mirror of
https://git.kernel.org/pub/scm/linux/kernel/git/next/linux-next.git
synced 2025-01-09 15:29:16 +00:00
net: Don't set transport offset to invalid value
If the socket was created with socket(AF_PACKET, SOCK_RAW, 0), skb->protocol will be unset, __skb_flow_dissect() will fail, and skb_probe_transport_header() will fall back to the offset_hint, making the resulting skb_transport_offset incorrect. If, however, there is no transport header in the packet, transport_header shouldn't be set to an arbitrary value. Fix it by leaving the transport offset unset if it couldn't be found, to be explicit rather than to fill it with some wrong value. It changes the behavior, but if some code relied on the old behavior, it would be broken anyway, as the old one is incorrect. Signed-off-by: Maxim Mikityanskiy <maximmi@mellanox.com> Signed-off-by: David S. Miller <davem@davemloft.net>
This commit is contained in:
parent
5328b633c9
commit
d2aa125d62
@ -712,7 +712,7 @@ static ssize_t tap_get_user(struct tap_queue *q, void *msg_control,
|
|||||||
goto err_kfree;
|
goto err_kfree;
|
||||||
}
|
}
|
||||||
|
|
||||||
skb_probe_transport_header(skb, ETH_HLEN);
|
skb_probe_transport_header(skb);
|
||||||
|
|
||||||
/* Move network header to the right position for VLAN tagged packets */
|
/* Move network header to the right position for VLAN tagged packets */
|
||||||
if ((skb->protocol == htons(ETH_P_8021Q) ||
|
if ((skb->protocol == htons(ETH_P_8021Q) ||
|
||||||
@ -1187,7 +1187,7 @@ static int tap_get_user_xdp(struct tap_queue *q, struct xdp_buff *xdp)
|
|||||||
tap = rcu_dereference(q->tap);
|
tap = rcu_dereference(q->tap);
|
||||||
if (tap) {
|
if (tap) {
|
||||||
skb->dev = tap->dev;
|
skb->dev = tap->dev;
|
||||||
skb_probe_transport_header(skb, ETH_HLEN);
|
skb_probe_transport_header(skb);
|
||||||
dev_queue_xmit(skb);
|
dev_queue_xmit(skb);
|
||||||
} else {
|
} else {
|
||||||
kfree_skb(skb);
|
kfree_skb(skb);
|
||||||
|
@ -1929,7 +1929,7 @@ static ssize_t tun_get_user(struct tun_struct *tun, struct tun_file *tfile,
|
|||||||
}
|
}
|
||||||
|
|
||||||
skb_reset_network_header(skb);
|
skb_reset_network_header(skb);
|
||||||
skb_probe_transport_header(skb, 0);
|
skb_probe_transport_header(skb);
|
||||||
|
|
||||||
if (skb_xdp) {
|
if (skb_xdp) {
|
||||||
struct bpf_prog *xdp_prog;
|
struct bpf_prog *xdp_prog;
|
||||||
@ -2482,7 +2482,7 @@ build:
|
|||||||
|
|
||||||
skb->protocol = eth_type_trans(skb, tun->dev);
|
skb->protocol = eth_type_trans(skb, tun->dev);
|
||||||
skb_reset_network_header(skb);
|
skb_reset_network_header(skb);
|
||||||
skb_probe_transport_header(skb, 0);
|
skb_probe_transport_header(skb);
|
||||||
|
|
||||||
if (skb_xdp) {
|
if (skb_xdp) {
|
||||||
err = do_xdp_generic(xdp_prog, skb);
|
err = do_xdp_generic(xdp_prog, skb);
|
||||||
|
@ -1169,15 +1169,24 @@ static int xenvif_tx_submit(struct xenvif_queue *queue)
|
|||||||
continue;
|
continue;
|
||||||
}
|
}
|
||||||
|
|
||||||
skb_probe_transport_header(skb, 0);
|
skb_probe_transport_header(skb);
|
||||||
|
|
||||||
/* If the packet is GSO then we will have just set up the
|
/* If the packet is GSO then we will have just set up the
|
||||||
* transport header offset in checksum_setup so it's now
|
* transport header offset in checksum_setup so it's now
|
||||||
* straightforward to calculate gso_segs.
|
* straightforward to calculate gso_segs.
|
||||||
*/
|
*/
|
||||||
if (skb_is_gso(skb)) {
|
if (skb_is_gso(skb)) {
|
||||||
int mss = skb_shinfo(skb)->gso_size;
|
int mss, hdrlen;
|
||||||
int hdrlen = skb_transport_header(skb) -
|
|
||||||
|
/* GSO implies having the L4 header. */
|
||||||
|
WARN_ON_ONCE(!skb_transport_header_was_set(skb));
|
||||||
|
if (unlikely(!skb_transport_header_was_set(skb))) {
|
||||||
|
kfree_skb(skb);
|
||||||
|
continue;
|
||||||
|
}
|
||||||
|
|
||||||
|
mss = skb_shinfo(skb)->gso_size;
|
||||||
|
hdrlen = skb_transport_header(skb) -
|
||||||
skb_mac_header(skb) +
|
skb_mac_header(skb) +
|
||||||
tcp_hdrlen(skb);
|
tcp_hdrlen(skb);
|
||||||
|
|
||||||
|
@ -2429,8 +2429,7 @@ static inline void skb_pop_mac_header(struct sk_buff *skb)
|
|||||||
skb->mac_header = skb->network_header;
|
skb->mac_header = skb->network_header;
|
||||||
}
|
}
|
||||||
|
|
||||||
static inline void skb_probe_transport_header(struct sk_buff *skb,
|
static inline void skb_probe_transport_header(struct sk_buff *skb)
|
||||||
const int offset_hint)
|
|
||||||
{
|
{
|
||||||
struct flow_keys_basic keys;
|
struct flow_keys_basic keys;
|
||||||
|
|
||||||
@ -2439,8 +2438,6 @@ static inline void skb_probe_transport_header(struct sk_buff *skb,
|
|||||||
|
|
||||||
if (skb_flow_dissect_flow_keys_basic(skb, &keys, NULL, 0, 0, 0, 0))
|
if (skb_flow_dissect_flow_keys_basic(skb, &keys, NULL, 0, 0, 0, 0))
|
||||||
skb_set_transport_header(skb, keys.control.thoff);
|
skb_set_transport_header(skb, keys.control.thoff);
|
||||||
else if (offset_hint >= 0)
|
|
||||||
skb_set_transport_header(skb, offset_hint);
|
|
||||||
}
|
}
|
||||||
|
|
||||||
static inline void skb_mac_header_rebuild(struct sk_buff *skb)
|
static inline void skb_mac_header_rebuild(struct sk_buff *skb)
|
||||||
|
@ -62,7 +62,7 @@ static inline int virtio_net_hdr_to_skb(struct sk_buff *skb,
|
|||||||
* probe and drop if does not match one of the above types.
|
* probe and drop if does not match one of the above types.
|
||||||
*/
|
*/
|
||||||
if (gso_type) {
|
if (gso_type) {
|
||||||
skb_probe_transport_header(skb, -1);
|
skb_probe_transport_header(skb);
|
||||||
if (!skb_transport_header_was_set(skb))
|
if (!skb_transport_header_was_set(skb))
|
||||||
return -EINVAL;
|
return -EINVAL;
|
||||||
}
|
}
|
||||||
|
@ -1970,7 +1970,7 @@ retry:
|
|||||||
if (unlikely(extra_len == 4))
|
if (unlikely(extra_len == 4))
|
||||||
skb->no_fcs = 1;
|
skb->no_fcs = 1;
|
||||||
|
|
||||||
skb_probe_transport_header(skb, 0);
|
skb_probe_transport_header(skb);
|
||||||
|
|
||||||
dev_queue_xmit(skb);
|
dev_queue_xmit(skb);
|
||||||
rcu_read_unlock();
|
rcu_read_unlock();
|
||||||
@ -2519,7 +2519,7 @@ static int tpacket_fill_skb(struct packet_sock *po, struct sk_buff *skb,
|
|||||||
len = ((to_write > len_max) ? len_max : to_write);
|
len = ((to_write > len_max) ? len_max : to_write);
|
||||||
}
|
}
|
||||||
|
|
||||||
skb_probe_transport_header(skb, 0);
|
skb_probe_transport_header(skb);
|
||||||
|
|
||||||
return tp_len;
|
return tp_len;
|
||||||
}
|
}
|
||||||
@ -2925,7 +2925,7 @@ static int packet_snd(struct socket *sock, struct msghdr *msg, size_t len)
|
|||||||
virtio_net_hdr_set_proto(skb, &vnet_hdr);
|
virtio_net_hdr_set_proto(skb, &vnet_hdr);
|
||||||
}
|
}
|
||||||
|
|
||||||
skb_probe_transport_header(skb, reserve);
|
skb_probe_transport_header(skb);
|
||||||
|
|
||||||
if (unlikely(extra_len == 4))
|
if (unlikely(extra_len == 4))
|
||||||
skb->no_fcs = 1;
|
skb->no_fcs = 1;
|
||||||
|
Loading…
x
Reference in New Issue
Block a user