Return-Path: Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1755875AbbHCW6u (ORCPT ); Mon, 3 Aug 2015 18:58:50 -0400 Received: from mail-yk0-f182.google.com ([209.85.160.182]:34490 "EHLO mail-yk0-f182.google.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1755789AbbHCW6t (ORCPT ); Mon, 3 Aug 2015 18:58:49 -0400 MIME-Version: 1.0 In-Reply-To: References: <1438279963-29563-1-git-send-email-joestringer@nicira.com> <1438279963-29563-6-git-send-email-joestringer@nicira.com> From: Joe Stringer Date: Mon, 3 Aug 2015 15:58:28 -0700 Message-ID: Subject: Re: [PATCH net-next 5/9] openvswitch: Add conntrack action To: Pravin Shelar Cc: netdev , LKML , pablo , Patrick McHardy , Justin Pettit , Andy Zhou , Jesse Gross , Florian Westphal , Hannes Sowa , Thomas Graf Content-Type: text/plain; charset=UTF-8 Sender: linux-kernel-owner@vger.kernel.org List-ID: X-Mailing-List: linux-kernel@vger.kernel.org Content-Length: 1898 Lines: 44 On 31 July 2015 at 19:08, Pravin Shelar wrote: > On Thu, Jul 30, 2015 at 11:12 AM, Joe Stringer wrote: >> +static void prepare_frag(struct vport *vport, struct sw_flow_key *key, >> + struct sk_buff *skb) >> +{ >> + unsigned int hlen = ETH_HLEN; >> + struct ovs_frag_data *data; >> + >> + data = this_cpu_ptr(&ovs_frag_data_storage); >> + data->dst = skb_dst(skb); >> + data->vport = vport; >> + data->key = key; >> + data->cb = *OVS_CB(skb); >> + >> + if (key->eth.tci & htons(VLAN_TAG_PRESENT)) { >> + if (skb_vlan_tag_present(skb)) { >> + data->vlan_proto = skb->vlan_proto; >> + } else { >> + data->vlan_proto = vlan_eth_hdr(skb)->h_vlan_proto; >> + hlen += VLAN_HLEN; >> + } >> + } > Not all actions keep flow key uptodate, so here you can access stale values. Hmm, okay. Perhaps the right thing to handle all of these cases is to just make a copy of everything up to the network offset, and restore that after fragmentation. >> if (unlikely(err)) { >> - kfree_skb(skb); >> + /* Hide stolen fragments from user space. */ >> + if (err == -EINPROGRESS) >> + err = 0; > This does not look safe for error returned from all cases, Can you > check this case specifically for the CT action case. I'll place it inside the CT action case. Thanks for the review, will roll the other fixes into the next version. -- To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to majordomo@vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/