Received: by 2002:ac0:a581:0:0:0:0:0 with SMTP id m1-v6csp438609imm; Mon, 2 Jul 2018 14:33:06 -0700 (PDT) X-Google-Smtp-Source: ADUXVKIVVuWFRVbNA8vwcuQ/O3TcU3FdExoOeH5sygFAlirmc++/pOxD24sHdluplM31hvGx93cX X-Received: by 2002:a17:902:7586:: with SMTP id j6-v6mr27083515pll.262.1530567186696; Mon, 02 Jul 2018 14:33:06 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1530567186; cv=none; d=google.com; s=arc-20160816; b=q6SxMGs/kMtFv4J8Ugx/yL6CUsa+f4BmSHVVHWsU1qZWfHiRbm/uQj65VPae/TszML B8xPu6lLcqtUXnhc5uptFavv2FrhaV5CI8KplULqTaIxFPdtoHLkH4vz7rlTk7ew6W0T OmyO6zL7Cs1mKsDkDJDnbla9lep4DDqO+69CwDc2euPQYuAjZrX0Q1thvlhU5Wj0JejG 8HwfhnR03XArtRdLGhXHJ4Nj6A3oYpuQtlLKsellnUZwuQU5VMTSI5bLOl9fUClSqI73 TXuvvNr/MAfr75V7dNq1o0byWazTMNCUCEXWZahwZXHCzi39vdrdk/4yMtCq5VccJny/ ZX1Q== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:user-agent:in-reply-to :content-disposition:mime-version:references:message-id:subject:cc :to:from:date:dkim-signature:arc-authentication-results; bh=6Zp6nYT7ohtg5N4EKzH7tH1wx8wtCu49ByVfc4wvljE=; b=tVj6PTLjIqmt8WwXE+7fqKG4DXyqwQMWmCjlnR7sYXza5Jcd01oZjmhXG9hCCDRA6B PNAo3B3yFtk8jyQ7OHa2ZBCIdvmUVTB4ApamnGquM8LM/+Wh+Zbmvih5465zpHR3Rgpv twYJqFFLM2hHateuIjvu6gQI3E0HL59aNvuyOlHEVx6oa5jaHTm5QoRi8qMniNtYXs7q SwuHUm1T6JM7kd70ijHkPV7ulc0SqMCtrF3wrWazb0N8rZn4THVhESzj8nlQ5445V5Cx ztaIWamRjyxNZ/xBu12BY2TC2BZznyUZqiPUIBXb8oglJLG2/0OK2S/f3RFkvg0qykao PjPQ== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@mojatatu-com.20150623.gappssmtp.com header.s=20150623 header.b=QFf8Zwe6; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Return-Path: Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67]) by mx.google.com with ESMTP id y4-v6si15400840pge.356.2018.07.02.14.32.52; Mon, 02 Jul 2018 14:33:06 -0700 (PDT) Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67; Authentication-Results: mx.google.com; dkim=pass header.i=@mojatatu-com.20150623.gappssmtp.com header.s=20150623 header.b=QFf8Zwe6; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1753566AbeGBVbx (ORCPT + 99 others); Mon, 2 Jul 2018 17:31:53 -0400 Received: from mail-it0-f66.google.com ([209.85.214.66]:40705 "EHLO mail-it0-f66.google.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1753533AbeGBVbs (ORCPT ); Mon, 2 Jul 2018 17:31:48 -0400 Received: by mail-it0-f66.google.com with SMTP id 188-v6so291441ita.5 for ; Mon, 02 Jul 2018 14:31:47 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=mojatatu-com.20150623.gappssmtp.com; s=20150623; h=date:from:to:cc:subject:message-id:references:mime-version :content-disposition:in-reply-to:user-agent; bh=6Zp6nYT7ohtg5N4EKzH7tH1wx8wtCu49ByVfc4wvljE=; b=QFf8Zwe6QyO+/r5vk8cRj+35PrretoLZd03+ArW+YGI7Q18PiUgCAPZw979JOwhEHf 2tGXdw8lmg19EcIeZTSfzIb5+mfPQRD6bgHAS+9yTOU5BOo6iGjFi06aUqIcN7zlRLlL JQ2rZBnYl4W9MSJTTq0Jx7O1WHd0SCsCqqr7p6/elUG5MA/bWvI2ne6ULg4yEw705G0C yvM1Z9nXZGu5Bc5vWh7JP4zW03v+NtXbjssE93Ycwr0bKnqIBi9JREEUDCEGGh3Qv9zX xVHVDopLGcMkLXiRcvFZWhqIXEuEp3fF76TFbL+vQQizocs49wIYOYf5IPbisVPpR0FB eAvg== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:date:from:to:cc:subject:message-id:references :mime-version:content-disposition:in-reply-to:user-agent; bh=6Zp6nYT7ohtg5N4EKzH7tH1wx8wtCu49ByVfc4wvljE=; b=Pl7zAB0iZadcI+RKF8wM11GZ4uRMWmpuKJfWJ7ONA1nkURvRaMPb9CSc+XKIjLDf/T UKAni/ZcSwt9rVS2e7Bn384BsSsuwpWA0yLPCHZ3cuIYjfmY5ZzbGs2y/8nwPxQYhMhO QT5qxpWHollOu7kycEp9qCqZQMKHsurkIDtRKtdTZYUpKyKbRB6YwILcxhKPrA4+QR27 VZ2+0GTHJBjroGqXvjoC3ue2UWdl5t8NmjlW76rAUMu4viQoJxSaK3nXXCPMDbK3NwKl O5+j2QFzoPhQo5IBvOVsyiRLXx2TnnJ8+1fjyTRPKPmqLqIOT/YFRm58EkKbla0EzcOe odIw== X-Gm-Message-State: APt69E2mqo+UMO8y/7qhb5V1cdPEEPIYnHQoA0cc1BanCk78B8n9l4vf jTrbORwWluGqo1D33t9Kq4HyKsYc X-Received: by 2002:a24:8201:: with SMTP id t1-v6mr7540360itd.51.1530567106826; Mon, 02 Jul 2018 14:31:46 -0700 (PDT) Received: from x220t ([64.26.149.125]) by smtp.gmail.com with ESMTPSA id e11-v6sm5363370iob.20.2018.07.02.14.31.44 (version=TLS1_2 cipher=ECDHE-RSA-CHACHA20-POLY1305 bits=256/256); Mon, 02 Jul 2018 14:31:45 -0700 (PDT) Date: Mon, 2 Jul 2018 17:31:40 -0400 From: Alexander Aring To: Michael Scott Cc: Jukka Rissanen , "David S. Miller" , linux-bluetooth@vger.kernel.org, linux-wpan@vger.kernel.org, netdev@vger.kernel.org, linux-kernel@vger.kernel.org Subject: Re: [PATCH] 6lowpan: iphc: reset mac_header after decompress to fix panic Message-ID: <20180702213140.noxt6vr46xpiwjaq@x220t> References: <20180619234406.8217-1-michael@opensourcefoundries.com> <20180702185438.dqqjg6k45iefj5is@x220t> <516fbc65-cc4b-8016-de5a-e2240b779d15@opensourcefoundries.com> <20180702204346.d7bynetvzw3ayn5m@x220t> MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Disposition: inline In-Reply-To: <20180702204346.d7bynetvzw3ayn5m@x220t> User-Agent: NeoMutt/20170113 (1.7.2) Sender: linux-kernel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org Hi, On Mon, Jul 02, 2018 at 04:43:46PM -0400, Alexander Aring wrote: > Hi, > > On Mon, Jul 02, 2018 at 12:45:41PM -0700, Michael Scott wrote: > > Hello Alexander, > > > ... > > > Question is for me: which upper layer wants access MAC header here on > > > receive path? > > > It cannot parsed anyhow because so far I know no upper layer can parse > > > at the moment 802.15.4 frames (which is a complex format). Maybe over > > > some header_ops callback? > > > > I was testing a C program which performs NAT64 handling on packets > > destined to a certain IPv6 subnet (64:ff9b::). To do this, the application > > opens a RAW socket like this: sniff_sock = socket(PF_PACKET, SOCK_RAW, > > htons(ETH_P_ALL)); It then sets promiscuous mode and enters a looping call > > of: > > length = recv(sniff_sock, buffer, PACKET_BUFFER, MSG_TRUNC); My host PC > > kernel would then promptly crash on me. (I'm going to purposely avoid the > > obvious point of: this probably isn't the best way to parse packets for > > NAT64 translation as you will get every single packet incoming or outgoing > > on the host.) Turns out, testing the program on an 802.15.4 6lowpan > > interface exposed some of the issues which this mailing list (but not > > myself) is well aware of (no L2 data in the RAW packets) and also led me to > > debugging this patch to stop the kernel crash. TL;DR: To summarize, any > > PF_PACKET SOCK_RAW socket which recv()'s IPv6 data from a 6lowpan node will > > cause this kernel crash eventually (checked on kernel 4.15, 4.16, 4.17 and > > 4.18-rc1). - Mike > > > > > "any PF_PACKET SOCK_RAW" can't be otherwise I would also see it with my > sniffer programs e.g. wireshark or tcpdump which use libpcap. > > There need to be some different in the handling. This is what I have > currently in my mind. > > I currently not sure how to set skb->mac_header if interface is RAW_IP. > It seems there is an indicator that mac header is not set. Example: > > diff --git a/net/6lowpan/iphc.c b/net/6lowpan/iphc.c > index 6b1042e21656..e6ec2df3afe0 100644 > --- a/net/6lowpan/iphc.c > +++ b/net/6lowpan/iphc.c > @@ -770,6 +770,7 @@ int lowpan_header_decompress(struct sk_buff *skb, const struct net_device *dev, > hdr.hop_limit, &hdr.daddr); > > skb_push(skb, sizeof(hdr)); > + skb->mac_header = (typeof(skb->mac_header))~0U; > skb_reset_network_header(skb); > skb_copy_to_linear_data(skb, &hdr, sizeof(hdr)); > > > Maybe we should lookup what skb->mac_header points to on tun interfaces > then do the same. So far I see [0] tun does the same as your patch approach does. network header and mac header points to the same. I think then we should go with your patch. Then we just need to solve the issue to get mac header information on top of lowpan socket layer... out of scope issue but indeed we need to solve that. As we talked there exists even UDP protocols which needs mac header information. It's in a pretty early state, I have no idea how this fits sometimes with fragmentation handling together. At least for L2 address handling and fragmentation it should be fine (one of the fragment indentifier). - Alex [0] https://elixir.bootlin.com/linux/v4.18-rc3/source/drivers/net/tun.c#L1912