From: Paolo Abeni <pabeni@redhat.com>
To: netdev@vger.kernel.org
Cc: "David S. Miller" <davem@davemloft.net>,
Eric Dumazet <edumazet@google.com>,
Jakub Kicinski <kuba@kernel.org>, Simon Horman <horms@kernel.org>,
Donald Hunter <donald.hunter@gmail.com>,
Andrew Lunn <andrew+netdev@lunn.ch>,
Shuah Khan <shuah@kernel.org>,
Willem de Bruijn <willemdebruijn.kernel@gmail.com>,
sdf@fomichev.me, petrm@nvidia.com, razor@blackwall.org,
idosch@nvidia.com
Subject: Re: [PATCH v5 net-next 08/10] geneve: extract hint option at GRO stage
Date: Thu, 22 Jan 2026 15:57:39 +0100 [thread overview]
Message-ID: <c5f875fc-9d87-42e3-bc33-59864e206f96@redhat.com> (raw)
In-Reply-To: <cd0e9dc42ba83f388b604097cffe268ffcb53351.1769011015.git.pabeni@redhat.com>
On 1/21/26 5:11 PM, Paolo Abeni wrote:
> @@ -566,6 +726,25 @@ static struct sk_buff *geneve_gro_receive(struct sock *sk,
> goto out;
> }
>
> + /* The GRO hint/nested hdr could use a different ethernet type. */
> + hint_off = geneve_sk_gro_hint_off(sk, gh, &type, &gh_len);
> + if (hint_off) {
> + const struct geneve_opt_gro_hint *gro_hint;
> +
> + /*
> + * If the hint is present, and nested hdr validation fails, do
> + * not attempt plain GRO: it will ignore inner hdrs and cause
> + * OoO.
> + */
> + gh = skb_gro_header(skb, off_gnv + gh_len, off_gnv);
> + if (unlikely(!gh))
> + goto out;
> +
> + gro_hint = geneve_opt_gro_hint(gh, hint_off);
> + if (!geneve_opt_gro_hint_validate_csum(skb, gh, gro_hint))
> + goto out;
> + }
> +
> list_for_each_entry(p, head, list) {
> if (!NAPI_GRO_CB(p)->same_flow)
> continue;
AI review reports a possible OoB access later on in:
if (gh->opt_len != gh2->opt_len ||
memcmp(gh, gh2, gh_len)) {
NAPI_GRO_CB(p)->same_flow = 0;
continue;
}
specifically in the memcmp() accessing bytes not pulled yet from gh2. I
think such OoB access is not possible: before reaching the buffer bounds
the other packet hdr should match the current one geneve hdr, including
the hint option. Thus, while processing the such packet, the GRO stage
should have already pulled all the relevant data.
I think this is simply too much to get for the LLM, at least ATM.
Side note: I was sure I did the shellcheck test before posting, but nipa
says I at very least forgot about it before some latest update (warn in
patch 10). @Jakub: please LMK if you prefer another revision.
/P
next prev parent reply other threads:[~2026-01-22 14:57 UTC|newest]
Thread overview: 20+ messages / expand[flat|nested] mbox.gz Atom feed top
2026-01-21 16:11 [PATCH v5 net-next 00/10] geneve: introduce double tunnel GSO/GRO support Paolo Abeni
2026-01-21 16:11 ` [PATCH v5 net-next 01/10] net: introduce mangleid_features Paolo Abeni
2026-01-21 16:15 ` Eric Dumazet
2026-01-23 19:32 ` Jakub Kicinski
2026-01-21 16:11 ` [PATCH v5 net-next 02/10] geneve: expose gso partial features for tunnel offload Paolo Abeni
2026-01-21 16:11 ` [PATCH v5 net-next 03/10] vxlan: " Paolo Abeni
2026-01-21 16:11 ` [PATCH v5 net-next 04/10] geneve: add netlink support for GRO hint Paolo Abeni
2026-01-21 16:11 ` [PATCH v5 net-next 05/10] geneve: constify geneve_hlen() Paolo Abeni
2026-01-21 16:11 ` [PATCH v5 net-next 06/10] geneve: pass the geneve device ptr to geneve_build_skb() Paolo Abeni
2026-01-21 16:11 ` [PATCH v5 net-next 07/10] geneve: add GRO hint output path Paolo Abeni
2026-01-21 16:11 ` [PATCH v5 net-next 08/10] geneve: extract hint option at GRO stage Paolo Abeni
2026-01-22 14:57 ` Paolo Abeni [this message]
2026-01-23 17:54 ` Simon Horman
2026-01-23 17:53 ` [v5,net-next,08/10] " Simon Horman
2026-01-21 16:11 ` [PATCH v5 net-next 09/10] geneve: use GRO hint option in the RX path Paolo Abeni
2026-01-21 16:11 ` [PATCH v5 net-next 10/10] selftests: net: tests for add double tunneling GRO/GSO Paolo Abeni
2026-01-22 10:05 ` Petr Machata
2026-01-23 19:33 ` [PATCH v5 net-next 00/10] geneve: introduce double tunnel GSO/GRO support Jakub Kicinski
2026-01-26 14:15 ` Paolo Abeni
2026-01-23 19:50 ` patchwork-bot+netdevbpf
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=c5f875fc-9d87-42e3-bc33-59864e206f96@redhat.com \
--to=pabeni@redhat.com \
--cc=andrew+netdev@lunn.ch \
--cc=davem@davemloft.net \
--cc=donald.hunter@gmail.com \
--cc=edumazet@google.com \
--cc=horms@kernel.org \
--cc=idosch@nvidia.com \
--cc=kuba@kernel.org \
--cc=netdev@vger.kernel.org \
--cc=petrm@nvidia.com \
--cc=razor@blackwall.org \
--cc=sdf@fomichev.me \
--cc=shuah@kernel.org \
--cc=willemdebruijn.kernel@gmail.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox