Calculating the IPv6 checksum on 32-bit systems missed overflows when
adding the proto+len fields into the checksum. This results in the
following unit test failure.
# test_csum_ipv6_magic: ASSERTION FAILED at lib/checksum_kunit.c:506
Expected ( u64)csum_result == ( u64)expected, but
( u64)csum_result == 46722 (0xb682)
( u64)expected == 46721 (0xb681)
not ok 5 test_csum_ipv6_magic
This is probably rarely seen in the real world because proto+len are
usually small values which will rarely result in overflows when calculating
the checksum. However, the unit test code uses large values for the length
field, causing the test to fail.
Fix the problem by adding the missing carry into the final checksum.
Cc: Charlie Jenkins <[email protected]>
Cc: Palmer Dabbelt <[email protected]>
Fixes: 1da177e4c3f4 ("Linux-2.6.12-rc2")
Signed-off-by: Guenter Roeck <[email protected]>
---
arch/parisc/include/asm/checksum.h | 3 ++-
1 file changed, 2 insertions(+), 1 deletion(-)
diff --git a/arch/parisc/include/asm/checksum.h b/arch/parisc/include/asm/checksum.h
index f705e5dd1074..e619e67440db 100644
--- a/arch/parisc/include/asm/checksum.h
+++ b/arch/parisc/include/asm/checksum.h
@@ -163,7 +163,8 @@ static __inline__ __sum16 csum_ipv6_magic(const struct in6_addr *saddr,
" ldw,ma 4(%2), %7\n" /* 4th daddr */
" addc %6, %0, %0\n"
" addc %7, %0, %0\n"
-" addc %3, %0, %0\n" /* fold in proto+len, catch carry */
+" addc %3, %0, %0\n" /* fold in proto+len */
+" addc 0, %0, %0\n" /* add carry */
#endif
: "=r" (sum), "=r" (saddr), "=r" (daddr), "=r" (len),
--
2.39.2
From: Guenter Roeck
> Sent: 10 February 2024 19:16
>
> Calculating the IPv6 checksum on 32-bit systems missed overflows when
> adding the proto+len fields into the checksum. This results in the
> following unit test failure.
>
> # test_csum_ipv6_magic: ASSERTION FAILED at lib/checksum_kunit.c:506
> Expected ( u64)csum_result == ( u64)expected, but
> ( u64)csum_result == 46722 (0xb682)
> ( u64)expected == 46721 (0xb681)
> not ok 5 test_csum_ipv6_magic
>
> This is probably rarely seen in the real world because proto+len are
> usually small values which will rarely result in overflows when calculating
> the checksum. However, the unit test code uses large values for the length
> field, causing the test to fail.
Isn't length limited by the protocol encoding?
So this is really a bug in the unit tests for using a length that
it too large for the function?
David
>
> Fix the problem by adding the missing carry into the final checksum.
>
> Cc: Charlie Jenkins <[email protected]>
> Cc: Palmer Dabbelt <[email protected]>
> Fixes: 1da177e4c3f4 ("Linux-2.6.12-rc2")
> Signed-off-by: Guenter Roeck <[email protected]>
> ---
> arch/parisc/include/asm/checksum.h | 3 ++-
> 1 file changed, 2 insertions(+), 1 deletion(-)
>
> diff --git a/arch/parisc/include/asm/checksum.h b/arch/parisc/include/asm/checksum.h
> index f705e5dd1074..e619e67440db 100644
> --- a/arch/parisc/include/asm/checksum.h
> +++ b/arch/parisc/include/asm/checksum.h
> @@ -163,7 +163,8 @@ static __inline__ __sum16 csum_ipv6_magic(const struct in6_addr *saddr,
> " ldw,ma 4(%2), %7\n" /* 4th daddr */
> " addc %6, %0, %0\n"
> " addc %7, %0, %0\n"
> -" addc %3, %0, %0\n" /* fold in proto+len, catch carry */
> +" addc %3, %0, %0\n" /* fold in proto+len */
> +" addc 0, %0, %0\n" /* add carry */
>
> #endif
> : "=r" (sum), "=r" (saddr), "=r" (daddr), "=r" (len),
> --
> 2.39.2
>
-
Registered Address Lakeside, Bramley Road, Mount Farm, Milton Keynes, MK1 1PT, UK
Registration No: 1397386 (Wales)
On 2/11/24 05:57, David Laight wrote:
> From: Guenter Roeck
>> Sent: 10 February 2024 19:16
>>
>> Calculating the IPv6 checksum on 32-bit systems missed overflows when
>> adding the proto+len fields into the checksum. This results in the
>> following unit test failure.
>>
>> # test_csum_ipv6_magic: ASSERTION FAILED at lib/checksum_kunit.c:506
>> Expected ( u64)csum_result == ( u64)expected, but
>> ( u64)csum_result == 46722 (0xb682)
>> ( u64)expected == 46721 (0xb681)
>> not ok 5 test_csum_ipv6_magic
>>
>> This is probably rarely seen in the real world because proto+len are
>> usually small values which will rarely result in overflows when calculating
>> the checksum. However, the unit test code uses large values for the length
>> field, causing the test to fail.
>
> Isn't length limited by the protocol encoding?
> So this is really a bug in the unit tests for using a length that
> it too large for the function?
>
Arguable. While the length value passed to the function is not a valid
packet length, it exposes a weakness in the implementation of
csum_ipv6_magic() - after all, folding proto+len into the checksum _may_
overflow even for small(er) values of proto and length. It is just much
less likely to happen if the length is limited to 16 bit.
Guenter
On Sat, Feb 10, 2024 at 11:15:56AM -0800, Guenter Roeck wrote:
> Calculating the IPv6 checksum on 32-bit systems missed overflows when
> adding the proto+len fields into the checksum. This results in the
> following unit test failure.
>
> # test_csum_ipv6_magic: ASSERTION FAILED at lib/checksum_kunit.c:506
> Expected ( u64)csum_result == ( u64)expected, but
> ( u64)csum_result == 46722 (0xb682)
> ( u64)expected == 46721 (0xb681)
> not ok 5 test_csum_ipv6_magic
>
> This is probably rarely seen in the real world because proto+len are
> usually small values which will rarely result in overflows when calculating
> the checksum. However, the unit test code uses large values for the length
> field, causing the test to fail.
>
> Fix the problem by adding the missing carry into the final checksum.
>
> Cc: Charlie Jenkins <[email protected]>
> Cc: Palmer Dabbelt <[email protected]>
> Fixes: 1da177e4c3f4 ("Linux-2.6.12-rc2")
> Signed-off-by: Guenter Roeck <[email protected]>
> ---
> arch/parisc/include/asm/checksum.h | 3 ++-
> 1 file changed, 2 insertions(+), 1 deletion(-)
>
> diff --git a/arch/parisc/include/asm/checksum.h b/arch/parisc/include/asm/checksum.h
> index f705e5dd1074..e619e67440db 100644
> --- a/arch/parisc/include/asm/checksum.h
> +++ b/arch/parisc/include/asm/checksum.h
> @@ -163,7 +163,8 @@ static __inline__ __sum16 csum_ipv6_magic(const struct in6_addr *saddr,
> " ldw,ma 4(%2), %7\n" /* 4th daddr */
> " addc %6, %0, %0\n"
> " addc %7, %0, %0\n"
> -" addc %3, %0, %0\n" /* fold in proto+len, catch carry */
> +" addc %3, %0, %0\n" /* fold in proto+len */
> +" addc 0, %0, %0\n" /* add carry */
>
> #endif
> : "=r" (sum), "=r" (saddr), "=r" (daddr), "=r" (len),
> --
> 2.39.2
>
Looks good!
Tested-by: Charlie Jenkins <[email protected]>
Reviewed-by: Charlie Jenkins <[email protected]>