* [PATCH] rionet: Don't try to corrupt skbuff assigning data pointer directly @ 2015-07-01 13:01 Alexander Sverdlin 2015-07-02 19:12 ` David Miller 0 siblings, 1 reply; 4+ messages in thread From: Alexander Sverdlin @ 2015-07-01 13:01 UTC (permalink / raw) To: netdev, David Miller, Matt Porter Cc: Alexandre Bounine, Frank Kunz, Marek Krzyzowski It's not allowed to assign data pointer of skbuff directly, this makes no sense if the assigned pointer is the very same as already existing one, or it brakes all the pointer arithmetics in all other cases. We cannot do better as just compare them and report BUG() in case of mismatch. Signed-off-by: Alexander Sverdlin <alexander.sverdlin@nokia.com> --- We came across this problem developing new code for Octeon2 RAPIDIO. For the last 10 years since original commit of the code this assignment did nothing as the pointers were always same. But the bug in the new code discovered this one. So better do BUG() immediately here, this would prevent longer debugging of the following skbuff corruption. drivers/net/rionet.c | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/drivers/net/rionet.c b/drivers/net/rionet.c index dac7a0d..34c27b8 100644 --- a/drivers/net/rionet.c +++ b/drivers/net/rionet.c @@ -104,7 +104,8 @@ static int rionet_rx_clean(struct net_device *ndev) if (!(data = rio_get_inb_message(rnet->mport, RIONET_MAILBOX))) break; - rnet->rx_skb[i]->data = data; + if (rnet->rx_skb[i]->data != data) + BUG(); skb_put(rnet->rx_skb[i], RIO_MAX_MSG_SIZE); rnet->rx_skb[i]->protocol = eth_type_trans(rnet->rx_skb[i], ndev); ^ permalink raw reply related [flat|nested] 4+ messages in thread
* Re: [PATCH] rionet: Don't try to corrupt skbuff assigning data pointer directly 2015-07-01 13:01 [PATCH] rionet: Don't try to corrupt skbuff assigning data pointer directly Alexander Sverdlin @ 2015-07-02 19:12 ` David Miller 2015-07-03 7:24 ` Alexander Sverdlin 0 siblings, 1 reply; 4+ messages in thread From: David Miller @ 2015-07-02 19:12 UTC (permalink / raw) To: alexander.sverdlin Cc: netdev, mporter, alexandre.bounine, frank.kunz, marek.krzyzowski From: Alexander Sverdlin <alexander.sverdlin@nokia.com> Date: Wed, 1 Jul 2015 15:01:11 +0200 > It's not allowed to assign data pointer of skbuff directly, this makes no sense > if the assigned pointer is the very same as already existing one, or it brakes > all the pointer arithmetics in all other cases. We cannot do better as just > compare them and report BUG() in case of mismatch. > > Signed-off-by: Alexander Sverdlin <alexander.sverdlin@nokia.com> BUG takes the entire machine out, which is worse than corrupting the skb->data If you really want to assert this condition, do it in a way that doesn't kill the entire machine. ^ permalink raw reply [flat|nested] 4+ messages in thread
* Re: [PATCH] rionet: Don't try to corrupt skbuff assigning data pointer directly 2015-07-02 19:12 ` David Miller @ 2015-07-03 7:24 ` Alexander Sverdlin 2015-07-03 7:27 ` Krzyzowski, Marek (Nokia - DE/Ulm) 0 siblings, 1 reply; 4+ messages in thread From: Alexander Sverdlin @ 2015-07-03 7:24 UTC (permalink / raw) To: ext David Miller Cc: netdev, mporter, alexandre.bounine, frank.kunz, marek.krzyzowski Hi David, On 02/07/15 21:12, ext David Miller wrote: >> It's not allowed to assign data pointer of skbuff directly, this makes no sense >> > if the assigned pointer is the very same as already existing one, or it brakes >> > all the pointer arithmetics in all other cases. We cannot do better as just >> > compare them and report BUG() in case of mismatch. >> > >> > Signed-off-by: Alexander Sverdlin <alexander.sverdlin@nokia.com> > BUG takes the entire machine out, which is worse than corrupting the > skb->data > > If you really want to assert this condition, do it in a way that > doesn't kill the entire machine. In fact, the machine goes down, some milliseconds later, but because of the following inconsistencies, which are misleading. The function has no way to signal an error and this line of code is simply wrong. To prevent others from copying this error, we can simply delete it. Would it be fine from your PoV? -- Best regards, Alexander Sverdlin. ^ permalink raw reply [flat|nested] 4+ messages in thread
* RE: [PATCH] rionet: Don't try to corrupt skbuff assigning data pointer directly 2015-07-03 7:24 ` Alexander Sverdlin @ 2015-07-03 7:27 ` Krzyzowski, Marek (Nokia - DE/Ulm) 0 siblings, 0 replies; 4+ messages in thread From: Krzyzowski, Marek (Nokia - DE/Ulm) @ 2015-07-03 7:27 UTC (permalink / raw) To: Sverdlin, Alexander (Nokia - DE/Ulm), ext David Miller Cc: netdev@vger.kernel.org, mporter@kernel.crashing.org, alexandre.bounine@idt.com, Kunz, Frank (Nokia - DE/Ulm) Hello, I would prefer to replace this line of code with returning of value, where any non-negative value would indicate success, whereas negative values would indicate some errors. It would mean, of course, no returning of any pointers. BR Marek -----Original Message----- From: Alexander Sverdlin [mailto:alexander.sverdlin@nokia.com] Sent: Friday, July 03, 2015 9:24 AM To: ext David Miller Cc: netdev@vger.kernel.org; mporter@kernel.crashing.org; alexandre.bounine@idt.com; Kunz, Frank (Nokia - DE/Ulm); Krzyzowski, Marek (Nokia - DE/Ulm) Subject: Re: [PATCH] rionet: Don't try to corrupt skbuff assigning data pointer directly Hi David, On 02/07/15 21:12, ext David Miller wrote: >> It's not allowed to assign data pointer of skbuff directly, this makes no sense >> > if the assigned pointer is the very same as already existing one, or it brakes >> > all the pointer arithmetics in all other cases. We cannot do better as just >> > compare them and report BUG() in case of mismatch. >> > >> > Signed-off-by: Alexander Sverdlin <alexander.sverdlin@nokia.com> > BUG takes the entire machine out, which is worse than corrupting the > skb->data > > If you really want to assert this condition, do it in a way that > doesn't kill the entire machine. In fact, the machine goes down, some milliseconds later, but because of the following inconsistencies, which are misleading. The function has no way to signal an error and this line of code is simply wrong. To prevent others from copying this error, we can simply delete it. Would it be fine from your PoV? -- Best regards, Alexander Sverdlin. ^ permalink raw reply [flat|nested] 4+ messages in thread
end of thread, other threads:[~2015-07-03 7:28 UTC | newest] Thread overview: 4+ messages (download: mbox.gz follow: Atom feed -- links below jump to the message on this page -- 2015-07-01 13:01 [PATCH] rionet: Don't try to corrupt skbuff assigning data pointer directly Alexander Sverdlin 2015-07-02 19:12 ` David Miller 2015-07-03 7:24 ` Alexander Sverdlin 2015-07-03 7:27 ` Krzyzowski, Marek (Nokia - DE/Ulm)
This is a public inbox, see mirroring instructions for how to clone and mirror all data and code used for this inbox; as well as URLs for NNTP newsgroup(s).