From mboxrd@z Thu Jan 1 00:00:00 1970 From: Willem de Bruijn Subject: [PATCH] sctp: load transport header after sk_filter Date: Sat, 16 Jul 2016 17:33:15 -0400 Message-ID: <1468704795-134034-1-git-send-email-willemdebruijn.kernel@gmail.com> Cc: daniel@iogearbox.net, davem@davemloft.net, Willem de Bruijn To: netdev@vger.kernel.org Return-path: Received: from mail-qk0-f194.google.com ([209.85.220.194]:35059 "EHLO mail-qk0-f194.google.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1750842AbcGPVeK (ORCPT ); Sat, 16 Jul 2016 17:34:10 -0400 Received: by mail-qk0-f194.google.com with SMTP id q62so9145580qkf.2 for ; Sat, 16 Jul 2016 14:34:09 -0700 (PDT) Sender: netdev-owner@vger.kernel.org List-ID: From: Willem de Bruijn Do not cache pointers into the skb linear segment across sk_filter. The function call can trigger pskb_expand_head. Signed-off-by: Willem de Bruijn --- No Fixes tag: existed at the start of git log. It is probably not necessary to store chunk->sctp_hdr at all, as chunk->skb exists. That is harder to verify, so not suitable for net. SCTP sk_filter trimming does not work as expected for most packets. sctp_inq_pop marks most truncated linear packets as discarded with pdiscard = 1. The following crude change would make trimming behave as expected on linear data chunks but is probably not safe as is. - if (unlikely(skb_is_nonlinear(chunk->skb))) { + if (1) { --- net/sctp/input.c | 5 +---- 1 file changed, 1 insertion(+), 4 deletions(-) diff --git a/net/sctp/input.c b/net/sctp/input.c index a701527..47cf460 100644 --- a/net/sctp/input.c +++ b/net/sctp/input.c @@ -112,7 +112,6 @@ int sctp_rcv(struct sk_buff *skb) struct sctp_ep_common *rcvr; struct sctp_transport *transport = NULL; struct sctp_chunk *chunk; - struct sctphdr *sh; union sctp_addr src; union sctp_addr dest; int family; @@ -127,8 +126,6 @@ int sctp_rcv(struct sk_buff *skb) if (skb_linearize(skb)) goto discard_it; - sh = sctp_hdr(skb); - /* Pull up the IP and SCTP headers. */ __skb_pull(skb, skb_transport_offset(skb)); if (skb->len < sizeof(struct sctphdr)) @@ -230,7 +227,7 @@ int sctp_rcv(struct sk_buff *skb) chunk->rcvr = rcvr; /* Remember the SCTP header. */ - chunk->sctp_hdr = sh; + chunk->sctp_hdr = sctp_hdr(skb); /* Set the source and destination addresses of the incoming chunk. */ sctp_init_addrs(chunk, &src, &dest); -- 2.8.0.rc3.226.g39d4020