Received: by 2002:ac0:a581:0:0:0:0:0 with SMTP id m1-v6csp400473imm; Mon, 2 Jul 2018 13:45:34 -0700 (PDT) X-Google-Smtp-Source: ADUXVKLUYYoDYFb+p90yK2sPSqU7jARz5c1ouIfp/4wFNlQddS2BeoAU2SmUHWHMb7Wxzog+kMx1 X-Received: by 2002:a63:9543:: with SMTP id t3-v6mr22601080pgn.77.1530564333990; Mon, 02 Jul 2018 13:45:33 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1530564333; cv=none; d=google.com; s=arc-20160816; b=Un+Ix98vRI+YCVZ0Ylyckj9AHWpUOfYWqI01VPfZ64ywKHKDLJg/kbFybgW9dedmXT HgCJo1Px9xoDon4P6CsqlB5To6RV8sbU+nKm3nqwlYNtpYKTJ4Vc55AmcIfEZ1Hd6MPq uDjHGrE1KfB7BJEC2eCNWSE8CUGUZa/hqkYLPOpT9FMawWnXssmCYiQySTNawyG+Plq+ ghoQN7EvTxl4aQVHR/vDgPOjChhIoeUV3309W8r/iW+5gEXoOqftHIZsbDni+dtipKnn Q3HAbb4Ndh7cIBq2w4RLNG/Y0RKb8HSdZI9wL+5HTEtiL4vFIsg80MPJ+xf4cKnXsu5W Gybg== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:user-agent:in-reply-to :content-disposition:mime-version:references:message-id:subject:cc :to:from:date:dkim-signature:arc-authentication-results; bh=e6Q6Pz62yXotXW3zyTdsIVn8Lr+MQtonEfNPYK8QiKM=; b=naTB676YfOV6a5pS56yv5jImEvFAgxjDH5bnZAR9uL2nQdA/Rn1kWvI6Hi5T9vOE45 EE2DzFWRBZagJMlsXxGGi9xgCyRASyGccs4fI+bKagqq6MsjKA+cy0ueFPsX1Ece9X/h iUA4DCCAdMDuLlj444jDpZMTj/2JsnCpqZe2DFzxE7KzaU6q36+52gBLM4tNf+EfNsGQ 5F8IMRYX1KlU0Yp/2MdK69RcLZSbtSco+XIWeAMZCcbKPxs/0J3ZSBZWOdW3Y/tXIKzO 9WjnA33FdaMD4vElLM2FNIPKMAhogTbhC2AZq4RBVuB7tzcbH9O9Tv1BQY5TydjTN8Tz znUw== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@mojatatu-com.20150623.gappssmtp.com header.s=20150623 header.b=Upb2qtQ5; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Return-Path: Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67]) by mx.google.com with ESMTP id f14-v6si15318561pga.584.2018.07.02.13.45.19; Mon, 02 Jul 2018 13:45:33 -0700 (PDT) Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67; Authentication-Results: mx.google.com; dkim=pass header.i=@mojatatu-com.20150623.gappssmtp.com header.s=20150623 header.b=Upb2qtQ5; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1753144AbeGBUnz (ORCPT + 99 others); Mon, 2 Jul 2018 16:43:55 -0400 Received: from mail-it0-f67.google.com ([209.85.214.67]:53184 "EHLO mail-it0-f67.google.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1752715AbeGBUnw (ORCPT ); Mon, 2 Jul 2018 16:43:52 -0400 Received: by mail-it0-f67.google.com with SMTP id p4-v6so156898itf.2 for ; Mon, 02 Jul 2018 13:43:52 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=mojatatu-com.20150623.gappssmtp.com; s=20150623; h=date:from:to:cc:subject:message-id:references:mime-version :content-disposition:in-reply-to:user-agent; bh=e6Q6Pz62yXotXW3zyTdsIVn8Lr+MQtonEfNPYK8QiKM=; b=Upb2qtQ5S8xZoej9E99PhzyPoNjTASKRcgPbQhNKiRDFwj+OXpMIZfXQGBL6DHxZPw GMIVmL6EJEvliXo0ePSdm6JnpV8XSBDEZl8axyX/Jpujev3KqoTkpYUY2NOsEIyir1Ch /O41hMXvgG7Rlex443ZBPi//7tEsiCnp4ElitenpgMHzvYPbT0HiHux+f7Rva3sMFknr bFEbGH3LPZ1QyUY14Oc4mcGCBNo1f2QXD/A3iqE4qI30WUMLH9xi+bMdQK7q9xhUbkh5 U046ZqgIIcyKYs5nOa3F48xEBsFAjlrsyUFZyR6Fg7wdgjjRJFJAN7eeCo15zk9Np2E8 jaTQ== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:date:from:to:cc:subject:message-id:references :mime-version:content-disposition:in-reply-to:user-agent; bh=e6Q6Pz62yXotXW3zyTdsIVn8Lr+MQtonEfNPYK8QiKM=; b=WTc9tvCNwHvf4LuUlyvbyJcmCLPb8lai5d+jE4f/EukRJWi0q4bsOGip7RdbRx7hj/ qdkQ2XpFBH+co5PTiqdu6B0PNfJ9o53avWTQqbs8JOiB7fiKv8fEsmti032m4TcQo9JQ T+O5RyUgTJGiFLeN4BH3Hv1cvF5zB2i7L5eio40C6nitRb+Vq8uUxUO+Fg7ujqwWqjHP WWIq1D0cFa7iI1InFtbe6iAQn4FvelLR01gLb2YAKhyJ//8lVH3bdIxnu0+jFMLv3N2/ PF27UNJdGw2sJbSNPmNofNSMkdo+3FpSvwu65EJ6MimgQSQyYOIKjeTsc1Gie5z6Ab4i 5AxA== X-Gm-Message-State: APt69E0zau/sTUMs/wRBD4L0uTHs88jioKFPZIA1yayAd5ICWO5pU2I/ nNgyapVqyvEW4W/dq3EwPvm5BDFv X-Received: by 2002:a02:62ce:: with SMTP id d197-v6mr21975269jac.36.1530564232314; Mon, 02 Jul 2018 13:43:52 -0700 (PDT) Received: from x220t ([64.26.149.125]) by smtp.gmail.com with ESMTPSA id x7-v6sm6907612iob.49.2018.07.02.13.43.51 (version=TLS1_2 cipher=ECDHE-RSA-CHACHA20-POLY1305 bits=256/256); Mon, 02 Jul 2018 13:43:51 -0700 (PDT) Date: Mon, 2 Jul 2018 16:43:46 -0400 From: Alexander Aring To: Michael Scott Cc: Jukka Rissanen , "David S. Miller" , linux-bluetooth@vger.kernel.org, linux-wpan@vger.kernel.org, netdev@vger.kernel.org, linux-kernel@vger.kernel.org Subject: Re: [PATCH] 6lowpan: iphc: reset mac_header after decompress to fix panic Message-ID: <20180702204346.d7bynetvzw3ayn5m@x220t> References: <20180619234406.8217-1-michael@opensourcefoundries.com> <20180702185438.dqqjg6k45iefj5is@x220t> <516fbc65-cc4b-8016-de5a-e2240b779d15@opensourcefoundries.com> MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Disposition: inline In-Reply-To: <516fbc65-cc4b-8016-de5a-e2240b779d15@opensourcefoundries.com> User-Agent: NeoMutt/20170113 (1.7.2) Sender: linux-kernel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org Hi, On Mon, Jul 02, 2018 at 12:45:41PM -0700, Michael Scott wrote: > Hello Alexander, > ... > > Question is for me: which upper layer wants access MAC header here on > > receive path? > > It cannot parsed anyhow because so far I know no upper layer can parse > > at the moment 802.15.4 frames (which is a complex format). Maybe over > > some header_ops callback? > > I was testing a C program which performs NAT64 handling on packets > destined to a certain IPv6 subnet (64:ff9b::). To do this, the application > opens a RAW socket like this: sniff_sock = socket(PF_PACKET, SOCK_RAW, > htons(ETH_P_ALL)); It then sets promiscuous mode and enters a looping call > of: > length = recv(sniff_sock, buffer, PACKET_BUFFER, MSG_TRUNC); My host PC > kernel would then promptly crash on me. (I'm going to purposely avoid the > obvious point of: this probably isn't the best way to parse packets for > NAT64 translation as you will get every single packet incoming or outgoing > on the host.) Turns out, testing the program on an 802.15.4 6lowpan > interface exposed some of the issues which this mailing list (but not > myself) is well aware of (no L2 data in the RAW packets) and also led me to > debugging this patch to stop the kernel crash. TL;DR: To summarize, any > PF_PACKET SOCK_RAW socket which recv()'s IPv6 data from a 6lowpan node will > cause this kernel crash eventually (checked on kernel 4.15, 4.16, 4.17 and > 4.18-rc1). - Mike > > "any PF_PACKET SOCK_RAW" can't be otherwise I would also see it with my sniffer programs e.g. wireshark or tcpdump which use libpcap. There need to be some different in the handling. This is what I have currently in my mind. I currently not sure how to set skb->mac_header if interface is RAW_IP. It seems there is an indicator that mac header is not set. Example: diff --git a/net/6lowpan/iphc.c b/net/6lowpan/iphc.c index 6b1042e21656..e6ec2df3afe0 100644 --- a/net/6lowpan/iphc.c +++ b/net/6lowpan/iphc.c @@ -770,6 +770,7 @@ int lowpan_header_decompress(struct sk_buff *skb, const struct net_device *dev, hdr.hop_limit, &hdr.daddr); skb_push(skb, sizeof(hdr)); + skb->mac_header = (typeof(skb->mac_header))~0U; skb_reset_network_header(skb); skb_copy_to_linear_data(skb, &hdr, sizeof(hdr)); Maybe we should lookup what skb->mac_header points to on tun interfaces then do the same. - Alex