From patchwork Mon Sep 26 10:45:26 2016 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: yotam gigi X-Patchwork-Id: 675078 X-Patchwork-Delegate: davem@davemloft.net Return-Path: X-Original-To: patchwork-incoming@ozlabs.org Delivered-To: patchwork-incoming@ozlabs.org Received: from vger.kernel.org (vger.kernel.org [209.132.180.67]) by ozlabs.org (Postfix) with ESMTP id 3sjLDX17Gmz9s3v for ; Mon, 26 Sep 2016 20:43:56 +1000 (AEST) Authentication-Results: ozlabs.org; dkim=pass (2048-bit key; unprotected) header.d=gmail.com header.i=@gmail.com header.b=N5fN9GES; dkim-atps=neutral Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1034200AbcIZKnw (ORCPT ); Mon, 26 Sep 2016 06:43:52 -0400 Received: from mail-wm0-f66.google.com ([74.125.82.66]:34739 "EHLO mail-wm0-f66.google.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1034079AbcIZKnr (ORCPT ); Mon, 26 Sep 2016 06:43:47 -0400 Received: by mail-wm0-f66.google.com with SMTP id l132so13409247wmf.1 for ; Mon, 26 Sep 2016 03:43:46 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=from:to:cc:subject:date:message-id:in-reply-to:references; bh=tbHoJdZ5yCnidjcWoDpUmJvvcmy17UwYqLrWf8kQrLE=; b=N5fN9GES/XrHwitjkHdoGBStpbdEAj0XZcad1CmoqW+5pqaRqjBvlIJ3oxhGesj8yV JhDs6wsVrg75k7+wRW/NQl/LtqWw7BgV1xV8jRhXqVh6FxUCHQH+y/JfhngvaadHPtfQ TCyht88vb3JD1/1slCn1L/uhLdozWiMcK460DQbTZck6yxhB19aeoASCLDw3HNrsmgZt F7k2q2BZ2VpIjVOj28uKH/KJ7ZxLyR26c0KyAxfEGENFRXDmHAHSi56eENUaU9d77DX0 cwICInJe14cBKdB670GafkfAvQhPKZE3cQiLlXyiFPaH6HClysezW7VIizqBI5KscD1V WkAg== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20130820; h=x-gm-message-state:from:to:cc:subject:date:message-id:in-reply-to :references; bh=tbHoJdZ5yCnidjcWoDpUmJvvcmy17UwYqLrWf8kQrLE=; b=DyXgQpGnk1P/Jfq6mUkBcEdItk7T9EffJQpCnXNrg3MwNwX0bQsg2qhdRDzqyT5pz8 AXLjs19qBZLVSay+RkSyyr+SMUZtdz4i7+OSU650mvOGX+CipGTuZuWYZ7Ly18U2PjLR spPGTVw2mCQLEHvk7RY7yP2DreHCmgtQ10IdNOm9WlfN5wJqZR5LVfQa8aIIQRrCSli3 D63dP+27f2au9Ho9shqZhw0YGkbP/TWbwfa4ZchHsCfvPJc3xlUiOla+ftzOw+jCr9Wy SUrFG4NYRwnXOQjFUqBEfeDzjPIDkzVvDGL8CXRyLPc3SjFhytWDPd06HRlqbPQMBOYO pV3w== X-Gm-Message-State: AA6/9RkD7mhqwj/jmF2tF//fwMy2KJCt9aX69TxYAN7KnfZeo6acaUZ57X0vL4xb6srBkg== X-Received: by 10.28.137.212 with SMTP id l203mr14544273wmd.26.1474886625991; Mon, 26 Sep 2016 03:43:45 -0700 (PDT) Received: from dev-r-vrt-156.mtr.labs.mlnx ([193.47.165.251]) by smtp.gmail.com with ESMTPSA id au10sm21688777wjc.12.2016.09.26.03.43.44 (version=TLS1_2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128); Mon, 26 Sep 2016 03:43:45 -0700 (PDT) From: Yotam Gigi X-Google-Original-From: Yotam Gigi To: jhs@mojatatu.com, davem@davemloft.net, netdev@vger.kernel.org, mlxsw@mellanox.com Cc: Yotam Gigi Subject: [PATCH net v3 2/2] act_ife: Fix false encoding Date: Mon, 26 Sep 2016 13:45:26 +0300 Message-Id: <1474886726-56363-3-git-send-email-yotamg@mellanox.com> X-Mailer: git-send-email 2.4.11 In-Reply-To: <1474886726-56363-1-git-send-email-yotamg@mellanox.com> References: <1474886726-56363-1-git-send-email-yotamg@mellanox.com> Sender: netdev-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: netdev@vger.kernel.org On ife encode side, the action stores the different tlvs inside the ife header, where each tlv length field should refer to the length of the whole tlv (without additional padding) and not just the data length. On ife decode side, the action iterates over the tlvs in the ife header and parses them one by one, where in each iteration the current pointer is advanced according to the tlv size. Before, the encoding encoded only the data length inside the tlv, which led to false parsing of ife the header. In addition, due to the fact that the loop counter was unsigned, it could lead to infinite parsing loop. This fix changes the loop counter to be signed and fixes the encoding to take into account the tlv type and size. Fixes: 28a10c426e81 ("net sched: fix encoding to use real length") Acked-by: Jamal Hadi Salim Signed-off-by: Yotam Gigi --- v2->v3 - Fix the encode side instead of the decode side --- net/sched/act_ife.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/net/sched/act_ife.c b/net/sched/act_ife.c index b949d97..95c463c 100644 --- a/net/sched/act_ife.c +++ b/net/sched/act_ife.c @@ -53,7 +53,7 @@ int ife_tlv_meta_encode(void *skbdata, u16 attrtype, u16 dlen, const void *dval) u32 *tlv = (u32 *)(skbdata); u16 totlen = nla_total_size(dlen); /*alignment + hdr */ char *dptr = (char *)tlv + NLA_HDRLEN; - u32 htlv = attrtype << 16 | dlen; + u32 htlv = attrtype << 16 | (dlen + NLA_HDRLEN); *tlv = htonl(htlv); memset(dptr, 0, totlen - NLA_HDRLEN); @@ -653,7 +653,7 @@ static int tcf_ife_decode(struct sk_buff *skb, const struct tc_action *a, struct tcf_ife_info *ife = to_ife(a); int action = ife->tcf_action; struct ifeheadr *ifehdr = (struct ifeheadr *)skb->data; - u16 ifehdrln = ifehdr->metalen; + int ifehdrln = (int)ifehdr->metalen; struct meta_tlvhdr *tlv = (struct meta_tlvhdr *)(ifehdr->tlv_data); spin_lock(&ife->tcf_lock);