aboutsummaryrefslogtreecommitdiff
path: root/scripts/gdb/linux/radixtree.py
diff options
context:
space:
mode:
authorWillem de Bruijn <[email protected]>2022-06-06 09:21:07 -0400
committerJakub Kicinski <[email protected]>2022-06-08 20:34:43 -0700
commit8d21e9963bec1aad2280cdd034c8993033ef2948 (patch)
tree7ebe3eb38c30a7360c49d665f062708ac301fea0 /scripts/gdb/linux/radixtree.py
parentd5d4c36398ba66c033602b117b4be6174b7b8533 (diff)
ip_gre: test csum_start instead of transport header
GRE with TUNNEL_CSUM will apply local checksum offload on CHECKSUM_PARTIAL packets. ipgre_xmit must validate csum_start after an optional skb_pull, else lco_csum may trigger an overflow. The original check was if (csum && skb_checksum_start(skb) < skb->data) return -EINVAL; This had false positives when skb_checksum_start is undefined: when ip_summed is not CHECKSUM_PARTIAL. A discussed refinement was straightforward if (csum && skb->ip_summed == CHECKSUM_PARTIAL && skb_checksum_start(skb) < skb->data) return -EINVAL; But was eventually revised more thoroughly: - restrict the check to the only branch where needed, in an uncommon GRE path that uses header_ops and calls skb_pull. - test skb_transport_header, which is set along with csum_start in skb_partial_csum_set in the normal header_ops datapath. Turns out skbs can arrive in this branch without the transport header set, e.g., through BPF redirection. Revise the check back to check csum_start directly, and only if CHECKSUM_PARTIAL. Do leave the check in the updated location. Check field regardless of whether TUNNEL_CSUM is configured. Link: https://lore.kernel.org/netdev/YS+h%2FtqCJJiQei+W@shredder/ Link: https://lore.kernel.org/all/[email protected]/T/#u Fixes: 8a0ed250f911 ("ip_gre: validate csum_start only on pull") Reported-by: syzbot <[email protected]> Signed-off-by: Willem de Bruijn <[email protected]> Reviewed-by: Eric Dumazet <[email protected]> Reviewed-by: Alexander Duyck <[email protected]> Link: https://lore.kernel.org/r/[email protected] Signed-off-by: Jakub Kicinski <[email protected]>
Diffstat (limited to 'scripts/gdb/linux/radixtree.py')
0 files changed, 0 insertions, 0 deletions