[PATCH] rionet: Don't try to corrupt skbuff assigning data pointer directly

netdev.vger.kernel.org archive mirror
 help / color / mirror / Atom feed

* [PATCH] rionet: Don't try to corrupt skbuff assigning data pointer directly
@ 2015-07-01 13:01 Alexander Sverdlin
  2015-07-02 19:12 ` David Miller
  0 siblings, 1 reply; 4+ messages in thread
From: Alexander Sverdlin @ 2015-07-01 13:01 UTC (permalink / raw)
  To: netdev, David Miller, Matt Porter
  Cc: Alexandre Bounine, Frank Kunz, Marek Krzyzowski

It's not allowed to assign data pointer of skbuff directly, this makes no sense
if the assigned pointer is the very same as already existing one, or it brakes
all the pointer arithmetics in all other cases. We cannot do better as just
compare them and report BUG() in case of mismatch.

Signed-off-by: Alexander Sverdlin <alexander.sverdlin@nokia.com>
---

We came across this problem developing new code for Octeon2 RAPIDIO. For the last
10 years since original commit of the code this assignment did nothing as the
pointers were always same. But the bug in the new code discovered this one. So
better do BUG() immediately here, this would prevent longer debugging of the
following skbuff corruption.

 drivers/net/rionet.c | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/drivers/net/rionet.c b/drivers/net/rionet.c
index dac7a0d..34c27b8 100644
--- a/drivers/net/rionet.c
+++ b/drivers/net/rionet.c
@@ -104,7 +104,8 @@ static int rionet_rx_clean(struct net_device *ndev)
 		if (!(data = rio_get_inb_message(rnet->mport, RIONET_MAILBOX)))
 			break;

-		rnet->rx_skb[i]->data = data;
+		if (rnet->rx_skb[i]->data != data)
+			BUG();
 		skb_put(rnet->rx_skb[i], RIO_MAX_MSG_SIZE);
 		rnet->rx_skb[i]->protocol =
 		    eth_type_trans(rnet->rx_skb[i], ndev);

^ permalink raw reply related	[flat|nested] 4+ messages in thread

* Re: [PATCH] rionet: Don't try to corrupt skbuff assigning data pointer directly
  2015-07-01 13:01 [PATCH] rionet: Don't try to corrupt skbuff assigning data pointer directly Alexander Sverdlin
@ 2015-07-02 19:12 ` David Miller
  2015-07-03  7:24   ` Alexander Sverdlin
  0 siblings, 1 reply; 4+ messages in thread
From: David Miller @ 2015-07-02 19:12 UTC (permalink / raw)
  To: alexander.sverdlin
  Cc: netdev, mporter, alexandre.bounine, frank.kunz, marek.krzyzowski

From: Alexander Sverdlin <alexander.sverdlin@nokia.com>
Date: Wed, 1 Jul 2015 15:01:11 +0200

> It's not allowed to assign data pointer of skbuff directly, this makes no sense
> if the assigned pointer is the very same as already existing one, or it brakes
> all the pointer arithmetics in all other cases. We cannot do better as just
> compare them and report BUG() in case of mismatch.
> 
> Signed-off-by: Alexander Sverdlin <alexander.sverdlin@nokia.com>

BUG takes the entire machine out, which is worse than corrupting the
skb->data

If you really want to assert this condition, do it in a way that
doesn't kill the entire machine.

^ permalink raw reply	[flat|nested] 4+ messages in thread

* Re: [PATCH] rionet: Don't try to corrupt skbuff assigning data pointer directly
  2015-07-02 19:12 ` David Miller
@ 2015-07-03  7:24   ` Alexander Sverdlin
  2015-07-03  7:27     ` Krzyzowski, Marek (Nokia - DE/Ulm)
  0 siblings, 1 reply; 4+ messages in thread
From: Alexander Sverdlin @ 2015-07-03  7:24 UTC (permalink / raw)
  To: ext David Miller
  Cc: netdev, mporter, alexandre.bounine, frank.kunz, marek.krzyzowski

Hi David,

On 02/07/15 21:12, ext David Miller wrote:
>> It's not allowed to assign data pointer of skbuff directly, this makes no sense
>> > if the assigned pointer is the very same as already existing one, or it brakes
>> > all the pointer arithmetics in all other cases. We cannot do better as just
>> > compare them and report BUG() in case of mismatch.
>> > 
>> > Signed-off-by: Alexander Sverdlin <alexander.sverdlin@nokia.com>
> BUG takes the entire machine out, which is worse than corrupting the
> skb->data
> 
> If you really want to assert this condition, do it in a way that
> doesn't kill the entire machine.

In fact, the machine goes down, some milliseconds later, but because of the following
inconsistencies, which are misleading. The function has no way to signal an error and
this line of code is simply wrong. To prevent others from copying this error, we can
simply delete it. Would it be fine from your PoV?

-- 
Best regards,
Alexander Sverdlin.

^ permalink raw reply	[flat|nested] 4+ messages in thread

* RE: [PATCH] rionet: Don't try to corrupt skbuff assigning data pointer directly
  2015-07-03  7:24   ` Alexander Sverdlin
@ 2015-07-03  7:27     ` Krzyzowski, Marek (Nokia - DE/Ulm)
  0 siblings, 0 replies; 4+ messages in thread
From: Krzyzowski, Marek (Nokia - DE/Ulm) @ 2015-07-03  7:27 UTC (permalink / raw)
  To: Sverdlin, Alexander (Nokia - DE/Ulm), ext David Miller
  Cc: netdev@vger.kernel.org, mporter@kernel.crashing.org,
	alexandre.bounine@idt.com, Kunz, Frank (Nokia - DE/Ulm)

Hello,


I would prefer to replace this line of code with returning of value, where any non-negative value would indicate success, whereas negative values would indicate some errors. It would mean, of course, no returning of any pointers.

BR
Marek

-----Original Message-----
From: Alexander Sverdlin [mailto:alexander.sverdlin@nokia.com] 
Sent: Friday, July 03, 2015 9:24 AM
To: ext David Miller
Cc: netdev@vger.kernel.org; mporter@kernel.crashing.org; alexandre.bounine@idt.com; Kunz, Frank (Nokia - DE/Ulm); Krzyzowski, Marek (Nokia - DE/Ulm)
Subject: Re: [PATCH] rionet: Don't try to corrupt skbuff assigning data pointer directly

Hi David,

On 02/07/15 21:12, ext David Miller wrote:
>> It's not allowed to assign data pointer of skbuff directly, this makes no sense
>> > if the assigned pointer is the very same as already existing one, or it brakes
>> > all the pointer arithmetics in all other cases. We cannot do better as just
>> > compare them and report BUG() in case of mismatch.
>> > 
>> > Signed-off-by: Alexander Sverdlin <alexander.sverdlin@nokia.com>
> BUG takes the entire machine out, which is worse than corrupting the
> skb->data
> 
> If you really want to assert this condition, do it in a way that
> doesn't kill the entire machine.

In fact, the machine goes down, some milliseconds later, but because of the following
inconsistencies, which are misleading. The function has no way to signal an error and
this line of code is simply wrong. To prevent others from copying this error, we can
simply delete it. Would it be fine from your PoV?

-- 
Best regards,
Alexander Sverdlin.

^ permalink raw reply	[flat|nested] 4+ messages in thread

end of thread, other threads:[~2015-07-03  7:28 UTC | newest]

Thread overview: 4+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2015-07-01 13:01 [PATCH] rionet: Don't try to corrupt skbuff assigning data pointer directly Alexander Sverdlin
2015-07-02 19:12 ` David Miller
2015-07-03  7:24   ` Alexander Sverdlin
2015-07-03  7:27     ` Krzyzowski, Marek (Nokia - DE/Ulm)

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).