From patchwork Thu Apr 19 21:44:36 2018 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Alexander Aring X-Patchwork-Id: 901524 X-Patchwork-Delegate: davem@davemloft.net Return-Path: X-Original-To: patchwork-incoming-netdev@ozlabs.org Delivered-To: patchwork-incoming-netdev@ozlabs.org Authentication-Results: ozlabs.org; spf=none (mailfrom) smtp.mailfrom=vger.kernel.org (client-ip=209.132.180.67; helo=vger.kernel.org; envelope-from=netdev-owner@vger.kernel.org; receiver=) Authentication-Results: ozlabs.org; dmarc=none (p=none dis=none) header.from=mojatatu.com Authentication-Results: ozlabs.org; dkim=pass (2048-bit key; unprotected) header.d=mojatatu-com.20150623.gappssmtp.com header.i=@mojatatu-com.20150623.gappssmtp.com header.b="RXq2bnyk"; dkim-atps=neutral Received: from vger.kernel.org (vger.kernel.org [209.132.180.67]) by ozlabs.org (Postfix) with ESMTP id 40Rswb55nTz9s3F for ; Fri, 20 Apr 2018 07:45:19 +1000 (AEST) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1753539AbeDSVpR (ORCPT ); Thu, 19 Apr 2018 17:45:17 -0400 Received: from mail-io0-f195.google.com ([209.85.223.195]:35193 "EHLO mail-io0-f195.google.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1753531AbeDSVpP (ORCPT ); Thu, 19 Apr 2018 17:45:15 -0400 Received: by mail-io0-f195.google.com with SMTP id d26-v6so8346314ioc.2 for ; Thu, 19 Apr 2018 14:45:15 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=mojatatu-com.20150623.gappssmtp.com; s=20150623; h=from:to:cc:subject:date:message-id:in-reply-to:references; bh=ZC3fcZ+RpFyuXMDZj8NpR1HzBPSwIX4X3cK/ojdO6j0=; b=RXq2bnykQMlW+nsEouob6ES4BFa5K/7v20/zZXwoqNoGbCGftKo36k4PDWGf31ntfY G3jrnU5DXdgAUciICnJOY4kWdzgmfA5luVLDnRgng3yQKXJ+ami0QMd9+eRRnet6yl5l WlCJfVmk5CKAj6JVNDEYQ0hY93lsfTvYacOtlFdqlIRQNGGALXvquNcHcvl52ZzZ85Xn nttp1h1QDnv1HpyTXcyq/OD7s5wk3Zke41/h4fXaH+DTeQ2kxIPfX7koAvwGAvMgIaVu 7MkQP74xyM/9kPc24MoDIczCWF0OP4N3RHbLHlBJ+kZHUmOLOlv0wZlgKBUoqvXdcyPp x+sg== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:from:to:cc:subject:date:message-id:in-reply-to :references; bh=ZC3fcZ+RpFyuXMDZj8NpR1HzBPSwIX4X3cK/ojdO6j0=; b=Lnj4RsKK/6O41fqEfCDxLJZ5maLR0yx5oyTvnaRR96AjsdrohDHttVvIfPNzBUKjzt +0YUxSIuRGYalYXtb6U0UKb1mlIpx/AdWAvvGY5GOOr3k7DcuxFlmnllSuDzr1aY83as jRzCFe2o1ah0jDptOkcFpiM3SvOK4mFXMP5UowcWuf2D55cd/yPkY+wi0IQmcRtehvrb C9ujdXRzFpyK+juw10Cw9egsEv6wb7zzOo9St131C6vE7i44I4T4ClBIGYe4tegszZkk g4fn2QImQ8ZjdJ7XvsNN0l6R4miaUNE4GzfV4ygy7L5ZI7JNIlxbgctgcYJpAdyTDqy1 W+Gw== X-Gm-Message-State: ALQs6tAOlbABQ7LKsl3EbK2CQzlgK+EnjJoqHFVqlLIHzxj/l9dszPjS apUgQw1TXPdIpz+jSXj4y5KvMA== X-Google-Smtp-Source: AB8JxZru9bt1mD6RIbvlFZqUIaU4Vzka6ksPTt4zl7knpPkXRchMuJejJt+ElbvElyC3ij8wu5w90g== X-Received: by 2002:a6b:9e42:: with SMTP id h63-v6mr8359780ioe.30.1524174314842; Thu, 19 Apr 2018 14:45:14 -0700 (PDT) Received: from x220t.lan ([64.26.149.125]) by smtp.gmail.com with ESMTPSA id b66-v6sm45963itb.3.2018.04.19.14.45.13 (version=TLS1_2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128); Thu, 19 Apr 2018 14:45:14 -0700 (PDT) From: Alexander Aring To: yotam.gi@gmail.com Cc: jhs@mojatatu.com, davem@davemloft.net, xiyou.wangcong@gmail.com, jiri@resnulli.us, yuvalm@mellanox.com, netdev@vger.kernel.org, kernel@mojatatu.com, Alexander Aring Subject: [PATCHv2 net 1/3] net: sched: ife: signal not finding metaid Date: Thu, 19 Apr 2018 17:44:36 -0400 Message-Id: <20180419214438.6801-2-aring@mojatatu.com> X-Mailer: git-send-email 2.11.0 In-Reply-To: <20180419214438.6801-1-aring@mojatatu.com> References: <20180419214438.6801-1-aring@mojatatu.com> Sender: netdev-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: netdev@vger.kernel.org We need to record stats for received metadata that we dont know how to process. Have find_decode_metaid() return -ENOENT to capture this. Signed-off-by: Alexander Aring Reviewed-by: Yotam Gigi Acked-by: Jamal Hadi Salim --- net/sched/act_ife.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/net/sched/act_ife.c b/net/sched/act_ife.c index a5994cf0512b..49b8ab551fbe 100644 --- a/net/sched/act_ife.c +++ b/net/sched/act_ife.c @@ -652,7 +652,7 @@ static int find_decode_metaid(struct sk_buff *skb, struct tcf_ife_info *ife, } } - return 0; + return -ENOENT; } static int tcf_ife_decode(struct sk_buff *skb, const struct tc_action *a, From patchwork Thu Apr 19 21:44:37 2018 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Alexander Aring X-Patchwork-Id: 901526 X-Patchwork-Delegate: davem@davemloft.net Return-Path: X-Original-To: patchwork-incoming-netdev@ozlabs.org Delivered-To: patchwork-incoming-netdev@ozlabs.org Authentication-Results: ozlabs.org; spf=none (mailfrom) smtp.mailfrom=vger.kernel.org (client-ip=209.132.180.67; helo=vger.kernel.org; envelope-from=netdev-owner@vger.kernel.org; receiver=) Authentication-Results: ozlabs.org; dmarc=none (p=none dis=none) header.from=mojatatu.com Authentication-Results: ozlabs.org; dkim=pass (2048-bit key; unprotected) header.d=mojatatu-com.20150623.gappssmtp.com header.i=@mojatatu-com.20150623.gappssmtp.com header.b="bkbjDA4A"; dkim-atps=neutral Received: from vger.kernel.org (vger.kernel.org [209.132.180.67]) by ozlabs.org (Postfix) with ESMTP id 40Rswn2r43z9s1t for ; Fri, 20 Apr 2018 07:45:29 +1000 (AEST) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1753576AbeDSVp2 (ORCPT ); Thu, 19 Apr 2018 17:45:28 -0400 Received: from mail-io0-f194.google.com ([209.85.223.194]:41234 "EHLO mail-io0-f194.google.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1753460AbeDSVpQ (ORCPT ); Thu, 19 Apr 2018 17:45:16 -0400 Received: by mail-io0-f194.google.com with SMTP id o7-v6so6509288iob.8 for ; Thu, 19 Apr 2018 14:45:16 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=mojatatu-com.20150623.gappssmtp.com; s=20150623; h=from:to:cc:subject:date:message-id:in-reply-to:references; bh=fQ+c5CThU/W/+XvIOAE9hvPo7oD5mP2q37ly5R4/DAI=; b=bkbjDA4A6ynQSm7uD5x5F1oeMynTaZQlvHH2QSrkYcX6heqc1exO0SbAX35Y/s4E1H F6pOVYSlJLBJNdY/yCi8SYAqVXQULZ6OJGUmZLn67SqrgfZaO4Rv4Nyo2RyUkUfH8kjI dLgIxmp5DAqfmAyfXLDs1+k6kGujgWgKvToWpFn02wrHlap/OLJEFl32upPpicQzBnpZ 3l0gdu7BIKZUcw/WmOOpw9SaXAcX5vzAJu0oYy/MzA9iw5vwILYhAPXP6L1ZJByqxe97 jAurjgsBM380TB6tTTybHhf8o2/8Zf7+aTpTcy1DLvnaRZ0UAEUgHG+5n92aPmhAF7p/ 8u1Q== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:from:to:cc:subject:date:message-id:in-reply-to :references; bh=fQ+c5CThU/W/+XvIOAE9hvPo7oD5mP2q37ly5R4/DAI=; b=gz+ZXUBxDaMVitPiX9cgbNsKmFyPK0htTEwyV7sbrm5RpSpoZgswF7vcLH3kWIuzlw QMQtce1ua9U9Ei2GW5dG7mb6q7v02ImpNzbWWBzqV5k0cSDjj0D+c2Mg6iXNhMLcmbQp Va8vf3mPZuUVbwjTnWvxPk73ORjjOemLyMFFzU6cU9FYalnApfR9vfGbYQgg1HmqzBG1 RpX7uKY11ovHnGNT/4qsm2tCeDuz/wc8yDStkZhpOgLgPIuBWxOvlmHJX6Uy5J3jrHuU w3EwzT1BK0yYJwNNjT5cRTwaUa6DTbw9357jpmR1kKFMIvEItuC8nmFqg9cWCUO9MN7Q Co6w== X-Gm-Message-State: ALQs6tA0BA/K+mLDeKbeUNAcU/S9v1fsgbFoSl0BDUZDkAfxmp7xfa9Y tD2FUk+E4C0tTHHoZIZ36uWcxQ== X-Google-Smtp-Source: AIpwx49mNGQmhLOwP84rjqNHU4jC0PWboyDZSQKTHnOlzWnmwqJSMhudF9Hcoj13ViQmD2b7l4jT7Q== X-Received: by 2002:a6b:94d4:: with SMTP id w203-v6mr8132443iod.305.1524174316193; Thu, 19 Apr 2018 14:45:16 -0700 (PDT) Received: from x220t.lan ([64.26.149.125]) by smtp.gmail.com with ESMTPSA id b66-v6sm45963itb.3.2018.04.19.14.45.14 (version=TLS1_2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128); Thu, 19 Apr 2018 14:45:15 -0700 (PDT) From: Alexander Aring To: yotam.gi@gmail.com Cc: jhs@mojatatu.com, davem@davemloft.net, xiyou.wangcong@gmail.com, jiri@resnulli.us, yuvalm@mellanox.com, netdev@vger.kernel.org, kernel@mojatatu.com, Alexander Aring Subject: [PATCHv2 net 2/3] net: sched: ife: handle malformed tlv length Date: Thu, 19 Apr 2018 17:44:37 -0400 Message-Id: <20180419214438.6801-3-aring@mojatatu.com> X-Mailer: git-send-email 2.11.0 In-Reply-To: <20180419214438.6801-1-aring@mojatatu.com> References: <20180419214438.6801-1-aring@mojatatu.com> Sender: netdev-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: netdev@vger.kernel.org There is currently no handling to check on a invalid tlv length. This patch adds such handling to avoid killing the kernel with a malformed ife packet. Signed-off-by: Alexander Aring Reviewed-by: Yotam Gigi Acked-by: Jamal Hadi Salim --- include/net/ife.h | 3 ++- net/ife/ife.c | 35 +++++++++++++++++++++++++++++++++-- net/sched/act_ife.c | 7 ++++++- 3 files changed, 41 insertions(+), 4 deletions(-) diff --git a/include/net/ife.h b/include/net/ife.h index 44b9c00f7223..e117617e3c34 100644 --- a/include/net/ife.h +++ b/include/net/ife.h @@ -12,7 +12,8 @@ void *ife_encode(struct sk_buff *skb, u16 metalen); void *ife_decode(struct sk_buff *skb, u16 *metalen); -void *ife_tlv_meta_decode(void *skbdata, u16 *attrtype, u16 *dlen, u16 *totlen); +void *ife_tlv_meta_decode(void *skbdata, const void *ifehdr_end, u16 *attrtype, + u16 *dlen, u16 *totlen); int ife_tlv_meta_encode(void *skbdata, u16 attrtype, u16 dlen, const void *dval); diff --git a/net/ife/ife.c b/net/ife/ife.c index 7d1ec76e7f43..7fbe70a0af4b 100644 --- a/net/ife/ife.c +++ b/net/ife/ife.c @@ -92,12 +92,43 @@ struct meta_tlvhdr { __be16 len; }; +static bool __ife_tlv_meta_valid(const unsigned char *skbdata, + const unsigned char *ifehdr_end) +{ + const struct meta_tlvhdr *tlv; + u16 tlvlen; + + if (unlikely(skbdata + sizeof(*tlv) > ifehdr_end)) + return false; + + tlv = (const struct meta_tlvhdr *)skbdata; + tlvlen = ntohs(tlv->len); + + /* tlv length field is inc header, check on minimum */ + if (tlvlen < NLA_HDRLEN) + return false; + + /* overflow by NLA_ALIGN check */ + if (NLA_ALIGN(tlvlen) < tlvlen) + return false; + + if (unlikely(skbdata + NLA_ALIGN(tlvlen) > ifehdr_end)) + return false; + + return true; +} + /* Caller takes care of presenting data in network order */ -void *ife_tlv_meta_decode(void *skbdata, u16 *attrtype, u16 *dlen, u16 *totlen) +void *ife_tlv_meta_decode(void *skbdata, const void *ifehdr_end, u16 *attrtype, + u16 *dlen, u16 *totlen) { - struct meta_tlvhdr *tlv = (struct meta_tlvhdr *) skbdata; + struct meta_tlvhdr *tlv; + + if (!__ife_tlv_meta_valid(skbdata, ifehdr_end)) + return NULL; + tlv = (struct meta_tlvhdr *)skbdata; *dlen = ntohs(tlv->len) - NLA_HDRLEN; *attrtype = ntohs(tlv->type); diff --git a/net/sched/act_ife.c b/net/sched/act_ife.c index 49b8ab551fbe..8527cfdc446d 100644 --- a/net/sched/act_ife.c +++ b/net/sched/act_ife.c @@ -682,7 +682,12 @@ static int tcf_ife_decode(struct sk_buff *skb, const struct tc_action *a, u16 mtype; u16 dlen; - curr_data = ife_tlv_meta_decode(tlv_data, &mtype, &dlen, NULL); + curr_data = ife_tlv_meta_decode(tlv_data, ifehdr_end, &mtype, + &dlen, NULL); + if (!curr_data) { + qstats_drop_inc(this_cpu_ptr(ife->common.cpu_qstats)); + return TC_ACT_SHOT; + } if (find_decode_metaid(skb, ife, mtype, dlen, curr_data)) { /* abuse overlimits to count when we receive metadata From patchwork Thu Apr 19 21:44:38 2018 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Alexander Aring X-Patchwork-Id: 901525 X-Patchwork-Delegate: davem@davemloft.net Return-Path: X-Original-To: patchwork-incoming-netdev@ozlabs.org Delivered-To: patchwork-incoming-netdev@ozlabs.org Authentication-Results: ozlabs.org; spf=none (mailfrom) smtp.mailfrom=vger.kernel.org (client-ip=209.132.180.67; helo=vger.kernel.org; envelope-from=netdev-owner@vger.kernel.org; receiver=) Authentication-Results: ozlabs.org; dmarc=none (p=none dis=none) header.from=mojatatu.com Authentication-Results: ozlabs.org; dkim=pass (2048-bit key; unprotected) header.d=mojatatu-com.20150623.gappssmtp.com header.i=@mojatatu-com.20150623.gappssmtp.com header.b="pjXoAD88"; dkim-atps=neutral Received: from vger.kernel.org (vger.kernel.org [209.132.180.67]) by ozlabs.org (Postfix) with ESMTP id 40Rswf5dv0z9s1t for ; Fri, 20 Apr 2018 07:45:22 +1000 (AEST) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1753557AbeDSVpV (ORCPT ); Thu, 19 Apr 2018 17:45:21 -0400 Received: from mail-it0-f67.google.com ([209.85.214.67]:34335 "EHLO mail-it0-f67.google.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1753531AbeDSVpS (ORCPT ); Thu, 19 Apr 2018 17:45:18 -0400 Received: by mail-it0-f67.google.com with SMTP id t192-v6so1300856itc.1 for ; Thu, 19 Apr 2018 14:45:18 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=mojatatu-com.20150623.gappssmtp.com; s=20150623; h=from:to:cc:subject:date:message-id:in-reply-to:references; bh=ohfhztWUQBr0yIMeeQzqQ242N/trfs8C2LSEU1xsOVc=; b=pjXoAD88auaZ8NjJ/UhOP9KW2gElYkybNEuyPSV3imuN2ozVyWNSxNtm3U54giVZcq 8tbO9p2sM8aNqSnDD/1W6+/GgGzNlNE37N2/10O/Z73NMTO3Hv1t+XjJxuq3AIC5uUTa /+FYDL4rgaJfZolZU0suNFlC7PKnbVkKKrvrpdllvsWoVr4NfCG0HnOJYp24nNrtAINl VtLT5I1lXnSh4A2sMToKaK65eU2k4dpXQ1T7kIDNDFwGHBhKXuyi4tLT7wZLLe8EYGGS EVFbkJRY7D+SVO+47PUkGCrAWdGmSRN2NmhXNsBIANaWwAfOjYoLeM1dYyKQvVFfPJJK 5XsA== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:from:to:cc:subject:date:message-id:in-reply-to :references; bh=ohfhztWUQBr0yIMeeQzqQ242N/trfs8C2LSEU1xsOVc=; b=cs8itB2ROtbLU/ayID5jCkjlMCjJU494Y8UGLvB3eWZQ4Mbl73t7Hh4zigHhJS+PZR I7l9O2FvP4Sn2L1dH/X/6cjj8uTFGCOuhbAU5qI5btwo2c2dJCk2DWxzlHuFhGNxnfAK H0XBV6hZZrRawnteUk55Ue6/srM20eqfOF8cDu48c//YB9Vi6bi67qDhRQ924+owhaEC jNJaQ8Sbvog7aRGyrkQ1On7C6QN7blgnjXaXaxNm15w24N9YmPfMIJabYtp+6OJk2Q0Y GG6ofMghCM6PNlirU5qNwpBeWuTv6bjqlFg5DxBdCJL6e0nxB7YTY2yDKvd4r+qEf5e2 xZEg== X-Gm-Message-State: ALQs6tA45UdmYwR3XE3j2CmjNnvuBHdpYkDj8oGwHxOvWYaeR3LkUDti 2AaVMtLOCLZ0e4HdG/OljirAPA== X-Google-Smtp-Source: AIpwx497nnp3C1MCkvQxn/Q93ce9B4FWmFBgr36e3AbMJ7HA98iA+seW0Fx2bFt9WD6+AgAaoPuUnA== X-Received: by 2002:a24:1d85:: with SMTP id 127-v6mr507734itj.75.1524174317445; Thu, 19 Apr 2018 14:45:17 -0700 (PDT) Received: from x220t.lan ([64.26.149.125]) by smtp.gmail.com with ESMTPSA id b66-v6sm45963itb.3.2018.04.19.14.45.16 (version=TLS1_2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128); Thu, 19 Apr 2018 14:45:16 -0700 (PDT) From: Alexander Aring To: yotam.gi@gmail.com Cc: jhs@mojatatu.com, davem@davemloft.net, xiyou.wangcong@gmail.com, jiri@resnulli.us, yuvalm@mellanox.com, netdev@vger.kernel.org, kernel@mojatatu.com, Alexander Aring Subject: [PATCHv2 net 3/3] net: sched: ife: check on metadata length Date: Thu, 19 Apr 2018 17:44:38 -0400 Message-Id: <20180419214438.6801-4-aring@mojatatu.com> X-Mailer: git-send-email 2.11.0 In-Reply-To: <20180419214438.6801-1-aring@mojatatu.com> References: <20180419214438.6801-1-aring@mojatatu.com> Sender: netdev-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: netdev@vger.kernel.org This patch checks if sk buffer is available to dererence ife header. If not then NULL will returned to signal an malformed ife packet. This avoids to crashing the kernel from outside. Signed-off-by: Alexander Aring Reviewed-by: Yotam Gigi Acked-by: Jamal Hadi Salim --- net/ife/ife.c | 3 +++ 1 file changed, 3 insertions(+) diff --git a/net/ife/ife.c b/net/ife/ife.c index 7fbe70a0af4b..93e8c36ce6ec 100644 --- a/net/ife/ife.c +++ b/net/ife/ife.c @@ -70,6 +70,9 @@ void *ife_decode(struct sk_buff *skb, u16 *metalen) u16 ifehdrln; ifehdr = (struct ifeheadr *) (skb->data + skb->dev->hard_header_len); + if (skb->len < skb->dev->hard_header_len + IFE_METAHDRLEN) + return NULL; + ifehdrln = ntohs(ifehdr->metalen); total_pull = skb->dev->hard_header_len + ifehdrln;