From mboxrd@z Thu Jan  1 00:00:00 1970
From: Dominique Martinet <asmadeus@codewreck.org>
Subject: Re: KCM - recvmsg() mangles packets?
Date: Fri, 10 Aug 2018 00:06:46 +0200
Message-ID: <20180809220646.GA15470@nautica>
References: <20180803182830.GB29193@nautica>
 <CAPDqMeorHCcYKmbobH4biiZdoWf34Mw4BUk_L1deSTRK2TSmRA@mail.gmail.com>
 <20180803232057.GB7583@nautica>
 <CAPDqMeo_OW29=5oT8-YBvrD-sg1uNmPn3wSJtKWAgF2LRwLKWA@mail.gmail.com>
 <20180804014132.GA26606@nautica>
 <20180804020806.GA32338@nautica>
 <20180805064410.GA26807@nautica>
 <20180805141253.GA22780@nautica>
 <20180805233921.GA5773@nautica>
 <CAPDqMeptLoLZ2RU+T-d7YwkO2AeKV+nfow4C-LqqeZd9mo-vMg@mail.gmail.com>
Mime-Version: 1.0
Content-Type: text/plain; charset=utf-8
Cc: Linux Kernel Network Developers <netdev@vger.kernel.org>
To: Tom Herbert <tom@quantonium.net>
Return-path: <netdev-owner@vger.kernel.org>
Received: from nautica.notk.org ([91.121.71.147]:43846 "EHLO nautica.notk.org"
        rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP
        id S1726890AbeHJAdy (ORCPT <rfc822;netdev@vger.kernel.org>);
        Thu, 9 Aug 2018 20:33:54 -0400
Content-Disposition: inline
In-Reply-To: <CAPDqMeptLoLZ2RU+T-d7YwkO2AeKV+nfow4C-LqqeZd9mo-vMg@mail.gmail.com>
Sender: netdev-owner@vger.kernel.org
List-ID: <netdev.vger.kernel.org>

Tom Herbert wrote on Thu, Aug 09, 2018:
> > diff --git a/net/strparser/strparser.c b/net/strparser/strparser.c
> > index 625acb27efcc..348ff5945591 100644
> > --- a/net/strparser/strparser.c
> > +++ b/net/strparser/strparser.c
> > @@ -222,6 +222,16 @@ static int __strp_recv(read_descriptor_t *desc, struct sk_buff *orig_skb,
> >                 if (!stm->strp.full_len) {
> >                         ssize_t len;
> >
> > +                       /* Can only parse if there is no offset */
> > +                       if (unlikely(stm->strp.offset)) {
> > +                               if (!pskb_pull(skb, stm->strp.offset)) {
> > +                                       STRP_STATS_INCR(strp->stats.mem_fail);
> > +                                       strp_parser_err(strp, -ENOMEM, desc);
> > +                                       break;
> > +                               }
> > +                               stm->strp.offset = 0;
> > +                       }
> > +
> 
> Seems okay to me for a fix.

Hmm, if you say so, I'll send this as a patch for broader comments right
away.

> Looks like strp.offset is only set in one place and read in one
> place. With this pull maybe that just can go away?

Good point, when strp.offset is set the full_len is also being init'd so
we will necessarily do the pull next...

But the way tls uses strparser is also kind of weird, since they modify
the strp_msg's offset and full_len, I wouldn't want to assume we can't
have full_len == 0 *again* later with a non zero offset...
On the other hand they do handle non-zero offset in their parse function
so they'd be ok with that... Ultimately it's probably closer to a design
choice than anything else.


I'll still send a v0 of the patch as is, because I feel it's easier to
understand that we pull because the existing parse_msg functions do not
handle it properly, and will write a note that I intend to move it up a
few lines as a comment.


Thanks,
-- 
Dominique Martinet