From: Catalin Marinas <catalin.marinas@arm.com>
To: guodeqing <geffrey.guo@huawei.com>
Cc: will@kernel.org, luke.starrett@broadcom.com,
robin.murphy@arm.com, linux-arm-kernel@lists.infradead.org
Subject: Re: [PATCH,v2] arm64: fix the illegal address access in some cases
Date: Mon, 27 Jul 2020 12:47:10 +0100 [thread overview]
Message-ID: <20200727114710.GD25400@gaia> (raw)
In-Reply-To: <1595642886-78334-1-git-send-email-geffrey.guo@huawei.com>
On Sat, Jul 25, 2020 at 10:08:06AM +0800, guodeqing wrote:
> The ihl value of ip header is smaller than 5 in some cases, if the
> ihl value is smaller than 5, then the next code will access the illegal
> address, and the system will panic. ip_fast_csum() must be able to handle
> any value that could fit in the ihl field of the ip protocol header.
>
> Here I add the check of the ihl value to solve this problem.
>
> Fixes: 0e455d8e80aa (arm64: Implement optimised IP checksum helpers)
> Signed-off-by: guodeqing <geffrey.guo@huawei.com>
> ---
> arch/arm64/include/asm/checksum.h | 3 +++
> 1 file changed, 3 insertions(+)
>
> diff --git a/arch/arm64/include/asm/checksum.h b/arch/arm64/include/asm/checksum.h
> index b6f7bc6..5a7d9ac 100644
> --- a/arch/arm64/include/asm/checksum.h
> +++ b/arch/arm64/include/asm/checksum.h
> @@ -25,6 +25,9 @@ static inline __sum16 ip_fast_csum(const void *iph, unsigned int ihl)
> __uint128_t tmp;
> u64 sum;
>
> + if (unlikely(ihl < 5))
> + return 1;
> +
> tmp = *(const __uint128_t *)iph;
> iph += 16;
> ihl -= 4;
IHL in IPv4 should be at least 5. Do you have a stack trace to show how
it got here? Maybe the caller should ensure that the correct size is
passed.
Thanks.
--
Catalin
_______________________________________________
linux-arm-kernel mailing list
linux-arm-kernel@lists.infradead.org
http://lists.infradead.org/mailman/listinfo/linux-arm-kernel
next prev parent reply other threads:[~2020-07-27 11:48 UTC|newest]
Thread overview: 13+ messages / expand[flat|nested] mbox.gz Atom feed top
2020-07-25 2:08 [PATCH,v2] arm64: fix the illegal address access in some cases guodeqing
2020-07-27 11:47 ` Catalin Marinas [this message]
2020-07-27 13:29 ` 答复: " Guodeqing (A)
2020-07-28 9:53 ` Catalin Marinas
2020-07-28 13:03 ` Will Deacon
2020-07-28 14:30 ` Robin Murphy
2020-07-28 15:35 ` Will Deacon
2020-07-29 7:05 ` 答复: " Guodeqing (A)
2020-07-30 8:44 ` Will Deacon
2020-07-30 9:56 ` Robin Murphy
2020-07-30 16:03 ` Will Deacon
2020-07-31 3:04 ` 答复: " Guodeqing (A)
2020-07-30 10:49 ` Guodeqing (A)
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20200727114710.GD25400@gaia \
--to=catalin.marinas@arm.com \
--cc=geffrey.guo@huawei.com \
--cc=linux-arm-kernel@lists.infradead.org \
--cc=luke.starrett@broadcom.com \
--cc=robin.murphy@arm.com \
--cc=will@kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.