From: Sergei Shtylyov <sergei.shtylyov@cogentembedded.com>
To: Herbert Xu <herbert@gondor.apana.org.au>,
Eric Dumazet <eric.dumazet@gmail.com>
Cc: Ben Hutchings <bhutchings@solarflare.com>,
David Miller <davem@davemloft.net>,
christoph.paasch@uclouvain.be, netdev@vger.kernel.org,
hkchu@google.com, mwdalton@google.com
Subject: Re: [3/3] gso: Handle malicious GRO packets without crashing
Date: Thu, 07 Nov 2013 22:13:29 +0300 [thread overview]
Message-ID: <527BE659.9060702@cogentembedded.com> (raw)
In-Reply-To: <20131107070847.GC31638@gondor.apana.org.au>
Hello.
On 11/07/2013 10:08 AM, Herbert Xu wrote:
> As virtio_net can now generate GRO frag_list packets without
> sufficient verification, we need to handle malicious GRO packets
> thrown at us.
> This patch converts to affected BUG_ONs in skb_segment to rate-
> limited warnings.
> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
> diff --git a/net/core/skbuff.c b/net/core/skbuff.c
> index bcc3f1c..fb1106d 100644
> --- a/net/core/skbuff.c
> +++ b/net/core/skbuff.c
> @@ -2881,7 +2881,15 @@ struct sk_buff *skb_segment(struct sk_buff *skb, netdev_features_t features)
> while (tail->next)
> tail = tail->next;
>
> - BUG_ON(fskb && tail->len != len + doffset);
> + if (fskb && tail->len != len + doffset) {
> + net_warn_ratelimited(
> + "skb_segment: "
> + "illegal GSO fragment: %u %u\n",
Don't break up the message -- chekpatch.pl should allow that...
> @@ -2929,7 +2937,15 @@ struct sk_buff *skb_segment(struct sk_buff *skb, netdev_features_t features)
> if (pos < offset + len) {
> struct sk_buff *fskb2 = fskb;
>
> - BUG_ON(pos + fskb->len != offset + len);
> + if (pos + fskb->len != offset + len) {
> + net_warn_ratelimited(
> + "skb_segment: "
> + "illegal GSO trailer: %u %u\n",
Same here.
WBR, Sergei
next prev parent reply other threads:[~2013-11-07 18:13 UTC|newest]
Thread overview: 163+ messages / expand[flat|nested] mbox.gz Atom feed top
2013-10-28 11:55 Bug in skb_segment: fskb->len != len Christoph Paasch
2013-10-28 13:21 ` Eric Dumazet
2013-10-28 13:28 ` Christoph Paasch
2013-10-29 1:15 ` Eric Dumazet
2013-10-29 9:08 ` Christoph Paasch
2013-10-29 12:57 ` Eric Dumazet
2013-10-29 13:06 ` [PATCH net-next] net: introduce gro_frag_list_enable sysctl Eric Dumazet
2013-10-29 13:48 ` Christoph Paasch
2013-10-29 15:12 ` [PATCH v2 " Eric Dumazet
2013-10-29 23:44 ` David Miller
2013-10-30 0:06 ` Ben Hutchings
2013-11-02 14:01 ` [PATCH v3 net-next] net: introduce dev_set_forwarding() Eric Dumazet
2013-11-02 15:46 ` Ben Hutchings
2013-11-02 18:20 ` Eric Dumazet
2013-11-02 19:58 ` [PATCH v4 " Eric Dumazet
2013-11-03 17:18 ` Christoph Paasch
2013-11-04 16:55 ` Ben Hutchings
2013-11-07 21:17 ` David Miller
2013-11-07 21:31 ` Herbert Xu
2013-11-07 21:54 ` Eric Dumazet
2013-11-08 3:59 ` Herbert Xu
2013-11-08 4:25 ` Eric Dumazet
2013-11-10 14:05 ` Herbert Xu
2013-11-11 14:36 ` Herbert Xu
2013-11-07 22:06 ` David Miller
2013-11-08 2:17 ` Herbert Xu
2013-11-08 2:42 ` Eric Dumazet
2013-11-08 2:51 ` Eric Dumazet
2013-11-08 3:23 ` Herbert Xu
2013-11-08 4:21 ` Eric Dumazet
2013-11-08 4:24 ` Herbert Xu
2013-11-08 4:40 ` Eric Dumazet
2013-11-08 4:43 ` Herbert Xu
2013-11-08 5:08 ` Eric Dumazet
2013-11-08 5:21 ` Herbert Xu
2013-11-08 5:40 ` Eric Dumazet
2013-11-11 18:58 ` Herbert Xu
2013-11-08 3:22 ` Herbert Xu
2013-11-08 4:06 ` Eric Dumazet
2013-11-08 4:10 ` Herbert Xu
2013-11-08 4:24 ` Eric Dumazet
2013-11-08 4:28 ` Herbert Xu
2013-11-21 18:29 ` David Miller
2013-11-21 18:38 ` Eric Dumazet
2013-11-03 12:28 ` [PATCH v3 " Herbert Xu
2013-11-03 16:28 ` Eric Dumazet
2013-11-03 16:31 ` Herbert Xu
2013-11-03 17:26 ` Eric Dumazet
2013-11-04 4:11 ` Herbert Xu
2013-11-04 4:23 ` Eric Dumazet
2013-11-04 4:29 ` Herbert Xu
2013-11-04 5:00 ` Eric Dumazet
2013-11-04 5:23 ` Herbert Xu
2013-11-04 6:05 ` Eric Dumazet
2013-11-04 6:22 ` Herbert Xu
2013-11-04 6:26 ` Herbert Xu
2013-11-04 7:10 ` Eric Dumazet
2013-11-04 7:21 ` Herbert Xu
2013-11-04 13:58 ` Eric Dumazet
2013-11-04 6:46 ` Eric Dumazet
2013-11-04 7:03 ` Herbert Xu
2013-11-06 1:30 ` gso: Attempt to handle mega-GRO packets Herbert Xu
2013-11-06 1:45 ` Eric Dumazet
2013-11-06 4:07 ` Herbert Xu
2013-11-06 4:23 ` Eric Dumazet
2013-11-06 4:28 ` Herbert Xu
2013-11-06 5:20 ` Eric Dumazet
2013-11-06 8:04 ` Herbert Xu
2013-11-06 8:16 ` Herbert Xu
2013-11-06 13:12 ` Herbert Xu
2013-11-06 15:01 ` Eric Dumazet
2013-11-07 0:36 ` Herbert Xu
2013-11-07 1:03 ` Eric Dumazet
2013-11-07 1:47 ` Herbert Xu
2013-11-07 2:02 ` Eric Dumazet
2013-11-07 2:08 ` Eric Dumazet
2013-11-07 2:15 ` Herbert Xu
2013-11-07 2:37 ` Eric Dumazet
2013-11-07 2:41 ` Herbert Xu
2013-11-07 5:56 ` Michael S. Tsirkin
2013-11-07 7:07 ` Eric Dumazet
2013-11-07 2:52 ` Jason Wang
2013-11-06 15:05 ` Eric Dumazet
2013-11-07 0:39 ` Herbert Xu
2013-11-06 12:39 ` Herbert Xu
2013-11-06 13:30 ` Herbert Xu
2013-11-06 14:39 ` Herbert Xu
2013-11-06 15:06 ` Eric Dumazet
2013-11-06 17:25 ` Joe Perches
2013-11-06 19:47 ` Eric Dumazet
2013-11-07 0:15 ` Eric Dumazet
2013-11-07 0:47 ` Herbert Xu
2013-11-07 0:56 ` Eric Dumazet
2013-11-07 1:00 ` Herbert Xu
2013-11-07 1:08 ` Eric Dumazet
2013-11-07 1:13 ` Hannes Frederic Sowa
2013-11-07 1:21 ` Eric Dumazet
2013-11-07 1:34 ` Eric Dumazet
2013-11-07 2:03 ` Hannes Frederic Sowa
2013-11-07 3:05 ` Eric Dumazet
2013-11-07 6:59 ` Eric Dumazet
2013-11-07 0:43 ` Herbert Xu
2013-11-07 6:22 ` Herbert Xu
2013-11-07 7:03 ` [1/3] gso: Add to segs at end of loop in skb_segment Herbert Xu
2013-11-07 7:06 ` [2/3] gso: Handle new frag_list of frags GRO packets Herbert Xu
2013-11-07 7:08 ` [3/3] gso: Handle malicious GRO packets without crashing Herbert Xu
2013-11-07 18:18 ` Ben Hutchings
2013-11-07 19:13 ` Sergei Shtylyov [this message]
2013-11-11 18:55 ` Herbert Xu
2013-11-07 18:16 ` [2/3] gso: Handle new frag_list of frags GRO packets Ben Hutchings
2013-11-11 18:54 ` Herbert Xu
2013-11-11 18:52 ` Herbert Xu
2013-11-12 10:12 ` David Laight
2013-11-13 1:13 ` gso: " Eric Dumazet
2013-11-13 1:29 ` Herbert Xu
2013-11-13 2:14 ` Eric Dumazet
2013-11-13 2:17 ` Eric Dumazet
2013-11-13 2:22 ` Herbert Xu
2013-11-13 2:25 ` Herbert Xu
2013-11-13 2:45 ` Eric Dumazet
2013-11-13 14:26 ` Herbert Xu
2013-11-13 15:06 ` Eric Dumazet
2013-11-14 8:11 ` Herbert Xu
2013-11-15 4:37 ` Eric Dumazet
2013-11-13 2:31 ` Eric Dumazet
2013-11-07 7:11 ` gso: Attempt to handle mega-GRO packets Eric Dumazet
2013-11-07 7:15 ` Herbert Xu
2013-11-07 7:17 ` Herbert Xu
2013-11-07 7:31 ` Eric Dumazet
2013-11-07 7:33 ` Herbert Xu
2013-11-03 23:23 ` [PATCH v3 net-next] net: introduce dev_set_forwarding() David Miller
2013-10-30 0:53 ` [PATCH v2 net-next] net: introduce gro_frag_list_enable sysctl Eric Dumazet
2013-10-30 2:02 ` David Miller
2013-10-30 2:05 ` Herbert Xu
2013-10-30 2:13 ` Jerry Chu
2013-10-30 2:19 ` Herbert Xu
2013-10-30 2:34 ` David Miller
2013-10-30 2:33 ` David Miller
[not found] ` <44571383414236@web13j.yandex.ru>
2013-11-02 18:28 ` Eric Dumazet
2013-11-03 23:19 ` David Miller
2013-10-30 19:39 ` Ben Hutchings
2013-10-30 19:53 ` Eric Dumazet
2013-10-30 20:05 ` Ben Hutchings
2013-10-30 20:12 ` Eric Dumazet
2013-10-30 4:06 ` Eric Dumazet
2013-10-30 4:08 ` Herbert Xu
2013-10-30 4:09 ` Herbert Xu
2013-10-30 4:15 ` Jerry Chu
2013-10-30 4:16 ` Eric Dumazet
2013-10-30 4:19 ` Herbert Xu
2013-10-30 4:34 ` Eric Dumazet
2013-10-30 4:42 ` Herbert Xu
2013-10-30 17:39 ` Jerry Chu
2013-10-30 18:09 ` Vlad Yasevich
2013-10-30 19:12 ` David Miller
2013-10-30 0:03 ` Jerry Chu
2013-10-29 14:41 ` Bug in skb_segment: fskb->len != len Herbert Xu
2013-10-29 15:08 ` Eric Dumazet
2013-10-30 1:50 ` Herbert Xu
2013-10-30 4:03 ` Eric Dumazet
2013-10-30 4:06 ` Herbert Xu
2013-10-30 4:37 ` Eric Dumazet
2013-10-30 4:47 ` Herbert Xu
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=527BE659.9060702@cogentembedded.com \
--to=sergei.shtylyov@cogentembedded.com \
--cc=bhutchings@solarflare.com \
--cc=christoph.paasch@uclouvain.be \
--cc=davem@davemloft.net \
--cc=eric.dumazet@gmail.com \
--cc=herbert@gondor.apana.org.au \
--cc=hkchu@google.com \
--cc=mwdalton@google.com \
--cc=netdev@vger.kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.