Re: [PATCH net] udp: fix segmentation crash for GRO packet without fraglist

From: Willem de Bruijn
Date: Mon Apr 29 2024 - 17:15:21 EST

Next message: Daniel Borkmann: "Re: linux-next: manual merge of the bpf-next tree with the net tree"
Previous message: Francesco Valla: "Re: [PATCH] Documentation: networking: document ISO 15765-2"
In reply to: Daniel Borkmann: "Re: [PATCH net] udp: fix segmentation crash for GRO packet without fraglist"
Next in thread: Maciej Żenczykowski: "Re: [PATCH net] udp: fix segmentation crash for GRO packet without fraglist"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

> >> The 'write_len > skb_headlen(skb)' test is redundant, no ?
> >>
> >> It is covered by the earlier test :
> >>
> >> if (likely(len <= skb_headlen(skb)))
> >> return SKB_NOT_DROPPED_YET;
> >>
> > Daniel, it is not redundant. The bpf pulls a len between
> > skb_headlen(skb) and skb->len that results in error. Here it will stop
> > this operation. For other skbs(not SKB_GSO_FRAGLIST) it could be a
> > normal behaviour and will continue to do next pulling.
>
> I meant something like the below. The len <= skb_headlen(skb) case you
> already return earlier with SKB_NOT_DROPPED_YET. Willem, do you see a
> case where this should not live in pskb_may_pull_reason() but rather
> specifically in skb_ensure_writable()?

Yes. pskb_may_pull is called all over the hot path. All in locations
that are known safe, because they only pull header bytes. I prefer to
limit the branch to the few (user configurable) locations that are in
scope.

Next message: Daniel Borkmann: "Re: linux-next: manual merge of the bpf-next tree with the net tree"
Previous message: Francesco Valla: "Re: [PATCH] Documentation: networking: document ISO 15765-2"
In reply to: Daniel Borkmann: "Re: [PATCH net] udp: fix segmentation crash for GRO packet without fraglist"
Next in thread: Maciej Żenczykowski: "Re: [PATCH net] udp: fix segmentation crash for GRO packet without fraglist"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]