|
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] Re: [Xen-devel] [PATCH net v3] xen-netback: fix fragment detection in checksum setup
From: Paul Durrant <paul.durrant@xxxxxxxxxx> Date: Fri, 29 Nov 2013 10:52:08 +0000 > @@ -1166,15 +1166,27 @@ static int checksum_setup_ip(struct xenvif *vif, > struct sk_buff *skb, > struct iphdr *iph = (void *)skb->data; > unsigned int header_size; > unsigned int off; > + bool fragment; > int err = -EPROTO; > > + fragment = false; > + > off = sizeof(struct iphdr); > > header_size = skb->network_header + off + MAX_IPOPTLEN; > maybe_pull_tail(skb, header_size); > > + if (iph->frag_off & htons(IP_OFFSET | IP_MF)) > + fragment = true; This function has a serious problem. maybe_pull_tail() can change skb->data, therefore this "iph" pointer can become invalid, you're essentially dereferencing garbage if maybe_pull_tail() actually does any work. Secondly, do you really (even rate limited) want to span the system log just because some ipv4 fragmented frames end up here? That doesn't make any sense to me. Maybe bump a statistic or something like that, but a log message triggerable by a remote entity? No way. _______________________________________________ Xen-devel mailing list Xen-devel@xxxxxxxxxxxxx http://lists.xen.org/xen-devel
|
 |
Lists.xenproject.org is hosted with RackSpace, monitoring our |