[PATCH 2/2 v2] bonding: COW before overwriting the destination MAC address

public inbox for netdev@vger.kernel.org
 help / color / mirror / Atom feed

* [PATCH 2/2 v2] bonding: COW before overwriting the destination MAC address
@ 2011-03-03  7:07 Changli Gao
  2011-03-03  7:55 ` Eric Dumazet
  2011-03-07 23:45 ` David Miller
  0 siblings, 2 replies; 5+ messages in thread
From: Changli Gao @ 2011-03-03  7:07 UTC (permalink / raw)
  To: Jay Vosburgh; +Cc: David S. Miller, Eric Dumazet, netdev, Changli Gao

When there is a ptype handler holding a clone of this skb, whose
destination MAC addresse is overwritten, the owner of this handler may
get a corrupted packet.

Signed-off-by: Changli Gao <xiaosuo@gmail.com>
---
v2: fix the bug in the previous one. Thank him.
 drivers/net/bonding/bond_main.c |    8 ++++++--
 1 file changed, 6 insertions(+), 2 deletions(-)
diff --git a/drivers/net/bonding/bond_main.c b/drivers/net/bonding/bond_main.c
index 912b416..7b7ca97 100644
--- a/drivers/net/bonding/bond_main.c
+++ b/drivers/net/bonding/bond_main.c
@@ -1511,9 +1511,13 @@ static struct sk_buff *bond_handle_frame(struct sk_buff *skb)
 	if (bond_dev->priv_flags & IFF_MASTER_ALB &&
 	    bond_dev->priv_flags & IFF_BRIDGE_PORT &&
 	    skb->pkt_type == PACKET_HOST) {
-		u16 *dest = (u16 *) eth_hdr(skb)->h_dest;
 
-		memcpy(dest, bond_dev->dev_addr, ETH_ALEN);
+		if (unlikely(skb_cow_head(skb,
+					  skb->data - skb_mac_header(skb)))) {
+			kfree_skb(skb);
+			return NULL;
+		}
+		memcpy(eth_hdr(skb)->h_dest, bond_dev->dev_addr, ETH_ALEN);
 	}
 
 	return skb;

^ permalink raw reply related	[flat|nested] 5+ messages in thread

* Re: [PATCH 2/2 v2] bonding: COW before overwriting the destination MAC address
  2011-03-03  7:07 [PATCH 2/2 v2] bonding: COW before overwriting the destination MAC address Changli Gao
@ 2011-03-03  7:55 ` Eric Dumazet
  2011-03-03  8:21   ` Changli Gao
  2011-03-07 23:45 ` David Miller
  1 sibling, 1 reply; 5+ messages in thread
From: Eric Dumazet @ 2011-03-03  7:55 UTC (permalink / raw)
  To: Changli Gao; +Cc: Jay Vosburgh, David S. Miller, netdev

Le jeudi 03 mars 2011 à 15:07 +0800, Changli Gao a écrit :
> When there is a ptype handler holding a clone of this skb, whose
> destination MAC addresse is overwritten, the owner of this handler may
> get a corrupted packet.
> 
> Signed-off-by: Changli Gao <xiaosuo@gmail.com>
> ---
> v2: fix the bug in the previous one. Thank him.
>  drivers/net/bonding/bond_main.c |    8 ++++++--
>  1 file changed, 6 insertions(+), 2 deletions(-)
> diff --git a/drivers/net/bonding/bond_main.c b/drivers/net/bonding/bond_main.c
> index 912b416..7b7ca97 100644
> --- a/drivers/net/bonding/bond_main.c
> +++ b/drivers/net/bonding/bond_main.c
> @@ -1511,9 +1511,13 @@ static struct sk_buff *bond_handle_frame(struct sk_buff *skb)
>  	if (bond_dev->priv_flags & IFF_MASTER_ALB &&
>  	    bond_dev->priv_flags & IFF_BRIDGE_PORT &&
>  	    skb->pkt_type == PACKET_HOST) {
> -		u16 *dest = (u16 *) eth_hdr(skb)->h_dest;
>  
> -		memcpy(dest, bond_dev->dev_addr, ETH_ALEN);
> +		if (unlikely(skb_cow_head(skb,
> +					  skb->data - skb_mac_header(skb)))) {
> +			kfree_skb(skb);
> +			return NULL;
> +		}
> +		memcpy(eth_hdr(skb)->h_dest, bond_dev->dev_addr, ETH_ALEN);
>  	}
>  
>  	return skb;



Thats minor, but using :

u16 *dest = eth_hdr(skb)->h_dest;

memcpy(dest, ptr, ETH_ALEN);

Is better because compiler knows both destination and source are at
least aligned on shorts.

On some arches, it helps to not using 6 bytes copy, but 3 shorts.




^ permalink raw reply	[flat|nested] 5+ messages in thread

* Re: [PATCH 2/2 v2] bonding: COW before overwriting the destination MAC address
  2011-03-03  7:55 ` Eric Dumazet
@ 2011-03-03  8:21   ` Changli Gao
  2011-03-03  8:35     ` Eric Dumazet
  0 siblings, 1 reply; 5+ messages in thread
From: Changli Gao @ 2011-03-03  8:21 UTC (permalink / raw)
  To: Eric Dumazet; +Cc: Jay Vosburgh, David S. Miller, netdev

On Thu, Mar 3, 2011 at 3:55 PM, Eric Dumazet <eric.dumazet@gmail.com> wrote:
>
>
>
> Thats minor, but using :
>
> u16 *dest = eth_hdr(skb)->h_dest;
>
> memcpy(dest, ptr, ETH_ALEN);
>
> Is better because compiler knows both destination and source are at
> least aligned on shorts.
>
> On some arches, it helps to not using 6 bytes copy, but 3 shorts.
>
>

Is it still true if ptr isn't aligned on shorts? And
net_device.dev_addr is an unsigned char *pointer. Thanks.

-- 
Regards,
Changli Gao(xiaosuo@gmail.com)

^ permalink raw reply	[flat|nested] 5+ messages in thread

* Re: [PATCH 2/2 v2] bonding: COW before overwriting the destination MAC address
  2011-03-03  8:21   ` Changli Gao
@ 2011-03-03  8:35     ` Eric Dumazet
  0 siblings, 0 replies; 5+ messages in thread
From: Eric Dumazet @ 2011-03-03  8:35 UTC (permalink / raw)
  To: Changli Gao; +Cc: Jay Vosburgh, David S. Miller, netdev

Le jeudi 03 mars 2011 à 16:21 +0800, Changli Gao a écrit :
> On Thu, Mar 3, 2011 at 3:55 PM, Eric Dumazet <eric.dumazet@gmail.com> wrote:
> >
> >
> >
> > Thats minor, but using :
> >
> > u16 *dest = eth_hdr(skb)->h_dest;
> >
> > memcpy(dest, ptr, ETH_ALEN);
> >
> > Is better because compiler knows both destination and source are at
> > least aligned on shorts.
> >
> > On some arches, it helps to not using 6 bytes copy, but 3 shorts.
> >
> >
> 
> Is it still true if ptr isn't aligned on shorts? And
> net_device.dev_addr is an unsigned char *pointer. Thanks.
> 

dev_addr[] was aligned to word boundaries (because of natural structure
alignment), but the recent changes made it a char *pointer, so gcc is
not able to make this true anymore.

This could change if dev_addr was a pointer to struct netdev_hw_addr




^ permalink raw reply	[flat|nested] 5+ messages in thread

* Re: [PATCH 2/2 v2] bonding: COW before overwriting the destination MAC address
  2011-03-03  7:07 [PATCH 2/2 v2] bonding: COW before overwriting the destination MAC address Changli Gao
  2011-03-03  7:55 ` Eric Dumazet
@ 2011-03-07 23:45 ` David Miller
  1 sibling, 0 replies; 5+ messages in thread
From: David Miller @ 2011-03-07 23:45 UTC (permalink / raw)
  To: xiaosuo; +Cc: fubar, eric.dumazet, netdev

From: Changli Gao <xiaosuo@gmail.com>
Date: Thu,  3 Mar 2011 15:07:14 +0800

> When there is a ptype handler holding a clone of this skb, whose
> destination MAC addresse is overwritten, the owner of this handler may
> get a corrupted packet.
> 
> Signed-off-by: Changli Gao <xiaosuo@gmail.com>

Applied.

^ permalink raw reply	[flat|nested] 5+ messages in thread

end of thread, other threads:[~2011-03-07 23:44 UTC | newest]

Thread overview: 5+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2011-03-03  7:07 [PATCH 2/2 v2] bonding: COW before overwriting the destination MAC address Changli Gao
2011-03-03  7:55 ` Eric Dumazet
2011-03-03  8:21   ` Changli Gao
2011-03-03  8:35     ` Eric Dumazet
2011-03-07 23:45 ` David Miller

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox