Received: by 2002:a05:6a10:a852:0:0:0:0 with SMTP id d18csp800467pxy; Wed, 5 May 2021 14:22:24 -0700 (PDT) X-Google-Smtp-Source: ABdhPJzXCXp+HgYm4/oTr5QnFZim2+ulpUjpvSL2TG+87E/EJBYvziGjGagrEd1GW7dE+hd/0E9a X-Received: by 2002:a17:907:161f:: with SMTP id hb31mr780809ejc.514.1620249744441; Wed, 05 May 2021 14:22:24 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1620249744; cv=none; d=google.com; s=arc-20160816; b=Y+sN290yh2PGOKgsz0zzwQqyb+Rr29oaoYkG+mAgsjIJeT2gBcmaWZvp7hliu3MeAO EOBcBhpG4SuAch5HafaS6c1d/oNX0JqTfvDir6C0iQ9yzs218cIhmNYaA9yXFQr5/x53 4USgL2IXJsNUTNRf0MXzlU6u3lSvNxle2EuCSZpM+3wCXXZ2SZjrile5kL49bqEcOcCm JcKR1sHW9iDDFTMC9Jhg7LhoRClHuGzE5MhmxsmHdLfMI920/mT1aM98/4CWxwfg88Kw itL4SKudsQakDYqWhR+8zEJCiEPxfGalfcFqUaz5zo1f9MlpSTCJmF86SEpnHEEwEtDE XynQ== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:content-transfer-encoding:content-language :in-reply-to:mime-version:user-agent:date:message-id:from:references :cc:to:subject; bh=4dU8jjdmuzENHgNKnU9WQ77Qz6MXpOh4D8FgaCSdypk=; b=W6RJPUwsYPOMdAA0IvrNFCDrJn3Vv6iMluOIS3WSOn3oJU0ZV7Bxtajk2wWllgV/WT mP4fCZahNNk7nv7P5msL4PfuMgd7597Lb13DTnPruQMNEojr7w9d9euv+eQbm/3jloym FIdsrM5ZoeqrxrqmIIstKFv5ziUKrUm4U2NFzDMWAqOtJZnICdToScrvPfjYlnlOl8Rz qTuDXx5LXZg2TNMstfYC184L4sYt1dsMB3a9FUxka3K5DvRAgrn/P0ZiKnlMW3JKYZ2I bbzAQNnIOgcnURCaf/WMfPM3VWcvTEElAFQFmU1bN6W2dZGa4TGlxAPQXDj1UNS0SIzy osgg== ARC-Authentication-Results: i=1; mx.google.com; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Return-Path: Received: from vger.kernel.org (vger.kernel.org. [23.128.96.18]) by mx.google.com with ESMTP id q8si435665ejy.320.2021.05.05.14.21.59; Wed, 05 May 2021 14:22:24 -0700 (PDT) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) client-ip=23.128.96.18; Authentication-Results: mx.google.com; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S234264AbhEEU4M (ORCPT + 99 others); Wed, 5 May 2021 16:56:12 -0400 Received: from www62.your-server.de ([213.133.104.62]:54246 "EHLO www62.your-server.de" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S231224AbhEEU4L (ORCPT ); Wed, 5 May 2021 16:56:11 -0400 Received: from sslproxy05.your-server.de ([78.46.172.2]) by www62.your-server.de with esmtpsa (TLSv1.3:TLS_AES_256_GCM_SHA384:256) (Exim 4.92.3) (envelope-from ) id 1leOY3-000GTl-Hv; Wed, 05 May 2021 22:55:11 +0200 Received: from [85.7.101.30] (helo=linux.home) by sslproxy05.your-server.de with esmtpsa (TLSv1.3:TLS_AES_256_GCM_SHA384:256) (Exim 4.92) (envelope-from ) id 1leOY3-000Xhw-9R; Wed, 05 May 2021 22:55:11 +0200 Subject: Re: [PATCH bpf] bpf: check for data_len before upgrading mss when 6 to 4 To: Dongseok Yi , bpf@vger.kernel.org Cc: Alexei Starovoitov , Andrii Nakryiko , Martin KaFai Lau , Song Liu , Yonghong Song , John Fastabend , KP Singh , "David S. Miller" , Jakub Kicinski , netdev@vger.kernel.org, linux-kernel@vger.kernel.org, willemdebruijn.kernel@gmail.com References: <1619690903-1138-1-git-send-email-dseok.yi@samsung.com> From: Daniel Borkmann Message-ID: <8c2ea41a-3fc5-d560-16e5-bf706949d857@iogearbox.net> Date: Wed, 5 May 2021 22:55:10 +0200 User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:60.0) Gecko/20100101 Thunderbird/60.7.2 MIME-Version: 1.0 In-Reply-To: <1619690903-1138-1-git-send-email-dseok.yi@samsung.com> Content-Type: text/plain; charset=utf-8; format=flowed Content-Language: en-US Content-Transfer-Encoding: 7bit X-Authenticated-Sender: daniel@iogearbox.net X-Virus-Scanned: Clear (ClamAV 0.103.2/26161/Wed May 5 13:06:38 2021) Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org On 4/29/21 12:08 PM, Dongseok Yi wrote: > tcp_gso_segment check for the size of GROed payload if it is bigger > than the mss. bpf_skb_proto_6_to_4 increases mss, but the mss can be > bigger than the size of GROed payload unexpectedly if data_len is not > big enough. > > Assume that skb gso_size = 1372 and data_len = 8. bpf_skb_proto_6_to_4 > would increse the gso_size to 1392. tcp_gso_segment will get an error > with 1380 <= 1392. > > Check for the size of GROed payload if it is really bigger than target > mss when increase mss. > > Fixes: 6578171a7ff0 (bpf: add bpf_skb_change_proto helper) > Signed-off-by: Dongseok Yi > --- > net/core/filter.c | 4 +++- > 1 file changed, 3 insertions(+), 1 deletion(-) > > diff --git a/net/core/filter.c b/net/core/filter.c > index 9323d34..3f79e3c 100644 > --- a/net/core/filter.c > +++ b/net/core/filter.c > @@ -3308,7 +3308,9 @@ static int bpf_skb_proto_6_to_4(struct sk_buff *skb) > } > > /* Due to IPv4 header, MSS can be upgraded. */ > - skb_increase_gso_size(shinfo, len_diff); > + if (skb->data_len > len_diff) Could you elaborate some more on what this has to do with data_len specifically here? I'm not sure I follow exactly your above commit description. Are you saying that you're hitting in tcp_gso_segment(): [...] mss = skb_shinfo(skb)->gso_size; if (unlikely(skb->len <= mss)) goto out; [...] Please provide more context on the bug, thanks! > + skb_increase_gso_size(shinfo, len_diff); > + > /* Header must be checked, and gso_segs recomputed. */ > shinfo->gso_type |= SKB_GSO_DODGY; > shinfo->gso_segs = 0; >