[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <20131106133045.GA20931@gondor.apana.org.au>
Date: Wed, 6 Nov 2013 21:30:45 +0800
From: Herbert Xu <herbert@...dor.apana.org.au>
To: Eric Dumazet <eric.dumazet@...il.com>
Cc: Ben Hutchings <bhutchings@...arflare.com>,
David Miller <davem@...emloft.net>,
christoph.paasch@...ouvain.be, netdev@...r.kernel.org,
hkchu@...gle.com, mwdalton@...gle.com
Subject: Re: gso: Attempt to handle mega-GRO packets
On Wed, Nov 06, 2013 at 08:39:00PM +0800, Herbert Xu wrote:
>
> That patch obviously didn't have a chance of working since I missed
> a continue.
>
> Here is a better version.
In order to handle malicious GSO packets that is now possible with
the use of frag_list in virtio_net, we need to remove the BUG_ONs.
diff --git a/net/core/skbuff.c b/net/core/skbuff.c
index 3735fad..f336e5c 100644
--- a/net/core/skbuff.c
+++ b/net/core/skbuff.c
@@ -2816,7 +2816,44 @@ struct sk_buff *skb_segment(struct sk_buff *skb, netdev_features_t features)
hsize = len;
if (!hsize && i >= nfrags) {
- BUG_ON(fskb->len != len);
+ if (fskb->len != len) {
+ if (skb_has_frag_list(fskb)) {
+ net_warn_ratelimited(
+ "skb_segment: "
+ "nested frag_list detected");
+ err = -EINVAL;
+ goto err;
+ }
+
+ nskb = skb_segment(fskb, features);
+
+ err = PTR_ERR(nskb);
+ if (IS_ERR(nskb))
+ goto err;
+ err = -ENOMEM;
+
+ if (segs)
+ tail->next = nskb;
+ else
+ segs = nskb;
+
+ tail = nskb;
+ while (tail->next)
+ tail = tail->next;
+
+ if (fskb->next && tail->len != len) {
+ net_warn_ratelimited(
+ "skb_segment: "
+ "illegal GSO fragment: %u %u",
+ tail->len, len);
+ err = -EINVAL;
+ goto err;
+ }
+
+ len = fskb->len;
+ fskb = fskb->next;
+ continue;
+ }
pos += len;
nskb = skb_clone(fskb, GFP_ATOMIC);
@@ -2905,7 +2942,14 @@ struct sk_buff *skb_segment(struct sk_buff *skb, netdev_features_t features)
if (pos < offset + len) {
struct sk_buff *fskb2 = fskb;
- BUG_ON(pos + fskb->len != offset + len);
+ if (pos + fskb->len != offset + len) {
+ net_warn_ratelimited(
+ "skb_segment: "
+ "illegal GSO trailer: %u %u",
+ pos + fskb->len, offset + len);
+ err = -EINVAL;
+ goto err;
+ }
pos += fskb->len;
fskb = fskb->next;
Cheers,
--
Email: Herbert Xu <herbert@...dor.apana.org.au>
Home Page: http://gondor.apana.org.au/~herbert/
PGP Key: http://gondor.apana.org.au/~herbert/pubkey.txt
--
To unsubscribe from this list: send the line "unsubscribe netdev" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at http://vger.kernel.org/majordomo-info.html
Powered by blists - more mailing lists