Re: [Bugme-new] [Bug 32872] New: LLC PDU is dropped if skb is not linear

netdev.vger.kernel.org archive mirror
 help / color / mirror / Atom feed

* Re: [Bugme-new] [Bug 32872] New: LLC PDU is dropped if skb is not linear
       [not found] <bug-32872-10286@https.bugzilla.kernel.org/>
@ 2011-04-11 23:48 ` Andrew Morton
  2011-04-12  1:56   ` David Miller
  0 siblings, 1 reply; 2+ messages in thread
From: Andrew Morton @ 2011-04-11 23:48 UTC (permalink / raw)
  To: vitalyb; +Cc: bugzilla-daemon, bugme-daemon, netdev


(switched to email.  Please respond via emailed reply-to-all, not via the
bugzilla web interface).

On Fri, 8 Apr 2011 09:52:34 GMT
bugzilla-daemon@bugzilla.kernel.org wrote:

> https://bugzilla.kernel.org/show_bug.cgi?id=32872
> 
>            Summary: LLC PDU is dropped if skb is not linear
>            Product: Networking
>            Version: 2.5
>     Kernel Version: 2.6.32
>           Platform: All
>         OS/Version: Linux
>               Tree: Mainline
>             Status: NEW
>           Severity: normal
>           Priority: P1
>          Component: Other
>         AssignedTo: acme@ghostprotocols.net
>         ReportedBy: vitalyb@telenet.dn.ua
>         Regression: No
> 
> 
> If skb consists of several fragments this check fails
> net/llc/llc_input.c:
> =============================================
> llc_fixup_skb()
> ...
>     pdu = (struct llc_pdu_un *)skb->data;
> ...
>     __be16 pdulen = eth_hdr(skb)->h_proto;
>     s32 data_size = ntohs(pdulen) - llc_len;
> 
>     if (data_size < 0 ||
>         ((skb_tail_pointer(skb) -
>           (u8 *)pdu) - llc_len) < data_size)
>         return 0;
> =============================================
> 
> and packet is silently dropped.
> 
> This breaks GVRP protocol if received packet is large ( > 512 bytes on my
> system) and contains a Leave All message. Since Leave All is missed,
> corresponding JoinIns are not sent and switch unregisters VLANs from port.
> 
> Attached patch seems to resolve this issue, but I don't know if it's a correct
> solution.

--- linux-2.6.32.36/net/llc/llc_input.c.orig	2009-12-03 05:51:21.000000000 +0200
+++ linux-2.6.32.36/net/llc/llc_input.c	2011-04-08 08:57:29.000000000 +0300
@@ -105,6 +105,11 @@
 	if (unlikely(!pskb_may_pull(skb, sizeof(*pdu))))
 		return 0;
 
+	if (skb->data_len != 0){
+	    if (unlikely(skb_linearize(skb)))
+		return 0;
+	}
+
 	pdu = (struct llc_pdu_un *)skb->data;
 	if ((pdu->ctrl_1 & LLC_PDU_TYPE_MASK) == LLC_PDU_TYPE_U)
 		llc_len = 1;


2.6.32 is a pretty old kernel - we'll need to verify if current kernels
have the same problem.

Please don't send patches via bugzilla - it causes lots of problems
with our usual patch management and review processes.  It's preferred
that patches be sent via email as per Documentation/SubmittingPatches,
and that they include a Signed-off-by:, as described in that file.

Thanks.

^ permalink raw reply	[flat|nested] 2+ messages in thread

* Re: [Bugme-new] [Bug 32872] New: LLC PDU is dropped if skb is not linear
  2011-04-11 23:48 ` [Bugme-new] [Bug 32872] New: LLC PDU is dropped if skb is not linear Andrew Morton
@ 2011-04-12  1:56   ` David Miller
  0 siblings, 0 replies; 2+ messages in thread
From: David Miller @ 2011-04-12  1:56 UTC (permalink / raw)
  To: akpm; +Cc: vitalyb, bugzilla-daemon, bugme-daemon, netdev

From: Andrew Morton <akpm@linux-foundation.org>
Date: Mon, 11 Apr 2011 16:48:12 -0700

> --- linux-2.6.32.36/net/llc/llc_input.c.orig	2009-12-03 05:51:21.000000000 +0200
> +++ linux-2.6.32.36/net/llc/llc_input.c	2011-04-08 08:57:29.000000000 +0300
> @@ -105,6 +105,11 @@
>  	if (unlikely(!pskb_may_pull(skb, sizeof(*pdu))))
>  		return 0;
>  
> +	if (skb->data_len != 0){
> +	    if (unlikely(skb_linearize(skb)))
> +		return 0;
> +	}
> +
>  	pdu = (struct llc_pdu_un *)skb->data;
>  	if ((pdu->ctrl_1 & LLC_PDU_TYPE_MASK) == LLC_PDU_TYPE_U)
>  		llc_len = 1;
> 
> 
> 2.6.32 is a pretty old kernel - we'll need to verify if current kernels
> have the same problem.
> 
> Please don't send patches via bugzilla - it causes lots of problems
> with our usual patch management and review processes.  It's preferred
> that patches be sent via email as per Documentation/SubmittingPatches,
> and that they include a Signed-off-by:, as described in that file.

The skb_tail_pointer() check in llc_fixup_skb() is beyond wonky and
honestly the source of the problems here.

I'd suggest instead:

diff --git a/net/llc/llc_input.c b/net/llc/llc_input.c
index 058f1e9..9032421 100644
--- a/net/llc/llc_input.c
+++ b/net/llc/llc_input.c
@@ -121,8 +121,7 @@ static inline int llc_fixup_skb(struct sk_buff *skb)
 		s32 data_size = ntohs(pdulen) - llc_len;
 
 		if (data_size < 0 ||
-		    ((skb_tail_pointer(skb) -
-		      (u8 *)pdu) - llc_len) < data_size)
+		    !pskb_may_pull(skb, data_size))
 			return 0;
 		if (unlikely(pskb_trim_rcsum(skb, data_size)))
 			return 0;

^ permalink raw reply related	[flat|nested] 2+ messages in thread

end of thread, other threads:[~2011-04-12  1:57 UTC | newest]

Thread overview: 2+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
     [not found] <bug-32872-10286@https.bugzilla.kernel.org/>
2011-04-11 23:48 ` [Bugme-new] [Bug 32872] New: LLC PDU is dropped if skb is not linear Andrew Morton
2011-04-12  1:56   ` David Miller

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).