From: jamal <hadi@cyberus.ca>
To: Changli Gao <xiaosuo@gmail.com>
Cc: "David S. Miller" <davem@davemloft.net>, netdev@vger.kernel.org
Subject: Re: [PATCH] cls_u32: use skb_copy_bits() to dereference data safely
Date: Tue, 01 Jun 2010 08:34:27 -0400 [thread overview]
Message-ID: <1275395667.3587.38.camel@bigi> (raw)
In-Reply-To: <1275272665-19047-1-git-send-email-xiaosuo@gmail.com>
Hi Changli,
On Mon, 2010-05-31 at 10:24 +0800, Changli Gao wrote:
> use skb_copy_bits() to dereference data safely
>
> the original skb->data dereference isn't safe, as there isn't any skb->len or
> skb_is_nonlinear() check.
I dont see any safety issue in current code in this respect. Do you have
a specific scenario where this would be unsafe? We inspect in 32 bit
chunks walking the packet data and stop when there is no more packet
data.
> skb_copy_bits() is used instead in this patch. And
> when the skb isn't long enough, we terminate the function u32_classify()
> immediately with -1.
>
That could be a very interesting optimization - but i see it as _very
hard_ to do with current u32 given it has branching and different
branches would have different lengths etc. You'd have to essentially do
some math in user space as to what min length would suffice given
a specified filter and pass that to the kernel.
cheers,
jamal
next prev parent reply other threads:[~2010-06-01 12:42 UTC|newest]
Thread overview: 15+ messages / expand[flat|nested] mbox.gz Atom feed top
2010-05-31 2:24 [PATCH] cls_u32: use skb_copy_bits() to dereference data safely Changli Gao
2010-06-01 12:34 ` jamal [this message]
2010-06-01 17:47 ` Changli Gao
2010-06-02 12:20 ` jamal
2010-06-02 12:25 ` jamal
2010-06-02 12:45 ` David Miller
2010-06-02 13:14 ` Changli Gao
2010-06-02 13:27 ` David Miller
2010-06-02 13:36 ` jamal
2010-06-02 13:43 ` Changli Gao
2010-06-02 13:48 ` jamal
2010-06-02 13:43 ` David Miller
2010-06-02 13:47 ` jamal
2010-06-02 12:47 ` David Miller
2010-06-02 13:17 ` Changli Gao
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=1275395667.3587.38.camel@bigi \
--to=hadi@cyberus.ca \
--cc=davem@davemloft.net \
--cc=netdev@vger.kernel.org \
--cc=xiaosuo@gmail.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).