Re: [PATCH] cls_u32: use skb_copy_bits() to dereference data safely

[PATCH] cls_u32: use skb_copy_bits() to dereference data safely · Changli Gao <hidden> · 2010-05-31
Re: [PATCH] cls_u32: use skb_copy_bits() to dereference data safely · jamal <hidden> · 2010-06-01
Re: [PATCH] cls_u32: use skb_copy_bits() to dereference data safely · Changli Gao <hidden> · 2010-06-01
Re: [PATCH] cls_u32: use skb_copy_bits() to dereference data safely · jamal <hidden> · 2010-06-02
Re: [PATCH] cls_u32: use skb_copy_bits() to dereference data safely · jamal <hidden> · 2010-06-02
Re: [PATCH] cls_u32: use skb_copy_bits() to dereference data safely · David Miller <davem@davemloft.net> · 2010-06-02
Re: [PATCH] cls_u32: use skb_copy_bits() to dereference data safely · Changli Gao <hidden> · 2010-06-02
Re: [PATCH] cls_u32: use skb_copy_bits() to dereference data safely · David Miller <davem@davemloft.net> · 2010-06-02
Re: [PATCH] cls_u32: use skb_copy_bits() to dereference data safely · jamal <hidden> · 2010-06-02
Re: [PATCH] cls_u32: use skb_copy_bits() to dereference data safely · David Miller <davem@davemloft.net> · 2010-06-02
Re: [PATCH] cls_u32: use skb_copy_bits() to dereference data safely · jamal <hidden> · 2010-06-02
Re: [PATCH] cls_u32: use skb_copy_bits() to dereference data safely · Changli Gao <hidden> · 2010-06-02
Re: [PATCH] cls_u32: use skb_copy_bits() to dereference data safely · jamal <hidden> · 2010-06-02
Re: [PATCH] cls_u32: use skb_copy_bits() to dereference data safely · David Miller <davem@davemloft.net> · 2010-06-02
Re: [PATCH] cls_u32: use skb_copy_bits() to dereference data safely · Changli Gao <hidden> · 2010-06-02

From: jamal <hidden>
Date: 2010-06-02 12:25:53
Subsystem: networking [general], tc subsystem, the rest · Maintainers: "David S. Miller", Eric Dumazet, Jakub Kicinski, Paolo Abeni, Jamal Hadi Salim, Jiri Pirko, Linus Torvalds

On Wed, 2010-06-02 at 08:21 -0400, jamal wrote:

Can we make the fix very simple please? i.e no copy bits, this is the
fast path.

Example, something along lines of:

---

diff --git a/net/sched/cls_u32.c b/net/sched/cls_u32.c
index 9627542..dde7a23 100644
--- a/net/sched/cls_u32.c
+++ b/net/sched/cls_u32.c

@@ -135,6 +135,9 @@ next_knode:
 
 for (i = n->sel.nkeys; i>0; i--, key++) {
 
+        int toff = key->off+(off2&key->offmask)- 4;
+        if (unlikely(toff > skb->len))
+              /* bailout here - needs some thought */
         if ((*(__be32*)(ptr+key->off+(off2&key->offmask))^key->v
             n = n->next;
             goto next_knode;
----

cheers,
jamal

`h`	back out one level
`j`	next message in thread
`k`	previous message in thread
`l`	drill in
`Esc`	close help / fold thread tree
`?`	toggle this help