Return-Path: Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1756358AbcKVRq4 (ORCPT ); Tue, 22 Nov 2016 12:46:56 -0500 Received: from mail-io0-f173.google.com ([209.85.223.173]:33265 "EHLO mail-io0-f173.google.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1754732AbcKVRqy (ORCPT ); Tue, 22 Nov 2016 12:46:54 -0500 MIME-Version: 1.0 In-Reply-To: <1479836511.681.165.camel@intel.com> References: <20161121092855.GA20976@kroah.com> <20161122165912.GA19939@tuebingen.mpg.de> <20161122170654.GA20022@kroah.com> <1479836511.681.165.camel@intel.com> From: Eric Dumazet Date: Tue, 22 Nov 2016 09:46:52 -0800 Message-ID: Subject: Re: Linux 4.4.34 To: "Duyck, Alexander H" Cc: "gregkh@linuxfoundation.org" , "maan@tuebingen.mpg.de" , "linux-kernel@vger.kernel.org" , "ast@kernel.org" , "stable@vger.kernel.org" , "willemb@google.com" , "jslaby@suse.cz" , "davem@davemloft.net" , "yibyang@cisco.com" Content-Type: text/plain; charset=UTF-8 Sender: linux-kernel-owner@vger.kernel.org List-ID: X-Mailing-List: linux-kernel@vger.kernel.org Content-Length: 924 Lines: 30 . > > I was wondering if we shouldn't just cap all cases? > > It seems like this could potentially return a value greater than skb- >>len in the "good" case since things like IP header length isn't > validated other then making sure it meets the minimum value, and if > there isn't a recognized L4 header after that we could return that as a > final value. > I honestly think you are looking at the wrong causes. This is an aliasing problem. Tom code is hard to read and understand. Andre, could you try : diff --git a/net/core/flow_dissector.c b/net/core/flow_dissector.c index 69e4463a4b1b..b045980faaea 100644 --- a/net/core/flow_dissector.c +++ b/net/core/flow_dissector.c @@ -157,6 +157,7 @@ bool __skb_flow_dissect(const struct sk_buff *skb, memcpy(key_eth_addrs, ð->h_dest, sizeof(*key_eth_addrs)); } + barrier(); again: switch (proto) { case htons(ETH_P_IP): {