* [PATCH v2] net: qrtr: fix len of skb_put_padto in qrtr_node_enqueue
@ 2020-01-03 4:50 Wen Gong
2020-01-05 22:47 ` David Miller
0 siblings, 1 reply; 8+ messages in thread
From: Wen Gong @ 2020-01-03 4:50 UTC (permalink / raw)
To: davem; +Cc: netdev, linux-kernel, ath11k
From: Carl Huang <cjhuang@codeaurora.org>
The len used for skb_put_padto is wrong, it need to add len of hdr.
In qrtr_node_enqueue, local variable size_t len is assign with
skb->len, then skb_push(skb, sizeof(*hdr)) will add skb->len with
sizeof(*hdr), so local variable size_t len is not same with skb->len
after skb_push(skb, sizeof(*hdr)).
Then the purpose of skb_put_padto(skb, ALIGN(len, 4)) is to add add
pad to the end of the skb's data if skb->len is not aligned to 4, but
unfortunately it use len instead of skb->len, at this line, skb->len
is 32 bytes(sizeof(*hdr)) more than len, for example, len is 3 bytes,
then skb->len is 35 bytes(3 + 32), and ALIGN(len, 4) is 4 bytes, so
__skb_put_padto will do nothing after check size(35) < len(4), the
correct value should be 36(sizeof(*hdr) + ALIGN(len, 4) = 32 + 4),
then __skb_put_padto will pass check size(35) < len(36) and add 1 byte
to the end of skb's data, then logic is correct.
function of skb_push:
void *skb_push(struct sk_buff *skb, unsigned int len)
{
skb->data -= len;
skb->len += len;
if (unlikely(skb->data < skb->head))
skb_under_panic(skb, len, __builtin_return_address(0));
return skb->data;
}
function of skb_put_padto
static inline int skb_put_padto(struct sk_buff *skb, unsigned int len)
{
return __skb_put_padto(skb, len, true);
}
function of __skb_put_padto
static inline int __skb_put_padto(struct sk_buff *skb, unsigned int len,
bool free_on_error)
{
unsigned int size = skb->len;
if (unlikely(size < len)) {
len -= size;
if (__skb_pad(skb, len, free_on_error))
return -ENOMEM;
__skb_put(skb, len);
}
return 0;
}
Signed-off-by: Carl Huang <cjhuang@codeaurora.org>
Signed-off-by: Wen Gong <wgong@codeaurora.org>
---
v2: change description
net/qrtr/qrtr.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/net/qrtr/qrtr.c b/net/qrtr/qrtr.c
index 88f98f27ad88..3d24d45be5f4 100644
--- a/net/qrtr/qrtr.c
+++ b/net/qrtr/qrtr.c
@@ -196,7 +196,7 @@ static int qrtr_node_enqueue(struct qrtr_node *node, struct sk_buff *skb,
hdr->size = cpu_to_le32(len);
hdr->confirm_rx = 0;
- skb_put_padto(skb, ALIGN(len, 4));
+ skb_put_padto(skb, ALIGN(len, 4) + sizeof(*hdr));
mutex_lock(&node->ep_lock);
if (node->ep)
--
2.23.0
^ permalink raw reply related [flat|nested] 8+ messages in thread
* Re: [PATCH v2] net: qrtr: fix len of skb_put_padto in qrtr_node_enqueue
2020-01-03 4:50 [PATCH v2] net: qrtr: fix len of skb_put_padto in qrtr_node_enqueue Wen Gong
@ 2020-01-05 22:47 ` David Miller
2020-01-06 2:04 ` Wen Gong
2020-02-25 22:52 ` Doug Anderson
0 siblings, 2 replies; 8+ messages in thread
From: David Miller @ 2020-01-05 22:47 UTC (permalink / raw)
To: wgong; +Cc: netdev, linux-kernel, ath11k
From: Wen Gong <wgong@codeaurora.org>
Date: Fri, 3 Jan 2020 12:50:16 +0800
> The len used for skb_put_padto is wrong, it need to add len of hdr.
Thanks, applied.
There is another bug here, skb_put_padto() returns an error and frees
the SKB when the put fails. There really needs to be a check here,
because currently the code right now will keep using the freed up
skb in that situation.
Thanks.
^ permalink raw reply [flat|nested] 8+ messages in thread
* Re: [PATCH v2] net: qrtr: fix len of skb_put_padto in qrtr_node_enqueue
2020-01-05 22:47 ` David Miller
@ 2020-01-06 2:04 ` Wen Gong
2020-02-25 22:52 ` Doug Anderson
1 sibling, 0 replies; 8+ messages in thread
From: Wen Gong @ 2020-01-06 2:04 UTC (permalink / raw)
To: David Miller; +Cc: netdev, linux-kernel, ath11k
On 2020-01-06 06:47, David Miller wrote:
> From: Wen Gong <wgong@codeaurora.org>
> Date: Fri, 3 Jan 2020 12:50:16 +0800
>
>> The len used for skb_put_padto is wrong, it need to add len of hdr.
>
> Thanks, applied.
>
> There is another bug here, skb_put_padto() returns an error and frees
> the SKB when the put fails. There really needs to be a check here,
> because currently the code right now will keep using the freed up
> skb in that situation.
>
Thanks David.
Yes, __skb_put_padto will return -ENOMEM if __skb_pad fail.
I think it can return the same error immediately and do not do the next
steps in qrtr_node_enqueue.
> Thanks.
^ permalink raw reply [flat|nested] 8+ messages in thread
* Re: [PATCH v2] net: qrtr: fix len of skb_put_padto in qrtr_node_enqueue
2020-01-05 22:47 ` David Miller
2020-01-06 2:04 ` Wen Gong
@ 2020-02-25 22:52 ` Doug Anderson
2020-02-27 4:28 ` David Miller
2020-03-17 10:26 ` Greg KH
1 sibling, 2 replies; 8+ messages in thread
From: Doug Anderson @ 2020-02-25 22:52 UTC (permalink / raw)
To: stable; +Cc: Wen Gong, netdev, LKML, ath11k, David Miller
Hi,
On Sun, Jan 5, 2020 at 2:47 PM David Miller <davem@davemloft.net> wrote:
>
> From: Wen Gong <wgong@codeaurora.org>
> Date: Fri, 3 Jan 2020 12:50:16 +0800
>
> > The len used for skb_put_padto is wrong, it need to add len of hdr.
>
> Thanks, applied.
I noticed this patch is in mainline now as:
ce57785bf91b net: qrtr: fix len of skb_put_padto in qrtr_node_enqueue
Though I'm not an expert on the code, it feels like a stable candidate
unless someone objects.
-Doug
^ permalink raw reply [flat|nested] 8+ messages in thread
* Re: [PATCH v2] net: qrtr: fix len of skb_put_padto in qrtr_node_enqueue
2020-02-25 22:52 ` Doug Anderson
@ 2020-02-27 4:28 ` David Miller
2020-03-17 10:26 ` Greg KH
1 sibling, 0 replies; 8+ messages in thread
From: David Miller @ 2020-02-27 4:28 UTC (permalink / raw)
To: dianders; +Cc: stable, wgong, netdev, linux-kernel, ath11k
From: Doug Anderson <dianders@chromium.org>
Date: Tue, 25 Feb 2020 14:52:24 -0800
> I noticed this patch is in mainline now as:
>
> ce57785bf91b net: qrtr: fix len of skb_put_padto in qrtr_node_enqueue
>
> Though I'm not an expert on the code, it feels like a stable candidate
> unless someone objects.
Ok, queued up, thanks.
^ permalink raw reply [flat|nested] 8+ messages in thread
* Re: [PATCH v2] net: qrtr: fix len of skb_put_padto in qrtr_node_enqueue
2020-02-25 22:52 ` Doug Anderson
2020-02-27 4:28 ` David Miller
@ 2020-03-17 10:26 ` Greg KH
2020-03-17 15:45 ` Doug Anderson
1 sibling, 1 reply; 8+ messages in thread
From: Greg KH @ 2020-03-17 10:26 UTC (permalink / raw)
To: Doug Anderson; +Cc: stable, Wen Gong, netdev, LKML, ath11k, David Miller
On Tue, Feb 25, 2020 at 02:52:24PM -0800, Doug Anderson wrote:
> Hi,
>
>
> On Sun, Jan 5, 2020 at 2:47 PM David Miller <davem@davemloft.net> wrote:
> >
> > From: Wen Gong <wgong@codeaurora.org>
> > Date: Fri, 3 Jan 2020 12:50:16 +0800
> >
> > > The len used for skb_put_padto is wrong, it need to add len of hdr.
> >
> > Thanks, applied.
>
> I noticed this patch is in mainline now as:
>
> ce57785bf91b net: qrtr: fix len of skb_put_padto in qrtr_node_enqueue
>
> Though I'm not an expert on the code, it feels like a stable candidate
> unless someone objects.
Stable candidate for what tree(s)?
thanks,
greg k-h
^ permalink raw reply [flat|nested] 8+ messages in thread
* Re: [PATCH v2] net: qrtr: fix len of skb_put_padto in qrtr_node_enqueue
2020-03-17 10:26 ` Greg KH
@ 2020-03-17 15:45 ` Doug Anderson
2020-03-19 7:46 ` Greg KH
0 siblings, 1 reply; 8+ messages in thread
From: Doug Anderson @ 2020-03-17 15:45 UTC (permalink / raw)
To: Greg KH; +Cc: stable, Wen Gong, netdev, LKML, ath11k, David Miller
Hi,
On Tue, Mar 17, 2020 at 3:26 AM Greg KH <greg@kroah.com> wrote:
>
> On Tue, Feb 25, 2020 at 02:52:24PM -0800, Doug Anderson wrote:
> > Hi,
> >
> >
> > On Sun, Jan 5, 2020 at 2:47 PM David Miller <davem@davemloft.net> wrote:
> > >
> > > From: Wen Gong <wgong@codeaurora.org>
> > > Date: Fri, 3 Jan 2020 12:50:16 +0800
> > >
> > > > The len used for skb_put_padto is wrong, it need to add len of hdr.
> > >
> > > Thanks, applied.
> >
> > I noticed this patch is in mainline now as:
> >
> > ce57785bf91b net: qrtr: fix len of skb_put_padto in qrtr_node_enqueue
> >
> > Though I'm not an expert on the code, it feels like a stable candidate
> > unless someone objects.
>
> Stable candidate for what tree(s)?
I noticed that it was lacking and applied cleanly on 5.4. As of
5.4.25 it's still not stable there. I only noticed it because I was
comparing all the patches in mainline in "net/qrtr" with what we had
in our tree and stumbled upon this one.
Looking at it a little more carefully, I guess you could say:
Fixes: e7044482c8ac ("net: qrtr: Pass source and destination to
enqueue functions")
...though it will be trickier to apply past commit 194ccc88297a ("net:
qrtr: Support decoding incoming v2 packets") just because the math
changed.
-Doug
^ permalink raw reply [flat|nested] 8+ messages in thread
* Re: [PATCH v2] net: qrtr: fix len of skb_put_padto in qrtr_node_enqueue
2020-03-17 15:45 ` Doug Anderson
@ 2020-03-19 7:46 ` Greg KH
0 siblings, 0 replies; 8+ messages in thread
From: Greg KH @ 2020-03-19 7:46 UTC (permalink / raw)
To: Doug Anderson; +Cc: stable, Wen Gong, netdev, LKML, ath11k, David Miller
On Tue, Mar 17, 2020 at 08:45:09AM -0700, Doug Anderson wrote:
> Hi,
>
> On Tue, Mar 17, 2020 at 3:26 AM Greg KH <greg@kroah.com> wrote:
> >
> > On Tue, Feb 25, 2020 at 02:52:24PM -0800, Doug Anderson wrote:
> > > Hi,
> > >
> > >
> > > On Sun, Jan 5, 2020 at 2:47 PM David Miller <davem@davemloft.net> wrote:
> > > >
> > > > From: Wen Gong <wgong@codeaurora.org>
> > > > Date: Fri, 3 Jan 2020 12:50:16 +0800
> > > >
> > > > > The len used for skb_put_padto is wrong, it need to add len of hdr.
> > > >
> > > > Thanks, applied.
> > >
> > > I noticed this patch is in mainline now as:
> > >
> > > ce57785bf91b net: qrtr: fix len of skb_put_padto in qrtr_node_enqueue
> > >
> > > Though I'm not an expert on the code, it feels like a stable candidate
> > > unless someone objects.
> >
> > Stable candidate for what tree(s)?
>
> I noticed that it was lacking and applied cleanly on 5.4. As of
> 5.4.25 it's still not stable there. I only noticed it because I was
> comparing all the patches in mainline in "net/qrtr" with what we had
> in our tree and stumbled upon this one.
>
> Looking at it a little more carefully, I guess you could say:
>
> Fixes: e7044482c8ac ("net: qrtr: Pass source and destination to
> enqueue functions")
>
> ...though it will be trickier to apply past commit 194ccc88297a ("net:
> qrtr: Support decoding incoming v2 packets") just because the math
> changed.
Given that both of those commits showed up in 4.15, it doesn't matter
much :)
I've queued this up for 5.4.y and 4.19.y now, thanks.
greg k-h
^ permalink raw reply [flat|nested] 8+ messages in thread
end of thread, other threads:[~2020-03-19 7:46 UTC | newest]
Thread overview: 8+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2020-01-03 4:50 [PATCH v2] net: qrtr: fix len of skb_put_padto in qrtr_node_enqueue Wen Gong
2020-01-05 22:47 ` David Miller
2020-01-06 2:04 ` Wen Gong
2020-02-25 22:52 ` Doug Anderson
2020-02-27 4:28 ` David Miller
2020-03-17 10:26 ` Greg KH
2020-03-17 15:45 ` Doug Anderson
2020-03-19 7:46 ` Greg KH
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).