From mboxrd@z Thu Jan  1 00:00:00 1970
From: Cong Wang <xiyou.wangcong@gmail.com>
Subject: Re: [Patch net] mlx5: check for malformed packets
Date: Tue, 4 Dec 2018 12:23:48 -0800
Message-ID: <CAM_iQpViiE4LeNEfVjS2vHpz3hjDbpwBiCdGsi7k6m3JysiaCQ@mail.gmail.com>
References: <20181201203837.3306-1-xiyou.wangcong@gmail.com>
Mime-Version: 1.0
Content-Type: text/plain; charset="UTF-8"
Cc: Tariq Toukan <tariqt@mellanox.com>,
        Saeed Mahameed <saeedm@mellanox.com>
To: Linux Kernel Network Developers <netdev@vger.kernel.org>
Return-path: <netdev-owner@vger.kernel.org>
Received: from mail-pf1-f174.google.com ([209.85.210.174]:39503 "EHLO
        mail-pf1-f174.google.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org
        with ESMTP id S1725882AbeLDUYB (ORCPT
        <rfc822;netdev@vger.kernel.org>); Tue, 4 Dec 2018 15:24:01 -0500
Received: by mail-pf1-f174.google.com with SMTP id c72so8776041pfc.6
        for <netdev@vger.kernel.org>; Tue, 04 Dec 2018 12:24:00 -0800 (PST)
In-Reply-To: <20181201203837.3306-1-xiyou.wangcong@gmail.com>
Sender: netdev-owner@vger.kernel.org
List-ID: <netdev.vger.kernel.org>

On Sat, Dec 1, 2018 at 12:38 PM Cong Wang <xiyou.wangcong@gmail.com> wrote:
>
> is_last_ethertype_ip() is used to check IP/IPv6 protocol before
> parsing IP/IPv6 headers.
>
> But __vlan_get_protocol() is only bound to skb->len, a malicious
> packet could exhaust all skb->len by inserting sufficient ETH_P_8021AD
> headers, and it may not even contain an IP/IPv6 header at all, so we
> have to check if we are still safe to continue to parse IP/IPv6 header.
> If not, treat it as non-IP packet.
>
> This should not cause any crash as we stil have tail room in skb,
> but we can't just rely on it either.
>
> Cc: Tariq Toukan <tariqt@mellanox.com>
> Cc: Saeed Mahameed <saeedm@mellanox.com>
> Signed-off-by: Cong Wang <xiyou.wangcong@gmail.com>

NAcked-by: Cong Wang <xiyou.wangcong@gmail.com>

This patch has no value for upstream. Let's discard it.

Thanks!