lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite for Android: free password hash cracker in your pocket
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-Id: <1171332919.19842.74.camel@localhost.localdomain>
Date:	Tue, 13 Feb 2007 13:15:18 +1100
From:	Rusty Russell <rusty@...tcorp.com.au>
To:	Herbert Xu <herbert@...dor.apana.org.au>
Cc:	Andrew Morton <akpm@...ux-foundation.org>,
	lkml - Kernel Mailing List <linux-kernel@...r.kernel.org>,
	virtualization <virtualization@...ts.osdl.org>,
	jgarzik <jgarzik@...ox.com>
Subject: Re: [PATCH 5/8] lguest: trivial guest network driver

On Tue, 2007-02-13 at 02:55 +1100, Herbert Xu wrote:
> On Mon, Feb 12, 2007 at 02:52:01PM +1100, Rusty Russell wrote:
> >
> > +static void skb_to_dma(const struct sk_buff *skb, unsigned int len,
> > +		       struct lguest_dma *dma)
> > +{
> > +	unsigned int i, seg;
> > +
> > +	for (i = seg = 0; i < len; seg++, i += rest_of_page(skb->data + i)) {
> 
> The length field from the skb covers the fragmented parts as well.
> So you don't want to use it as the boundary for the loop over the
> skb header data.  As it is, if the skb has fragments, the first
> loop will try to read them off the header.

Good spotting!  This function needs to be passed skb_headlen(skb),
rather than skb->len.  Patch is below (I renamed the parameter as well,
for clarity).

It's fascinating why this "worked".  Firstly, for inter-guest
communication, I am not calculating checksums, nor checking them.
Secondly, for guest->host, I turn off hw checksumming so the kernel
disables SG and this code is never executed.  Thirdly, for virtbench's
inter-guest sendfile test does not check the data received is actually
correct.  Finally, while we end up producing a packet which is larger
than skb->len of 1514, the DMA receive buffer for the other guest is
only 1514 bytes, so the result of the transfer is 1514 (==skb->len), so
no error reported by the driver.

==
lguest network driver fix: handle scatter-gather packets correctly

Thanks to Herbert Xu for noticing the bug: "len" here is skb_headlen(),
not skb->len.  Renamed the function to clarify, too.

Signed-off-by: Rusty Russell <rusty@...tcorp.com.au>

diff -r ed6484d145a4 drivers/net/lguest_net.c
--- a/drivers/net/lguest_net.c	Tue Feb 13 11:30:39 2007 +1100
+++ b/drivers/net/lguest_net.c	Tue Feb 13 12:07:15 2007 +1100
@@ -59,14 +59,14 @@ static unsigned long peer_addr(struct lg
 	return info->peer_phys + 4 * peernum;
 }
 
-static void skb_to_dma(const struct sk_buff *skb, unsigned int len,
+static void skb_to_dma(const struct sk_buff *skb, unsigned int headlen,
 		       struct lguest_dma *dma)
 {
 	unsigned int i, seg;
 
-	for (i = seg = 0; i < len; seg++, i += rest_of_page(skb->data + i)) {
+	for (i = seg = 0; i < headlen; seg++, i += rest_of_page(skb->data+i)) {
 		dma->addr[seg] = virt_to_phys(skb->data + i);
-		dma->len[seg] = min((unsigned)(len - i),
+		dma->len[seg] = min((unsigned)(headlen - i),
 				    rest_of_page(skb->data + i));
 	}
 	for (i = 0; i < skb_shinfo(skb)->nr_frags; i++, seg++) {
@@ -90,7 +90,7 @@ static void transfer_packet(struct net_d
 	struct lguestnet_info *info = dev->priv;
 	struct lguest_dma dma;
 
-	skb_to_dma(skb, skb->len, &dma);
+	skb_to_dma(skb, skb_headlen(skb), &dma);
 	pr_debug("xfer length %04x (%u)\n", htons(skb->len), skb->len);
 
 	hcall(LHCALL_SEND_DMA, peer_addr(info,peernum), __pa(&dma),0);


-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ