From: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
To: linux-kernel@vger.kernel.org
Cc: Greg Kroah-Hartman <gregkh@linuxfoundation.org>,
stable@vger.kernel.org, Daniel Axtens <dja@axtens.net>,
"David S. Miller" <davem@davemloft.net>,
Jack Wang <jinpu.wang@cloud.ionos.com>,
Sasha Levin <sashal@kernel.org>
Subject: [PATCH 4.9 20/58] net: create skb_gso_validate_mac_len()
Date: Mon, 18 Feb 2019 14:43:41 +0100 [thread overview]
Message-ID: <20190218133510.108755343@linuxfoundation.org> (raw)
In-Reply-To: <20190218133508.567416115@linuxfoundation.org>
4.9-stable review patch. If anyone has any objections, please let me know.
------------------
commit 2b16f048729bf35e6c28a40cbfad07239f9dcd90 upstream
If you take a GSO skb, and split it into packets, will the MAC
length (L2 + L3 + L4 headers + payload) of those packets be small
enough to fit within a given length?
Move skb_gso_mac_seglen() to skbuff.h with other related functions
like skb_gso_network_seglen() so we can use it, and then create
skb_gso_validate_mac_len to do the full calculation.
Signed-off-by: Daniel Axtens <dja@axtens.net>
Signed-off-by: David S. Miller <davem@davemloft.net>
[jwang: cherry pick for CVE-2018-1000026]
Signed-off-by: Jack Wang <jinpu.wang@cloud.ionos.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
include/linux/skbuff.h | 16 +++++++++++
net/core/skbuff.c | 63 +++++++++++++++++++++++++++++++++---------
net/sched/sch_tbf.c | 10 -------
3 files changed, 66 insertions(+), 23 deletions(-)
diff --git a/include/linux/skbuff.h b/include/linux/skbuff.h
index ed329a39d621..f8761774a94f 100644
--- a/include/linux/skbuff.h
+++ b/include/linux/skbuff.h
@@ -3102,6 +3102,7 @@ int skb_shift(struct sk_buff *tgt, struct sk_buff *skb, int shiftlen);
void skb_scrub_packet(struct sk_buff *skb, bool xnet);
unsigned int skb_gso_transport_seglen(const struct sk_buff *skb);
bool skb_gso_validate_mtu(const struct sk_buff *skb, unsigned int mtu);
+bool skb_gso_validate_mac_len(const struct sk_buff *skb, unsigned int len);
struct sk_buff *skb_segment(struct sk_buff *skb, netdev_features_t features);
struct sk_buff *skb_vlan_untag(struct sk_buff *skb);
int skb_ensure_writable(struct sk_buff *skb, int write_len);
@@ -3880,6 +3881,21 @@ static inline unsigned int skb_gso_network_seglen(const struct sk_buff *skb)
return hdr_len + skb_gso_transport_seglen(skb);
}
+/**
+ * skb_gso_mac_seglen - Return length of individual segments of a gso packet
+ *
+ * @skb: GSO skb
+ *
+ * skb_gso_mac_seglen is used to determine the real size of the
+ * individual segments, including MAC/L2, Layer3 (IP, IPv6) and L4
+ * headers (TCP/UDP).
+ */
+static inline unsigned int skb_gso_mac_seglen(const struct sk_buff *skb)
+{
+ unsigned int hdr_len = skb_transport_header(skb) - skb_mac_header(skb);
+ return hdr_len + skb_gso_transport_seglen(skb);
+}
+
/* Local Checksum Offload.
* Compute outer checksum based on the assumption that the
* inner checksum will be offloaded later.
diff --git a/net/core/skbuff.c b/net/core/skbuff.c
index dca1fed0d7da..11501165f0df 100644
--- a/net/core/skbuff.c
+++ b/net/core/skbuff.c
@@ -4469,37 +4469,74 @@ unsigned int skb_gso_transport_seglen(const struct sk_buff *skb)
EXPORT_SYMBOL_GPL(skb_gso_transport_seglen);
/**
- * skb_gso_validate_mtu - Return in case such skb fits a given MTU
+ * skb_gso_size_check - check the skb size, considering GSO_BY_FRAGS
*
- * @skb: GSO skb
- * @mtu: MTU to validate against
+ * There are a couple of instances where we have a GSO skb, and we
+ * want to determine what size it would be after it is segmented.
*
- * skb_gso_validate_mtu validates if a given skb will fit a wanted MTU
- * once split.
+ * We might want to check:
+ * - L3+L4+payload size (e.g. IP forwarding)
+ * - L2+L3+L4+payload size (e.g. sanity check before passing to driver)
+ *
+ * This is a helper to do that correctly considering GSO_BY_FRAGS.
+ *
+ * @seg_len: The segmented length (from skb_gso_*_seglen). In the
+ * GSO_BY_FRAGS case this will be [header sizes + GSO_BY_FRAGS].
+ *
+ * @max_len: The maximum permissible length.
+ *
+ * Returns true if the segmented length <= max length.
*/
-bool skb_gso_validate_mtu(const struct sk_buff *skb, unsigned int mtu)
-{
+static inline bool skb_gso_size_check(const struct sk_buff *skb,
+ unsigned int seg_len,
+ unsigned int max_len) {
const struct skb_shared_info *shinfo = skb_shinfo(skb);
const struct sk_buff *iter;
- unsigned int hlen;
-
- hlen = skb_gso_network_seglen(skb);
if (shinfo->gso_size != GSO_BY_FRAGS)
- return hlen <= mtu;
+ return seg_len <= max_len;
/* Undo this so we can re-use header sizes */
- hlen -= GSO_BY_FRAGS;
+ seg_len -= GSO_BY_FRAGS;
skb_walk_frags(skb, iter) {
- if (hlen + skb_headlen(iter) > mtu)
+ if (seg_len + skb_headlen(iter) > max_len)
return false;
}
return true;
}
+
+/**
+ * skb_gso_validate_mtu - Return in case such skb fits a given MTU
+ *
+ * @skb: GSO skb
+ * @mtu: MTU to validate against
+ *
+ * skb_gso_validate_mtu validates if a given skb will fit a wanted MTU
+ * once split.
+ */
+bool skb_gso_validate_mtu(const struct sk_buff *skb, unsigned int mtu)
+{
+ return skb_gso_size_check(skb, skb_gso_network_seglen(skb), mtu);
+}
EXPORT_SYMBOL_GPL(skb_gso_validate_mtu);
+/**
+ * skb_gso_validate_mac_len - Will a split GSO skb fit in a given length?
+ *
+ * @skb: GSO skb
+ * @len: length to validate against
+ *
+ * skb_gso_validate_mac_len validates if a given skb will fit a wanted
+ * length once split, including L2, L3 and L4 headers and the payload.
+ */
+bool skb_gso_validate_mac_len(const struct sk_buff *skb, unsigned int len)
+{
+ return skb_gso_size_check(skb, skb_gso_mac_seglen(skb), len);
+}
+EXPORT_SYMBOL_GPL(skb_gso_validate_mac_len);
+
static struct sk_buff *skb_reorder_vlan_header(struct sk_buff *skb)
{
int mac_len;
diff --git a/net/sched/sch_tbf.c b/net/sched/sch_tbf.c
index b3f7980b0f27..d646aa770ac8 100644
--- a/net/sched/sch_tbf.c
+++ b/net/sched/sch_tbf.c
@@ -142,16 +142,6 @@ static u64 psched_ns_t2l(const struct psched_ratecfg *r,
return len;
}
-/*
- * Return length of individual segments of a gso packet,
- * including all headers (MAC, IP, TCP/UDP)
- */
-static unsigned int skb_gso_mac_seglen(const struct sk_buff *skb)
-{
- unsigned int hdr_len = skb_transport_header(skb) - skb_mac_header(skb);
- return hdr_len + skb_gso_transport_seglen(skb);
-}
-
/* GSO packet is too big, segment it so that tbf can transmit
* each segment in time
*/
--
2.19.1
next prev parent reply other threads:[~2019-02-18 13:59 UTC|newest]
Thread overview: 64+ messages / expand[flat|nested] mbox.gz Atom feed top
2019-02-18 13:43 [PATCH 4.9 00/58] 4.9.159-stable review Greg Kroah-Hartman
2019-02-18 13:43 ` [PATCH 4.9 01/58] dt-bindings: eeprom: at24: add "atmel,24c2048" compatible string Greg Kroah-Hartman
2019-02-18 13:43 ` [PATCH 4.9 02/58] eeprom: at24: add support for 24c2048 Greg Kroah-Hartman
2019-02-18 13:43 ` [PATCH 4.9 03/58] uapi/if_ether.h: prevent redefinition of struct ethhdr Greg Kroah-Hartman
2019-02-18 13:43 ` [PATCH 4.9 04/58] ARM: 8789/1: signal: copy registers using __copy_to_user() Greg Kroah-Hartman
2019-02-18 13:43 ` [PATCH 4.9 05/58] ARM: 8791/1: vfp: use __copy_to_user() when saving VFP state Greg Kroah-Hartman
2019-02-18 13:43 ` [PATCH 4.9 06/58] ARM: 8792/1: oabi-compat: copy oabi events using __copy_to_user() Greg Kroah-Hartman
2019-02-18 13:43 ` [PATCH 4.9 07/58] ARM: 8793/1: signal: replace __put_user_error with __put_user Greg Kroah-Hartman
2019-02-18 13:43 ` [PATCH 4.9 08/58] ARM: 8794/1: uaccess: Prevent speculative use of the current addr_limit Greg Kroah-Hartman
2019-02-18 13:43 ` [PATCH 4.9 09/58] ARM: 8795/1: spectre-v1.1: use put_user() for __put_user() Greg Kroah-Hartman
2019-02-18 13:43 ` [PATCH 4.9 10/58] ARM: 8796/1: spectre-v1,v1.1: provide helpers for address sanitization Greg Kroah-Hartman
2019-02-18 13:43 ` [PATCH 4.9 11/58] ARM: 8797/1: spectre-v1.1: harden __copy_to_user Greg Kroah-Hartman
2019-02-18 13:43 ` [PATCH 4.9 12/58] ARM: 8810/1: vfp: Fix wrong assignement to ufp_exc Greg Kroah-Hartman
2019-02-18 13:43 ` [PATCH 4.9 13/58] ARM: make lookup_processor_type() non-__init Greg Kroah-Hartman
2019-02-18 13:43 ` [PATCH 4.9 14/58] ARM: split out processor lookup Greg Kroah-Hartman
2019-02-18 13:43 ` [PATCH 4.9 15/58] ARM: clean up per-processor check_bugs method call Greg Kroah-Hartman
2019-02-18 13:43 ` [PATCH 4.9 16/58] ARM: add PROC_VTABLE and PROC_TABLE macros Greg Kroah-Hartman
2019-02-18 13:43 ` [PATCH 4.9 17/58] ARM: spectre-v2: per-CPU vtables to work around big.Little systems Greg Kroah-Hartman
2019-02-18 13:43 ` [PATCH 4.9 18/58] ARM: ensure that processor vtables is not lost after boot Greg Kroah-Hartman
2019-02-18 13:43 ` [PATCH 4.9 19/58] ARM: fix the cockup in the previous patch Greg Kroah-Hartman
2019-02-18 13:43 ` Greg Kroah-Hartman [this message]
2019-02-18 13:43 ` [PATCH 4.9 21/58] bnx2x: disable GSO where gso_size is too big for hardware Greg Kroah-Hartman
2019-02-18 13:43 ` [PATCH 4.9 22/58] ACPI: NUMA: Use correct type for printing addresses on i386-PAE Greg Kroah-Hartman
2019-02-18 13:43 ` [PATCH 4.9 23/58] cpufreq: check if policy is inactive early in __cpufreq_get() Greg Kroah-Hartman
2019-02-18 13:43 ` [PATCH 4.9 24/58] drm/bridge: tc358767: add defines for DP1_SRCCTRL & PHY_2LANE Greg Kroah-Hartman
2019-02-18 13:43 ` [PATCH 4.9 25/58] drm/bridge: tc358767: fix single lane configuration Greg Kroah-Hartman
2019-02-18 13:43 ` [PATCH 4.9 26/58] drm/bridge: tc358767: fix initial DP0/1_SRCCTRL value Greg Kroah-Hartman
2019-02-18 13:43 ` [PATCH 4.9 27/58] drm/bridge: tc358767: reject modes which require too much BW Greg Kroah-Hartman
2019-02-18 13:43 ` [PATCH 4.9 28/58] drm/bridge: tc358767: fix output H/V syncs Greg Kroah-Hartman
2019-02-18 13:43 ` [PATCH 4.9 29/58] ARM: dts: da850-evm: Correct the sound card name Greg Kroah-Hartman
2019-02-18 13:43 ` [PATCH 4.9 30/58] ARM: dts: da850-lcdk: " Greg Kroah-Hartman
2019-02-18 13:43 ` [PATCH 4.9 31/58] ARM: dts: kirkwood: Fix polarity of GPIO fan lines Greg Kroah-Hartman
2019-02-18 13:43 ` [PATCH 4.9 32/58] gpio: pl061: handle failed allocations Greg Kroah-Hartman
2019-02-18 13:43 ` [PATCH 4.9 33/58] cifs: Limit memory used by lock request calls to a page Greg Kroah-Hartman
2019-02-18 13:43 ` [PATCH 4.9 34/58] perf report: Include partial stacks unwound with libdw Greg Kroah-Hartman
2019-02-18 13:43 ` [PATCH 4.9 35/58] Revert "Input: elan_i2c - add ACPI ID for touchpad in ASUS Aspire F5-573G" Greg Kroah-Hartman
2019-02-18 13:43 ` [PATCH 4.9 36/58] Input: elan_i2c - add ACPI ID for touchpad in Lenovo V330-15ISK Greg Kroah-Hartman
2019-02-18 13:43 ` [PATCH 4.9 37/58] perf/core: Fix impossible ring-buffer sizes warning Greg Kroah-Hartman
2019-02-18 13:43 ` [PATCH 4.9 38/58] perf/x86: Add check_period PMU callback Greg Kroah-Hartman
2019-02-18 13:44 ` [PATCH 4.9 39/58] ALSA: hda - Add quirk for HP EliteBook 840 G5 Greg Kroah-Hartman
2019-02-18 13:44 ` [PATCH 4.9 40/58] ALSA: usb-audio: Fix implicit fb endpoint setup by quirk Greg Kroah-Hartman
2019-02-18 13:44 ` [PATCH 4.9 41/58] kvm: vmx: Fix entry number check for add_atomic_switch_msr() Greg Kroah-Hartman
2019-02-18 13:44 ` [PATCH 4.9 42/58] Input: bma150 - register input device after setting private data Greg Kroah-Hartman
2019-02-18 13:44 ` [PATCH 4.9 43/58] Input: elantech - enable 3rd button support on Fujitsu CELSIUS H780 Greg Kroah-Hartman
2019-02-18 13:44 ` [PATCH 4.9 44/58] alpha: fix page fault handling for r16-r18 targets Greg Kroah-Hartman
2019-02-18 13:44 ` [PATCH 4.9 45/58] alpha: Fix Eiger NR_IRQS to 128 Greg Kroah-Hartman
2019-02-18 13:44 ` [PATCH 4.9 46/58] tracing/uprobes: Fix output for multiple string arguments Greg Kroah-Hartman
2019-02-18 13:44 ` [PATCH 4.9 47/58] x86/platform/UV: Use efi_runtime_lock to serialise BIOS calls Greg Kroah-Hartman
2019-02-18 13:44 ` [PATCH 4.9 48/58] signal: Restore the stop PTRACE_EVENT_EXIT Greg Kroah-Hartman
2019-02-18 13:44 ` [PATCH 4.9 49/58] x86/a.out: Clear the dump structure initially Greg Kroah-Hartman
2019-02-18 13:44 ` [PATCH 4.9 50/58] dm thin: fix bug where bio that overwrites thin block ignores FUA Greg Kroah-Hartman
2019-02-18 13:44 ` [PATCH 4.9 51/58] drm/i915: Prevent a race during I915_GEM_MMAP ioctl with WC set Greg Kroah-Hartman
2019-02-18 13:44 ` [PATCH 4.9 52/58] smsc95xx: Use skb_cow_head to deal with cloned skbs Greg Kroah-Hartman
2019-02-18 13:44 ` [PATCH 4.9 53/58] ch9200: use skb_cow_head() " Greg Kroah-Hartman
2019-02-18 13:44 ` [PATCH 4.9 54/58] kaweth: " Greg Kroah-Hartman
2019-02-18 13:44 ` [PATCH 4.9 55/58] usb: dwc2: Remove unnecessary kfree Greg Kroah-Hartman
2019-02-18 13:44 ` [PATCH 4.9 56/58] netfilter: nf_tables: fix mismatch in big-endian system Greg Kroah-Hartman
2019-02-18 13:44 ` [PATCH 4.9 57/58] pinctrl: msm: fix gpio-hog related boot issues Greg Kroah-Hartman
2019-02-18 13:44 ` [PATCH 4.9 58/58] mm: stop leaking PageTables Greg Kroah-Hartman
2019-02-18 19:43 ` [PATCH 4.9 00/58] 4.9.159-stable review Naresh Kamboju
2019-02-19 9:31 ` Jon Hunter
2019-02-19 9:31 ` Jon Hunter
2019-02-19 17:26 ` Guenter Roeck
2019-02-20 0:19 ` shuah
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20190218133510.108755343@linuxfoundation.org \
--to=gregkh@linuxfoundation.org \
--cc=davem@davemloft.net \
--cc=dja@axtens.net \
--cc=jinpu.wang@cloud.ionos.com \
--cc=linux-kernel@vger.kernel.org \
--cc=sashal@kernel.org \
--cc=stable@vger.kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.