Received: by 2002:a05:6358:700f:b0:131:369:b2a3 with SMTP id 15csp348088rwo; Tue, 1 Aug 2023 18:38:32 -0700 (PDT) X-Google-Smtp-Source: APBJJlFGHn5Cz1fSkSrZ2x8Q7UZAfKRBupCqAMIMPg+uYVzKp36pDGXmYUR8h6aGgyT2YCaT317N X-Received: by 2002:a17:907:160d:b0:995:3c9e:a629 with SMTP id hb13-20020a170907160d00b009953c9ea629mr5441729ejc.31.1690940311766; Tue, 01 Aug 2023 18:38:31 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1690940311; cv=none; d=google.com; s=arc-20160816; b=0GxCwnnK37sBFTjT24b79ljI1fr/AuwjI4Bx3YLKPh6b/aaQdczCtInEGzuGZq6nYX q/SdI1FEu0ysJUzjLD+6MM0V7R83P6oeZLHYP1gd9FQWbJz6/tZAp+HL1h4pXw1cB0UT UtjxEB85nbbyzfhy1DlvMc2Mv9Ur0krCB8IH506fkw2avTyGKSDencSh0O5/ki/AlRfa DLFhoY1lL1aV8nouoO1alYjYMOtq9SKFAJyZvqsQockADLfB8NkheP31y2IB/KNpAXAk 3s5iJdUdyScHL8MfNfOzVrgYKHCKegMlJdsfui3ynz4uOlp57E6MuhxVdVlw2Lkq4wQJ 4+Cw== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:content-transfer-encoding:content-language :in-reply-to:mime-version:user-agent:date:message-id:from:references :cc:to:subject; bh=PvLSwXVr/gp6z70xgoLTWJ2s8QIox3Mmbi+0x7fY7yY=; fh=ICv9xNkVlmOr0KcwWnxrVKBcLfqXXuGmYlcpgMb0vVc=; b=NvELipYvQW+XaeAHveXgIkNTMWkn+HYIqxYc/bKWM+CneUH1wLjIguSeWHHHYR8LTV VdEcS6jVCZgzrYdvSWFcdMzXagegtldPIdQ6mjXpRuePr+0EvY79b05ky91AGJZDRLdv VlRLWa5LzI9KQsJeKQo79KbbtgHGDWpxUeoD3RdUr7mXJy314iDQ9v99AqAro1YEWrMz J7AhE5QCtYkLrstoiBnnq4BL3VaDGgrkjORz2ymtZ0+RcL7trO5xmtx6akxHQWF3Chur Ji4/9Kf0A+rJ/Heh9zm7KWTU86HTAaR2vvUEZS0ZO1hypPkS1/XNmVn1+1wKzXo/DP/P UZBQ== ARC-Authentication-Results: i=1; mx.google.com; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=fail (p=QUARANTINE sp=QUARANTINE dis=NONE) header.from=huawei.com Return-Path: Received: from out1.vger.email (out1.vger.email. [2620:137:e000::1:20]) by mx.google.com with ESMTP id ci18-20020a170906c35200b0099bcff25750si9558723ejb.935.2023.08.01.18.38.07; Tue, 01 Aug 2023 18:38:31 -0700 (PDT) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) client-ip=2620:137:e000::1:20; Authentication-Results: mx.google.com; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=fail (p=QUARANTINE sp=QUARANTINE dis=NONE) header.from=huawei.com Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S229981AbjHBB2g (ORCPT + 99 others); Tue, 1 Aug 2023 21:28:36 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:40108 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S229727AbjHBB2f (ORCPT ); Tue, 1 Aug 2023 21:28:35 -0400 Received: from szxga01-in.huawei.com (szxga01-in.huawei.com [45.249.212.187]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 69A35210D; Tue, 1 Aug 2023 18:28:34 -0700 (PDT) Received: from canpemm500007.china.huawei.com (unknown [172.30.72.57]) by szxga01-in.huawei.com (SkyGuard) with ESMTP id 4RFvRW1Gx2ztRks; Wed, 2 Aug 2023 09:25:11 +0800 (CST) Received: from [10.174.179.215] (10.174.179.215) by canpemm500007.china.huawei.com (7.192.104.62) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.1.2507.27; Wed, 2 Aug 2023 09:28:32 +0800 Subject: Re: [PATCH v3] ip6mr: Fix skb_under_panic in ip6mr_cache_report() To: David Ahern , Jakub Kicinski , Eric Dumazet CC: , , , , , References: <20230801064318.34408-1-yuehaibing@huawei.com> <20230801131146.51a9aaf3@kernel.org> <0e3e2d6f-0e8d-ccb4-0750-928a568ccaaf@kernel.org> From: YueHaibing Message-ID: Date: Wed, 2 Aug 2023 09:28:31 +0800 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:78.0) Gecko/20100101 Thunderbird/78.5.0 MIME-Version: 1.0 In-Reply-To: <0e3e2d6f-0e8d-ccb4-0750-928a568ccaaf@kernel.org> Content-Type: text/plain; charset="utf-8" Content-Language: en-US Content-Transfer-Encoding: 7bit X-Originating-IP: [10.174.179.215] X-ClientProxiedBy: dggems706-chm.china.huawei.com (10.3.19.183) To canpemm500007.china.huawei.com (7.192.104.62) X-CFilter-Loop: Reflected X-Spam-Status: No, score=-4.3 required=5.0 tests=BAYES_00,NICE_REPLY_A, RCVD_IN_DNSWL_MED,RCVD_IN_MSPIKE_H5,RCVD_IN_MSPIKE_WL,SPF_HELO_NONE, SPF_PASS,T_SCC_BODY_TEXT_LINE autolearn=ham autolearn_force=no version=3.4.6 X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on lindbergh.monkeyblade.net Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org On 2023/8/2 8:52, David Ahern wrote: > On 8/1/23 2:11 PM, Jakub Kicinski wrote: >> On Tue, 1 Aug 2023 09:51:29 +0200 Eric Dumazet wrote: >>>> - skb_push(skb, -skb_network_offset(pkt)); >>>> + __skb_pull(skb, skb_network_offset(pkt)); >>>> >>>> skb_push(skb, sizeof(*msg)); >>>> skb_reset_transport_header(skb); >>> >>> Presumably this code has never been tested :/ >> >> Could have been tested on 32bit, I wonder if there is more such bugs :S > > that pattern shows up a few times: Ok, I will test and fix these if any. > > net/ipv4/ah4.c: skb_push(skb, -skb_network_offset(skb)); > net/ipv4/esp4.c: skb_push(skb, -skb_network_offset(skb)); > net/ipv4/esp4_offload.c: skb_push(skb, -skb_network_offset(skb)); > net/ipv4/esp4_offload.c: skb_push(skb, -skb_network_offset(skb)); > net/ipv4/xfrm4_tunnel.c: skb_push(skb, -skb_network_offset(skb)); > net/ipv6/ah6.c: skb_push(skb, -skb_network_offset(skb)); > net/ipv6/esp6.c: skb_push(skb, -skb_network_offset(skb)); > net/ipv6/esp6_offload.c: skb_push(skb, -skb_network_offset(skb)); > net/ipv6/esp6_offload.c: skb_push(skb, -skb_network_offset(skb)); > net/ipv6/ip6mr.c: skb_push(skb, -skb_network_offset(pkt)); > net/ipv6/mip6.c: skb_push(skb, -skb_network_offset(skb)); > net/ipv6/mip6.c: skb_push(skb, -skb_network_offset(skb)); > net/ipv6/xfrm6_tunnel.c: skb_push(skb, -skb_network_offset(skb)); > net/xfrm/xfrm_ipcomp.c: skb_push(skb, -skb_network_offset(skb)); > . >