From: Kuniyuki Iwashima <kuniyu@amazon.com>
To: <kuba@kernel.org>
Cc: <davem@davemloft.net>, <dsahern@kernel.org>,
<edumazet@google.com>, <herbert@gondor.apana.org.au>,
<kuni1840@gmail.com>, <kuniyu@amazon.com>,
<netdev@vger.kernel.org>, <pabeni@redhat.com>,
<steffen.klassert@secunet.com>, <syzkaller@googlegroups.com>,
<willemb@google.com>
Subject: Re: [PATCH v1 net 1/5] sit: Pull header after checking skb->protocol in sit_tunnel_xmit().
Date: Wed, 17 Apr 2024 20:31:45 -0700 [thread overview]
Message-ID: <20240418033145.35894-1-kuniyu@amazon.com> (raw)
In-Reply-To: <20240417190432.5d9dc732@kernel.org>
From: Jakub Kicinski <kuba@kernel.org>
Date: Wed, 17 Apr 2024 19:04:32 -0700
> On Mon, 15 Apr 2024 15:20:37 -0700 Kuniyuki Iwashima wrote:
> > syzkaller crafted a GSO packet of ETH_P_8021AD + ETH_P_NSH and sent it
> > over sit0.
> >
> > After nsh_gso_segment(), skb->data - skb->head was 138, on the other
> > hand, skb->network_header was 128.
>
> is data offset > skb->network_header valid at this stage?
> Can't we drop these packets instead?
I think that needs another fix on the NSH side.
But even with that, we can still pass valid L2 skb to sit_tunnel_xmit()
and friends, and then we should just drop it there without calling
pskb_inet_may_pull() that should not be called for non-IP skb.
next prev parent reply other threads:[~2024-04-18 3:32 UTC|newest]
Thread overview: 12+ messages / expand[flat|nested] mbox.gz Atom feed top
2024-04-15 22:20 [PATCH v1 net 0/5] ip: Fix warning in pskb_may_pull_reason() for tunnel devices Kuniyuki Iwashima
2024-04-15 22:20 ` [PATCH v1 net 1/5] sit: Pull header after checking skb->protocol in sit_tunnel_xmit() Kuniyuki Iwashima
2024-04-18 2:04 ` Jakub Kicinski
2024-04-18 3:31 ` Kuniyuki Iwashima [this message]
2024-04-18 6:56 ` Eric Dumazet
2024-04-18 7:00 ` Eric Dumazet
2024-04-18 8:57 ` Paolo Abeni
2024-04-18 17:02 ` Kuniyuki Iwashima
2024-04-15 22:20 ` [PATCH v1 net 2/5] vti: Pull header after checking skb->protocol in vti_tunnel_xmit() Kuniyuki Iwashima
2024-04-15 22:20 ` [PATCH v1 net 3/5] ip6_vti: Pull header after checking skb->protocol in vti6_tnl_xmit() Kuniyuki Iwashima
2024-04-15 22:20 ` [PATCH v1 net 4/5] ipip: Pull header after checking skb->protocol in ipip_tunnel_xmit() Kuniyuki Iwashima
2024-04-15 22:20 ` [PATCH v1 net 5/5] ip6_tunnel: Pull header after checking skb->protocol in ip6_tnl_start_xmit() Kuniyuki Iwashima
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20240418033145.35894-1-kuniyu@amazon.com \
--to=kuniyu@amazon.com \
--cc=davem@davemloft.net \
--cc=dsahern@kernel.org \
--cc=edumazet@google.com \
--cc=herbert@gondor.apana.org.au \
--cc=kuba@kernel.org \
--cc=kuni1840@gmail.com \
--cc=netdev@vger.kernel.org \
--cc=pabeni@redhat.com \
--cc=steffen.klassert@secunet.com \
--cc=syzkaller@googlegroups.com \
--cc=willemb@google.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.