From: Simon Horman <simon.horman@netronome.com>
To: Lorenzo Bianconi <lorenzo.bianconi@redhat.com>
Cc: Cong Wang <xiyou.wangcong@gmail.com>,
Network Development <netdev@vger.kernel.org>
Subject: Re: [Patch net] gre: refetch erspan header from skb->data after pskb_may_pull()
Date: Sat, 7 Dec 2019 18:04:15 +0100 [thread overview]
Message-ID: <20191207170414.GC26173@netronome.com> (raw)
In-Reply-To: <CAJ0CqmWjh1bAOwx25tVE_yDbzCbf9dCXsFE7ZV_1N7Tt-DF64A@mail.gmail.com>
On Fri, Dec 06, 2019 at 01:55:25PM +0200, Lorenzo Bianconi wrote:
> >
> > Hi Cong,
> >
> > On Thu, Dec 05, 2019 at 07:39:02PM -0800, Cong Wang wrote:
> > > After pskb_may_pull() we should always refetch the header
> > > pointers from the skb->data in case it got reallocated.
> > >
> > > In gre_parse_header(), the erspan header is still fetched
> > > from the 'options' pointer which is fetched before
> > > pskb_may_pull().
> > >
> > > Found this during code review of a KMSAN bug report.
> > >
> > > Fixes: cb73ee40b1b3 ("net: ip_gre: use erspan key field for tunnel lookup")
> > > Cc: Lorenzo Bianconi <lorenzo.bianconi@redhat.com>
> > > Signed-off-by: Cong Wang <xiyou.wangcong@gmail.com>
> > > ---
> > > net/ipv4/gre_demux.c | 2 +-
> > > 1 file changed, 1 insertion(+), 1 deletion(-)
> > >
> > > diff --git a/net/ipv4/gre_demux.c b/net/ipv4/gre_demux.c
> > > index 44bfeecac33e..5fd6e8ed02b5 100644
> > > --- a/net/ipv4/gre_demux.c
> > > +++ b/net/ipv4/gre_demux.c
> > > @@ -127,7 +127,7 @@ int gre_parse_header(struct sk_buff *skb, struct tnl_ptk_info *tpi,
> > > if (!pskb_may_pull(skb, nhs + hdr_len + sizeof(*ershdr)))
> > > return -EINVAL;
> > >
> > > - ershdr = (struct erspan_base_hdr *)options;
> > > + ershdr = (struct erspan_base_hdr *)(skb->data + nhs + hdr_len);
> >
> > It seems to me that in the case of WCCPv2 hdr_len will be 4 bytes longer
> > than where options would be advanced to. Is that a problem here?
> >
>
> Hi Simon,
>
> I guess the two conditions are mutually exclusive since tpi->proto is
> initialized with greh->protocol. Am I missing something?
Thanks Lorenzo,
I see that now and agree that this patch is correct.
Reviewed-by: Simon Horman <simon.horman@netronome.com>
> > > tpi->key = cpu_to_be32(get_session_id(ershdr));
> > > }
> > >
> > > --
> > > 2.21.0
> > >
> >
>
next prev parent reply other threads:[~2019-12-07 17:04 UTC|newest]
Thread overview: 7+ messages / expand[flat|nested] mbox.gz Atom feed top
2019-12-06 3:39 [Patch net] gre: refetch erspan header from skb->data after pskb_may_pull() Cong Wang
2019-12-06 10:42 ` Simon Horman
2019-12-06 11:55 ` Lorenzo Bianconi
2019-12-07 17:04 ` Simon Horman [this message]
2019-12-06 11:49 ` Lorenzo Bianconi
2019-12-06 17:08 ` William Tu
2019-12-07 19:54 ` David Miller
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20191207170414.GC26173@netronome.com \
--to=simon.horman@netronome.com \
--cc=lorenzo.bianconi@redhat.com \
--cc=netdev@vger.kernel.org \
--cc=xiyou.wangcong@gmail.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.