| Message ID | 1536744082-3568-1-git-send-email-yanhaishuang@cmss.chinamobile.com |
|---|---|
| State | Changes Requested, archived |
| Delegated to: | David Miller |
| Headers | show |
| Series | [v2,net-next,1/2] ip_gre: fix parsing gre header in ipgre_err | expand |
From: Haishuang Yan <yanhaishuang@cmss.chinamobile.com> Date: Wed, 12 Sep 2018 17:21:21 +0800 > @@ -86,7 +86,7 @@ int gre_parse_header(struct sk_buff *skb, struct tnl_ptk_info *tpi, > > options = (__be32 *)(greh + 1); > if (greh->flags & GRE_CSUM) { > - if (skb_checksum_simple_validate(skb)) { > + if (csum_err && skb_checksum_simple_validate(skb)) { > *csum_err = true; > return -EINVAL; > } You want to ignore csum errors, but you do not want to elide the side effects of the skb_checksum_simple_validate() call which are to set skb->csum_valid and skb->csum. Therefore, the skb_checksum_simple_validate() call still needs to be performed. We just wont return -EINVAL in the NULL csum_err case.
> On 2018年9月14日, at 上午1:58, David Miller <davem@davemloft.net> wrote: > > From: Haishuang Yan <yanhaishuang@cmss.chinamobile.com> > Date: Wed, 12 Sep 2018 17:21:21 +0800 > >> @@ -86,7 +86,7 @@ int gre_parse_header(struct sk_buff *skb, struct tnl_ptk_info *tpi, >> >> options = (__be32 *)(greh + 1); >> if (greh->flags & GRE_CSUM) { >> - if (skb_checksum_simple_validate(skb)) { >> + if (csum_err && skb_checksum_simple_validate(skb)) { >> *csum_err = true; >> return -EINVAL; >> } > > You want to ignore csum errors, but you do not want to elide the side > effects of the skb_checksum_simple_validate() call which are to set > skb->csum_valid and skb->csum. > > Therefore, the skb_checksum_simple_validate() call still needs to be > performed. We just wont return -EINVAL in the NULL csum_err case. > > How about doing like this: --- a/net/ipv4/gre_demux.c +++ b/net/ipv4/gre_demux.c @@ -86,13 +86,14 @@ int gre_parse_header(struct sk_buff *skb, struct tnl_ptk_info *tpi, options = (__be32 *)(greh + 1); if (greh->flags & GRE_CSUM) { - if (skb_checksum_simple_validate(skb)) { + if (!skb_checksum_simple_validate(skb)) { + skb_checksum_try_convert(skb, IPPROTO_GRE, 0, + null_compute_pseudo); + } else if (csum_err) { *csum_err = true; return -EINVAL; } - skb_checksum_try_convert(skb, IPPROTO_GRE, 0, - null_compute_pseudo); Thanks for reviewing.
On 13/09/18 18:58, David Miller wrote: > From: Haishuang Yan <yanhaishuang@cmss.chinamobile.com> > Date: Wed, 12 Sep 2018 17:21:21 +0800 > >> @@ -86,7 +86,7 @@ int gre_parse_header(struct sk_buff *skb, struct tnl_ptk_info *tpi, >> >> options = (__be32 *)(greh + 1); >> if (greh->flags & GRE_CSUM) { >> - if (skb_checksum_simple_validate(skb)) { >> + if (csum_err && skb_checksum_simple_validate(skb)) { >> *csum_err = true; >> return -EINVAL; >> } > You want to ignore csum errors, but you do not want to elide the side > effects of the skb_checksum_simple_validate() call which are to set > skb->csum_valid and skb->csum. > > Therefore, the skb_checksum_simple_validate() call still needs to be > performed. We just wont return -EINVAL in the NULL csum_err case. How about just reversing the order of the AND? if (skb_checksum_simple_validate(skb) && csum_err) { *csum_err = true; return -EINVAL; }
> On 2018年9月14日, at 下午8:44, Edward Cree <ecree@solarflare.com> wrote: > > On 13/09/18 18:58, David Miller wrote: >> From: Haishuang Yan <yanhaishuang@cmss.chinamobile.com> >> Date: Wed, 12 Sep 2018 17:21:21 +0800 >> >>> @@ -86,7 +86,7 @@ int gre_parse_header(struct sk_buff *skb, struct tnl_ptk_info *tpi, >>> >>> options = (__be32 *)(greh + 1); >>> if (greh->flags & GRE_CSUM) { >>> - if (skb_checksum_simple_validate(skb)) { >>> + if (csum_err && skb_checksum_simple_validate(skb)) { >>> *csum_err = true; >>> return -EINVAL; >>> } >> You want to ignore csum errors, but you do not want to elide the side >> effects of the skb_checksum_simple_validate() call which are to set >> skb->csum_valid and skb->csum. >> >> Therefore, the skb_checksum_simple_validate() call still needs to be >> performed. We just wont return -EINVAL in the NULL csum_err case. > > How about just reversing the order of the AND? > > if (skb_checksum_simple_validate(skb) && csum_err) { > *csum_err = true; > return -EINVAL; > } > > It looks good to me, thanks! But skb_checksum_try_convert only need to be called after the checksum is validated, so I suggested a better solution as following: 89 if (!skb_checksum_simple_validate(skb)) { 90 skb_checksum_try_convert(skb, IPPROTO_GRE, 0, 91 null_compute_pseudo); 92 } else if (csum_err) { 93 *csum_err = true; 94 return -EINVAL; 95 }
diff --git a/net/ipv4/gre_demux.c b/net/ipv4/gre_demux.c index b798862..679a527 100644 --- a/net/ipv4/gre_demux.c +++ b/net/ipv4/gre_demux.c @@ -86,7 +86,7 @@ int gre_parse_header(struct sk_buff *skb, struct tnl_ptk_info *tpi, options = (__be32 *)(greh + 1); if (greh->flags & GRE_CSUM) { - if (skb_checksum_simple_validate(skb)) { + if (csum_err && skb_checksum_simple_validate(skb)) { *csum_err = true; return -EINVAL; } diff --git a/net/ipv4/ip_gre.c b/net/ipv4/ip_gre.c index 8cce0e9..c3385a8 100644 --- a/net/ipv4/ip_gre.c +++ b/net/ipv4/ip_gre.c @@ -232,13 +232,10 @@ static void gre_err(struct sk_buff *skb, u32 info) const int type = icmp_hdr(skb)->type; const int code = icmp_hdr(skb)->code; struct tnl_ptk_info tpi; - bool csum_err = false; - if (gre_parse_header(skb, &tpi, &csum_err, htons(ETH_P_IP), - iph->ihl * 4) < 0) { - if (!csum_err) /* ignore csum errors. */ - return; - } + if (gre_parse_header(skb, &tpi, NULL, htons(ETH_P_IP), + iph->ihl * 4) < 0) + return; if (type == ICMP_DEST_UNREACH && code == ICMP_FRAG_NEEDED) { ipv4_update_pmtu(skb, dev_net(skb->dev), info,
gre_parse_header stops parsing when csum_err is encountered, which means tpi->key is undefined and ip_tunnel_lookup will return NULL improperly. This patch introduce a NULL pointer as csum_err parameter. Even when csum_err is encountered, it won't return error and continue parsing gre header as expected. Fixes: 9f57c67c379d ("gre: Remove support for sharing GRE protocol hook.") Reported-by: Jiri Benc <jbenc@redhat.com> Signed-off-by: Haishuang Yan <yanhaishuang@cmss.chinamobile.com> --- net/ipv4/gre_demux.c | 2 +- net/ipv4/ip_gre.c | 9 +++------ 2 files changed, 4 insertions(+), 7 deletions(-)