[PATCH] flow disector: check if arp_eth is null rather than arp

linux-kernel.vger.kernel.org archive mirror
 help / color / mirror / Atom feed

* [PATCH] flow disector: check if arp_eth is null rather than arp
@ 2017-01-13 13:34 Colin King
  2017-01-13 18:24 ` Eric Dumazet
  0 siblings, 1 reply; 4+ messages in thread
From: Colin King @ 2017-01-13 13:34 UTC (permalink / raw)
  To: David S . Miller, Alexander Duyck, Jiri Pirko, Tom Herbert,
	Eric Dumazet, Simon Horman, Hadar Hen Zion, Gao Feng, Amir Vadai,
	netdev
  Cc: linux-kernel

From: Colin Ian King <colin.king@canonical.com>

arp is being checked instead of arp_eth to see if the call to
__skb_header_pointer failed. Fix this by checking arp_eth is
null instead of arp.

CoverityScan CID#1396428 ("Logically dead code") on 2nd
arp comparison (which should be arp_eth instead).

Fixes: commit 55733350e5e8b70c5 ("flow disector: ARP support")
Signed-off-by: Colin Ian King <colin.king@canonical.com>
---
 net/core/flow_dissector.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/net/core/flow_dissector.c b/net/core/flow_dissector.c
index e3dffc7..fec48e9 100644
--- a/net/core/flow_dissector.c
+++ b/net/core/flow_dissector.c
@@ -409,7 +409,7 @@ bool __skb_flow_dissect(const struct sk_buff *skb,
 					       sizeof(_arp_eth), data,
 					       hlen - sizeof(_arp),
 					       &_arp_eth);
-		if (!arp)
+		if (!arp_eth)
 			goto out_bad;
 
 		if (dissector_uses_key(flow_dissector,
-- 
2.10.2

^ permalink raw reply related	[flat|nested] 4+ messages in thread

* Re: [PATCH] flow disector: check if arp_eth is null rather than arp
  2017-01-13 13:34 [PATCH] flow disector: check if arp_eth is null rather than arp Colin King
@ 2017-01-13 18:24 ` Eric Dumazet
  2017-01-13 18:25   ` Colin Ian King
  0 siblings, 1 reply; 4+ messages in thread
From: Eric Dumazet @ 2017-01-13 18:24 UTC (permalink / raw)
  To: Colin King
  Cc: David S . Miller, Alexander Duyck, Jiri Pirko, Tom Herbert,
	Eric Dumazet, Simon Horman, Hadar Hen Zion, Gao Feng, Amir Vadai,
	netdev, linux-kernel

On Fri, 2017-01-13 at 13:34 +0000, Colin King wrote:
> From: Colin Ian King <colin.king@canonical.com>
> 
> arp is being checked instead of arp_eth to see if the call to
> __skb_header_pointer failed. Fix this by checking arp_eth is
> null instead of arp.
> 
> CoverityScan CID#1396428 ("Logically dead code") on 2nd
> arp comparison (which should be arp_eth instead).
> 
> Fixes: commit 55733350e5e8b70c5 ("flow disector: ARP support")
> Signed-off-by: Colin Ian King <colin.king@canonical.com>
> ---
>  net/core/flow_dissector.c | 2 +-
>  1 file changed, 1 insertion(+), 1 deletion(-)
> 
> diff --git a/net/core/flow_dissector.c b/net/core/flow_dissector.c
> index e3dffc7..fec48e9 100644
> --- a/net/core/flow_dissector.c
> +++ b/net/core/flow_dissector.c
> @@ -409,7 +409,7 @@ bool __skb_flow_dissect(const struct sk_buff *skb,
>  					       sizeof(_arp_eth), data,
>  					       hlen - sizeof(_arp),
>  					       &_arp_eth);
> -		if (!arp)
> +		if (!arp_eth)
>  			goto out_bad;
>  
>  		if (dissector_uses_key(flow_dissector,

It looks that we try very hard to add critical bugs in flow dissector.

This is embarrassing really.

I am questioning if the __skb_header_pointer() is correct

Why using hlen - sizeof(_arp) ?

               arp_eth = __skb_header_pointer(skb, nhoff + sizeof(_arp),
                                              sizeof(_arp_eth), data,
                                              hlen - sizeof(_arp),
                                              &_arp_eth);

^ permalink raw reply	[flat|nested] 4+ messages in thread

* Re: [PATCH] flow disector: check if arp_eth is null rather than arp
  2017-01-13 18:24 ` Eric Dumazet
@ 2017-01-13 18:25   ` Colin Ian King
  2017-01-13 18:36     ` Eric Dumazet
  0 siblings, 1 reply; 4+ messages in thread
From: Colin Ian King @ 2017-01-13 18:25 UTC (permalink / raw)
  To: Eric Dumazet
  Cc: David S . Miller, Alexander Duyck, Jiri Pirko, Tom Herbert,
	Eric Dumazet, Simon Horman, Hadar Hen Zion, Gao Feng, Amir Vadai,
	netdev, linux-kernel

On 13/01/17 18:24, Eric Dumazet wrote:
> On Fri, 2017-01-13 at 13:34 +0000, Colin King wrote:
>> From: Colin Ian King <colin.king@canonical.com>
>>
>> arp is being checked instead of arp_eth to see if the call to
>> __skb_header_pointer failed. Fix this by checking arp_eth is
>> null instead of arp.
>>
>> CoverityScan CID#1396428 ("Logically dead code") on 2nd
>> arp comparison (which should be arp_eth instead).
>>
>> Fixes: commit 55733350e5e8b70c5 ("flow disector: ARP support")
>> Signed-off-by: Colin Ian King <colin.king@canonical.com>
>> ---
>>  net/core/flow_dissector.c | 2 +-
>>  1 file changed, 1 insertion(+), 1 deletion(-)
>>
>> diff --git a/net/core/flow_dissector.c b/net/core/flow_dissector.c
>> index e3dffc7..fec48e9 100644
>> --- a/net/core/flow_dissector.c
>> +++ b/net/core/flow_dissector.c
>> @@ -409,7 +409,7 @@ bool __skb_flow_dissect(const struct sk_buff *skb,
>>  					       sizeof(_arp_eth), data,
>>  					       hlen - sizeof(_arp),
>>  					       &_arp_eth);
>> -		if (!arp)
>> +		if (!arp_eth)
>>  			goto out_bad;
>>  
>>  		if (dissector_uses_key(flow_dissector,
> 
> It looks that we try very hard to add critical bugs in flow dissector.
> 
> This is embarrassing really.
> 
> I am questioning if the __skb_header_pointer() is correct
> 
> Why using hlen - sizeof(_arp) ?
> 
>                arp_eth = __skb_header_pointer(skb, nhoff + sizeof(_arp),
>                                               sizeof(_arp_eth), data,
>                                               hlen - sizeof(_arp),
>                                               &_arp_eth);
> 

Yep, the sizeof maybe dubious too, I overlooked that one; if somebody
can clarify that then I'll send a V2 if it needs fixing up too.

Colin

^ permalink raw reply	[flat|nested] 4+ messages in thread

* Re: [PATCH] flow disector: check if arp_eth is null rather than arp
  2017-01-13 18:25   ` Colin Ian King
@ 2017-01-13 18:36     ` Eric Dumazet
  0 siblings, 0 replies; 4+ messages in thread
From: Eric Dumazet @ 2017-01-13 18:36 UTC (permalink / raw)
  To: Colin Ian King
  Cc: David S . Miller, Alexander Duyck, Jiri Pirko, Tom Herbert,
	Eric Dumazet, Simon Horman, Hadar Hen Zion, Gao Feng, Amir Vadai,
	netdev, linux-kernel

On Fri, 2017-01-13 at 18:25 +0000, Colin Ian King wrote:
> On 13/01/17 18:24, Eric Dumazet wrote:

> > It looks that we try very hard to add critical bugs in flow dissector.
> > 
> > This is embarrassing really.
> > 
> > I am questioning if the __skb_header_pointer() is correct
> > 
> > Why using hlen - sizeof(_arp) ?
> > 
> >                arp_eth = __skb_header_pointer(skb, nhoff + sizeof(_arp),
> >                                               sizeof(_arp_eth), data,
> >                                               hlen - sizeof(_arp),
> >                                               &_arp_eth);
> > 
> 
> Yep, the sizeof maybe dubious too, I overlooked that one; if somebody
> can clarify that then I'll send a V2 if it needs fixing up too.

I am pretty sure we should use hlen instead of (hlen - sizeof(_arp))

A V2 would be nice ;)

^ permalink raw reply	[flat|nested] 4+ messages in thread

end of thread, other threads:[~2017-01-13 18:36 UTC | newest]

Thread overview: 4+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2017-01-13 13:34 [PATCH] flow disector: check if arp_eth is null rather than arp Colin King
2017-01-13 18:24 ` Eric Dumazet
2017-01-13 18:25   ` Colin Ian King
2017-01-13 18:36     ` Eric Dumazet

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).