M1h0gNzs8plR248e 0g4g== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:from:to:cc:subject:date:message-id:in-reply-to :references; bh=4lMWGMMomKYweymg8NoZWUlZnT6SjyB5A/jYV1nwoFU=; b=OxlWTTl9nrEdBy5ZMGU26Acp7iVTmb8ha2VgTglSbQOL1AcxeffcZY+UvUBAeVv/5r iBUDPCimPCVql7y9Y5XAbQvlEiR/2GLXTD+WxRVtihmYhi5ERcAs7GB4q0m0J8MZf7q8 LOUHeZfALgU/A9guMFr+sCXV87I9AbUkQzlV5RKZjWuYlYX/3LlOYyuiBXnXl8HhDmSs d/Qw3pQkDkR7QVQ3eOd34EsE3ENj7yYXsIKilIb2NGbLhHV/4pe2f1MGFfMtZzQ+Ekmh BCaTbQe9M8e6giCaRolghCegoSBQfg2VDSwW9XL0OQ5WisYOeILc0NtMJeXPHnBmAl3G Gy/g== X-Gm-Message-State: ALQs6tAnzGULUKmAPgm2nuHHCrWxbrfjLyymUzBI0s2yeQiwvr868LJL b8JxbDv/oxrJR+pMhAjdonigRA== X-Google-Smtp-Source: AB8JxZpPSdccR58xga/8mIQTLTRcc5blbP1r5QwgazqJRUweARzZjAmFVyf6Lzfhu6Aj49JO15lB3w== X-Received: by 2002:a6b:9809:: with SMTP id a9-v6mr2229330ioe.239.1524251767202; Fri, 20 Apr 2018 12:16:07 -0700 (PDT) Received: from x220t.lan ([64.26.149.125]) by smtp.gmail.com with ESMTPSA id g202-v6sm1179368ita.13.2018.04.20.12.16.06 (version=TLS1_2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128); Fri, 20 Apr 2018 12:16:06 -0700 (PDT) From: Alexander Aring To: yotam.gi@gmail.com Cc: jhs@mojatatu.com, davem@davemloft.net, xiyou.wangcong@gmail.com, jiri@resnulli.us, yuvalm@mellanox.com, netdev@vger.kernel.org, kernel@mojatatu.com, Alexander Aring Subject: [PATCHv4 net 3/3] net: sched: ife: check on metadata length Date: Fri, 20 Apr 2018 15:15:05 -0400 Message-Id: <20180420191505.27633-4-aring@mojatatu.com> X-Mailer: git-send-email 2.11.0 In-Reply-To: <20180420191505.27633-1-aring@mojatatu.com> References: <20180420191505.27633-1-aring@mojatatu.com> Sender: netdev-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: netdev@vger.kernel.org This patch checks if sk buffer is available to dererence ife header. If not then NULL will returned to signal an malformed ife packet. This avoids to crashing the kernel from outside. Signed-off-by: Alexander Aring Reviewed-by: Yotam Gigi Acked-by: Jamal Hadi Salim --- net/ife/ife.c | 3 +++ 1 file changed, 3 insertions(+) diff --git a/net/ife/ife.c b/net/ife/ife.c index 7fbe70a0af4b..13bbf8cb6a39 100644 --- a/net/ife/ife.c +++ b/net/ife/ife.c @@ -69,6 +69,9 @@ void *ife_decode(struct sk_buff *skb, u16 *metalen) int total_pull; u16 ifehdrln; + if (!pskb_may_pull(skb, skb->dev->hard_header_len + IFE_METAHDRLEN)) + return NULL; + ifehdr = (struct ifeheadr *) (skb->data + skb->dev->hard_header_len); ifehdrln = ntohs(ifehdr->metalen); total_pull = skb->dev->hard_header_len + ifehdrln;