From mboxrd@z Thu Jan  1 00:00:00 1970
Return-Path: <SRS0=wmAu=BJ=lists.infradead.org=linux-arm-kernel-bounces+linux-arm-kernel=archiver.kernel.org@kernel.org>
X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on
	aws-us-west-2-korg-lkml-1.web.codeaurora.org
X-Spam-Level: 
X-Spam-Status: No, score=-13.0 required=3.0 tests=BAYES_00,DKIMWL_WL_HIGH,
	DKIM_SIGNED,DKIM_VALID,HEADER_FROM_DIFFERENT_DOMAINS,INCLUDES_PATCH,
	MAILING_LIST_MULTI,SIGNED_OFF_BY,SPF_HELO_NONE,SPF_PASS,URIBL_BLOCKED,
	USER_AGENT_GIT autolearn=ham autolearn_force=no version=3.4.0
Received: from mail.kernel.org (mail.kernel.org [198.145.29.99])
	by smtp.lore.kernel.org (Postfix) with ESMTP id 3B0A0C433DF
	for <linux-arm-kernel@archiver.kernel.org>; Thu, 30 Jul 2020 11:31:00 +0000 (UTC)
Received: from merlin.infradead.org (merlin.infradead.org [205.233.59.134])
	(using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
	(No client certificate requested)
	by mail.kernel.org (Postfix) with ESMTPS id 088572074B
	for <linux-arm-kernel@archiver.kernel.org>; Thu, 30 Jul 2020 11:31:00 +0000 (UTC)
Authentication-Results: mail.kernel.org;
	dkim=pass (2048-bit key) header.d=lists.infradead.org header.i=@lists.infradead.org header.b="VZLfPg5g"
DMARC-Filter: OpenDMARC Filter v1.3.2 mail.kernel.org 088572074B
Authentication-Results: mail.kernel.org; dmarc=none (p=none dis=none) header.from=huawei.com
Authentication-Results: mail.kernel.org; spf=none smtp.mailfrom=linux-arm-kernel-bounces+linux-arm-kernel=archiver.kernel.org@lists.infradead.org
DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed;
	d=lists.infradead.org; s=merlin.20170209; h=Sender:Content-Transfer-Encoding:
	Content-Type:Cc:List-Subscribe:List-Help:List-Post:List-Archive:
	List-Unsubscribe:List-Id:MIME-Version:Message-ID:Date:Subject:To:From:
	Reply-To:Content-ID:Content-Description:Resent-Date:Resent-From:Resent-Sender
	:Resent-To:Resent-Cc:Resent-Message-ID:In-Reply-To:References:List-Owner;
	bh=rlfbt9qXpZgg5kY5/cHh1jzn1uyNKnb4Ri0YBoay+M4=; b=VZLfPg5gCUScjW97YqqXqqiQ0o
	Aky1iE6Rn8lJZkAsstH/fqTJVCzQitjrmjP2e7jzTAwCzze8uOc4lWysnCPlmxzURM+vofYjQ7qwZ
	cbgaoWUoIMu4NsFE9Uf55N2Zx0Ri6DwxlQr0lA/ShiXMlWHSf6/p0MI5nyhQYLcNXuakJY4x977ee
	s1Wi6H3IcfaPRojiZ7fzMYr8LKRaJ4wDmvlNDU14+JvlLgWXY2aVaD92z5xb3P2SXV8AQcNPZgSIJ
	qevkmR80TCfSjOt0FEK+ROWo2VnUqjW9+63thbwnyCnzFZWt4uokYWv/AwG9cInOBTArXuLREmd1s
	d3B02FLQ==;
Received: from localhost ([::1] helo=merlin.infradead.org)
	by merlin.infradead.org with esmtp (Exim 4.92.3 #3 (Red Hat Linux))
	id 1k16kZ-0004S2-CH; Thu, 30 Jul 2020 11:29:27 +0000
Received: from szxga07-in.huawei.com ([45.249.212.35] helo=huawei.com)
 by merlin.infradead.org with esmtps (Exim 4.92.3 #3 (Red Hat Linux))
 id 1k16kV-0004Po-Ra
 for linux-arm-kernel@lists.infradead.org; Thu, 30 Jul 2020 11:29:25 +0000
Received: from DGGEMS411-HUB.china.huawei.com (unknown [172.30.72.58])
 by Forcepoint Email with ESMTP id 5F8CA628005B579B79C8;
 Thu, 30 Jul 2020 19:29:15 +0800 (CST)
Received: from huawei.com (10.179.179.12) by DGGEMS411-HUB.china.huawei.com
 (10.3.19.211) with Microsoft SMTP Server id 14.3.487.0; Thu, 30 Jul 2020
 19:29:09 +0800
From: guodeqing <geffrey.guo@huawei.com>
To: <catalin.marinas@arm.com>
Subject: [PATCH,v3] arm64: fix the illegal address access in some cases
Date: Thu, 30 Jul 2020 19:24:06 +0800
Message-ID: <1596108246-110579-1-git-send-email-geffrey.guo@huawei.com>
X-Mailer: git-send-email 2.7.4
MIME-Version: 1.0
X-Originating-IP: [10.179.179.12]
X-CFilter-Loop: Reflected
X-CRM114-Version: 20100106-BlameMichelson ( TRE 0.8.0 (BSD) ) MR-646709E3 
X-CRM114-CacheID: sfid-20200730_072924_155697_28AFAF10 
X-CRM114-Status: GOOD (  10.69  )
X-BeenThere: linux-arm-kernel@lists.infradead.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: <linux-arm-kernel.lists.infradead.org>
List-Unsubscribe: <http://lists.infradead.org/mailman/options/linux-arm-kernel>, 
 <mailto:linux-arm-kernel-request@lists.infradead.org?subject=unsubscribe>
List-Archive: <http://lists.infradead.org/pipermail/linux-arm-kernel/>
List-Post: <mailto:linux-arm-kernel@lists.infradead.org>
List-Help: <mailto:linux-arm-kernel-request@lists.infradead.org?subject=help>
List-Subscribe: <http://lists.infradead.org/mailman/listinfo/linux-arm-kernel>, 
 <mailto:linux-arm-kernel-request@lists.infradead.org?subject=subscribe>
Cc: robin.murphy@arm.com, luke.starrett@broadcom.com, will@kernel.org,
 linux-arm-kernel@lists.infradead.org, geffrey.guo@huawei.com
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
Sender: "linux-arm-kernel" <linux-arm-kernel-bounces@lists.infradead.org>
Errors-To: linux-arm-kernel-bounces+linux-arm-kernel=archiver.kernel.org@lists.infradead.org

If do the following test in the arm64 VM, a panic will be produced.
$ ifconfig eth0 up
$ ip netns add ns1
$ ip link add gw link eth0 type ipvlan
$ ip addr add 168.16.0.1/24 dev gw
$ ip link set dev gw up
$ ip link add ip1 link eth0 type ipvlan
$ ip link set ip1 netns ns1
$ ip netns exec ns1 ip link set ip1 up
$ ip netns exec ns1 ip addr add 168.16.0.2/24 dev ip1
$ ip netns exec ns1 ip link set lo up
$ ip netns exec ns1 ip addr add 127.0.0.1/8 dev lo
$ ip netns exec ns1 tc qdisc add dev ip1 root netem corrupt 100%
$ ip netns exec ns1 ping 168.16.0.1

 | Unable to handle kernel paging request at virtual address 
 | Internal error: Oops: 96000007 [#1] SMP
 | CPU: 1 PID: 525 Comm: ping Not tainted 5.8.0-rc6+ #3
 | pstate: 20400005 (nzCv daif +PAN -UAO BTYPE=--)
 | pc : __ip_local_out+0x84/0x188
 | lr : ip_local_out+0x34/0x68 sp : ffff800013263440
 | x29: ffff800013263440 x28: 0000000000000001
 | x27: ffff8000111d2018 x26: ffff8000114cba80
 | x25: ffff0000ec4e7400 x24: 0000000000000000
 | x23: 0000000000000062 x22: ffff8000114c9000
 | x21: ffff0000d97ac600 x20: ffff0000ec519000
 | x19: ffff8000115b5bc0 x18: 0000000000000000
 | x17: 0000000000000000 x16: 0000000000000000
 | x15: 0000000000000000 x14: 0000000000000000
 | x13: 0000000000000000 x12: 0000000000000001
 | x11: ffff800010d21838 x10: 0000000000000001
 | x9 : 0000000000000001 x8 : 0000000000000000
 | x7 : 0000000000000000 x6 : ffff0000ec4e5e00
 | x5 : 024079ca54000184 x4 : ffff0000ec4e5e10
 | x3 : 0000000000000000 x2 : ffff0004ec4e5e20
 | x1 : ffff0000f85f0000 x0 : 031d079626a9c7ae
 | Call trace:
 |  __ip_local_out+0x84/0x188
 |  ip_local_out+0x34/0x68
 |  ipvlan_queue_xmit+0x548/0x5c0
 |  ipvlan_start_xmit+0x2c/0x90
 |  dev_hard_start_xmit+0xb4/0x260
 |  sch_direct_xmit+0x1b4/0x550
 |  __qdisc_run+0x140/0x648
 |  __dev_queue_xmit+0x6a4/0x8b8
 |  dev_queue_xmit+0x24/0x30
 |  ip_finish_output2+0x324/0x580
 |  __ip_finish_output+0x130/0x218
 |  ip_finish_output+0x38/0xd0
 |  ip_output+0xb4/0x130

Here I add the check of the ihl value to fix the problem.

Fixes: 0e455d8e80aa (arm64: Implement optimised IP checksum helpers)
Signed-off-by: guodeqing <geffrey.guo@huawei.com>
---
 arch/arm64/include/asm/checksum.h | 3 +++
 1 file changed, 3 insertions(+)

diff --git a/arch/arm64/include/asm/checksum.h b/arch/arm64/include/asm/checksum.h
index b6f7bc6..702ac89 100644
--- a/arch/arm64/include/asm/checksum.h
+++ b/arch/arm64/include/asm/checksum.h
@@ -25,6 +25,9 @@ static inline __sum16 ip_fast_csum(const void *iph, unsigned int ihl)
 	__uint128_t tmp;
 	u64 sum;
 
+	if (WARN_ON_ONCE(ihl < 5))
+		ihl = 5;
+
 	tmp = *(const __uint128_t *)iph;
 	iph += 16;
 	ihl -= 4;
-- 
2.7.4


_______________________________________________
linux-arm-kernel mailing list
linux-arm-kernel@lists.infradead.org
http://lists.infradead.org/mailman/listinfo/linux-arm-kernel