From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-16.6 required=3.0 tests=DKIMWL_WL_MED,DKIM_SIGNED, DKIM_VALID,DKIM_VALID_AU,HEADER_FROM_DIFFERENT_DOMAINS,INCLUDES_PATCH, MAILING_LIST_MULTI,SIGNED_OFF_BY,SPF_PASS,USER_AGENT_GIT,USER_IN_DEF_DKIM_WL autolearn=ham autolearn_force=no version=3.4.0 Received: from mail.kernel.org (mail.kernel.org [198.145.29.99]) by smtp.lore.kernel.org (Postfix) with ESMTP id EAFFCC43381 for ; Mon, 1 Apr 2019 20:57:46 +0000 (UTC) Received: from vger.kernel.org (vger.kernel.org [209.132.180.67]) by mail.kernel.org (Postfix) with ESMTP id BBCC7208E4 for ; Mon, 1 Apr 2019 20:57:46 +0000 (UTC) Authentication-Results: mail.kernel.org; dkim=pass (2048-bit key) header.d=google.com header.i=@google.com header.b="fGwYylDp" Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1728558AbfDAU5p (ORCPT ); Mon, 1 Apr 2019 16:57:45 -0400 Received: from mail-it1-f201.google.com ([209.85.166.201]:40528 "EHLO mail-it1-f201.google.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1728551AbfDAU5p (ORCPT ); Mon, 1 Apr 2019 16:57:45 -0400 Received: by mail-it1-f201.google.com with SMTP id j8so744574ita.5 for ; Mon, 01 Apr 2019 13:57:44 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20161025; h=date:in-reply-to:message-id:mime-version:references:subject:from:to :cc; bh=QvC+6KsvhsCBwL8xB3lTNmZCB09+RPOf/VOErLE0ZCo=; b=fGwYylDpN3OpfKwA53Tg7u2Z3YC5EhaQrsWWnIasm70wmXpi+klnRLKAZQDFC1PG8S +kJp3xKiih9Y+1XVI74ETqF/AA+50FS6qkWD2+7no4Gr9z8/sAGuf86t/vpFVRfZ824z G+T5vrsAIRjtsqnmdBNjc3DyNXq07UWxSvNaEv4WfuyaXVk/JFScJpZnFSlyWQ+djDNF nQ3MxjsvarmwHzCbIp2evXUftna1JK8TG87gNSP1H7u7lkxkgEkQ+rtE662alUT9TEc4 mAv5zdBCXOpntEpb92riFle3URMlpPgtrFvrG75RBROTHWKY3Yy7+pCE24e6S338GAab l9HA== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:date:in-reply-to:message-id:mime-version :references:subject:from:to:cc; bh=QvC+6KsvhsCBwL8xB3lTNmZCB09+RPOf/VOErLE0ZCo=; b=GVKU4j5uQfUuy8sqQOAaE3TZVbTTDkcCU3KFdwdbxibOE/7aDse3wygca9cO3Z7Yli l2+1EgxlirWE3P0+7+3KnB8Zx/ckCEVkEwuehuDDBVIZYrCZEBEz8kH9gLU9Kfu8DU66 xvu0dG7Cdn237ACW2Y86n5RbuhjbhqXYgHv4vgDCSyo2evD+ROjdtDZbDwmHSUKjmOnB uZ6Fl4mps854MLtnmq/suG3FEHKdQdYHa44knbcHmiVM34tAVxvP29um3QSETovRFfft RFEzxj3OhVk3xoRH1kPP5zu5/dkuuoLOMhkVW8Qh55JRpSOaWH53hpSoY0FAeW7gchIx Gq4w== X-Gm-Message-State: APjAAAX3VFOzdKXi2Jg+Wl8ugeTv7pUHTMZAG6j7kt8bjt/zaXDTywPt xv2l3lYqkTOFnGIDPCSh6OCnFPHEl7KoHojjUw19aj71bbsFuL+BiL2lWu8eACe7OEE0mVojqK6 Z/igrKIxQ/7yvrYpEUX718IgeH3PN2RNFXPbuhyHFYYHGUPe2yCludw== X-Google-Smtp-Source: APXvYqxSzRrsafFo99wqOK7ZGq9+30NvLFSeYT+ty2PNRuDj8MnfOxI/yHeWe76QrePN6U0LZFKBCEk= X-Received: by 2002:a24:2f4c:: with SMTP id j73mr6659678itj.24.1554152264349; Mon, 01 Apr 2019 13:57:44 -0700 (PDT) Date: Mon, 1 Apr 2019 13:57:32 -0700 In-Reply-To: <20190401205734.4400-1-sdf@google.com> Message-Id: <20190401205734.4400-4-sdf@google.com> Mime-Version: 1.0 References: <20190401205734.4400-1-sdf@google.com> X-Mailer: git-send-email 2.21.0.392.gf8f6787159e-goog Subject: [PATCH bpf 3/5] flow_dissector: fix clamping of BPF flow_keys for non-zero nhoff From: Stanislav Fomichev To: netdev@vger.kernel.org, bpf@vger.kernel.org Cc: davem@davemloft.net, ast@kernel.org, daniel@iogearbox.net, simon.horman@netronome.com, willemb@google.com, peterpenkov96@gmail.com, Stanislav Fomichev Content-Type: text/plain; charset="UTF-8" Sender: netdev-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: netdev@vger.kernel.org Don't allow BPF program to set flow_keys->nhoff to less than initial value. We currently don't read the value afterwards in anything but the tests, but it's still a good practice to return consistent values to the test programs. Signed-off-by: Stanislav Fomichev --- net/core/flow_dissector.c | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/net/core/flow_dissector.c b/net/core/flow_dissector.c index 9b84250039df..94a450b2191a 100644 --- a/net/core/flow_dissector.c +++ b/net/core/flow_dissector.c @@ -717,7 +717,8 @@ bool __skb_flow_bpf_dissect(struct bpf_prog *prog, /* Restore state */ memcpy(cb, &cb_saved, sizeof(cb_saved)); - flow_keys->nhoff = clamp_t(u16, flow_keys->nhoff, 0, skb->len); + flow_keys->nhoff = clamp_t(u16, flow_keys->nhoff, + skb_network_offset(skb), skb->len); flow_keys->thoff = clamp_t(u16, flow_keys->thoff, flow_keys->nhoff, skb->len); -- 2.21.0.392.gf8f6787159e-goog