Received: by 2002:a05:7412:da14:b0:e2:908c:2ebd with SMTP id fe20csp325744rdb; Fri, 6 Oct 2023 04:59:40 -0700 (PDT) X-Google-Smtp-Source: AGHT+IE84Sd+8DXUBpKZR5nOG5EPXJwy78ugugaczLGYayb0tWR8ngRf0MeboxxS0V+rj+/ouU84 X-Received: by 2002:a05:6a00:2405:b0:68f:cd71:45d5 with SMTP id z5-20020a056a00240500b0068fcd7145d5mr8293454pfh.3.1696593580070; Fri, 06 Oct 2023 04:59:40 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1696593580; cv=none; d=google.com; s=arc-20160816; b=LYaN9zithF5ftGVoEvMAp+5gN6GFxNfFtAbiy+43eMcHOTe7wCkGjACyJVnUMwvHVR JaunYW7PbVDMzFmaiqVySp5YZy6g7QwfBdUnnidB7t05PjY/CbJaSkn8JYfwGQrysdyx vvk8B6kRYdJ64WwEWhl0SgtpTuwhxeCBc23ecIl840QEhIQ9yeqg7uptKhip/TrzwEgG I/Vu9sDPSpHolbuRrmOxTlaXIWM8AIZwF8Ka1bGPQ7gUN5i5O5dVe9pb4FB6FAOa/3ix 9Pwdz2bTgTxnUuwResMxM1ndX6m4n+rUZrA6FFmdS211U1kgy3iXm8xCSgYcyvPenEzD I4uA== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:user-agent:in-reply-to:content-disposition :mime-version:references:message-id:subject:cc:to:from:date; bh=YY/KEttblCNkIHvZrU3svjNNmAKOGzdxZeWRiCOHeXM=; fh=xVi83YBjAbSJvyldushqVUdtEHyVrwnwfYcKQphAE5g=; b=euLUfJTYvNoD/1C+aysogrpNza/oifK66CvFQVNAIBv4pPrfgNhJn94YrwOz+8Xywq nkDplkl8GYaEYY9KiOpfbbXwn0pepsLQqN+75SKAIymZELjOgpxdV9d0NzPvt/1ZZjsm XvkthUaKPJBgjrVuHRIdDm3UyhjM1tdemsxWr+LpAa8L/h83jCEnszGn97s7vCoulFFT CZFaw3csTiwN4E5QJi2tsmyFNWqp+V79snQ0dYZlt+M9fFa5nO/KfS/O+JITnMK6145R cFN2up7D7kXb1TiNwcsHYGUrQtbdjb/U7Wxu5PtyA0EpePAziE8MB6cg8wPZj3hN36om DZ+g== ARC-Authentication-Results: i=1; mx.google.com; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.33 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Return-Path: Received: from lipwig.vger.email (lipwig.vger.email. [23.128.96.33]) by mx.google.com with ESMTPS id u13-20020a056a00158d00b00690ff5e479fsi1378446pfk.332.2023.10.06.04.59.39 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Fri, 06 Oct 2023 04:59:40 -0700 (PDT) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.33 as permitted sender) client-ip=23.128.96.33; Authentication-Results: mx.google.com; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.33 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Received: from out1.vger.email (depot.vger.email [IPv6:2620:137:e000::3:0]) by lipwig.vger.email (Postfix) with ESMTP id 04044815F344; Fri, 6 Oct 2023 04:59:38 -0700 (PDT) X-Virus-Status: Clean X-Virus-Scanned: clamav-milter 0.103.10 at lipwig.vger.email Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S232137AbjJFL7Z (ORCPT + 99 others); Fri, 6 Oct 2023 07:59:25 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:56836 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S231939AbjJFL7Z (ORCPT ); Fri, 6 Oct 2023 07:59:25 -0400 Received: from Chamillionaire.breakpoint.cc (Chamillionaire.breakpoint.cc [IPv6:2a0a:51c0:0:237:300::1]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id D8EF7CE; Fri, 6 Oct 2023 04:59:23 -0700 (PDT) Received: from fw by Chamillionaire.breakpoint.cc with local (Exim 4.92) (envelope-from ) id 1qojU8-0008RN-RX; Fri, 06 Oct 2023 13:59:12 +0200 Date: Fri, 6 Oct 2023 13:59:12 +0200 From: Florian Westphal To: Florian Westphal Cc: Ma Ke , steffen.klassert@secunet.com, herbert@gondor.apana.org.au, davem@davemloft.net, edumazet@google.com, kuba@kernel.org, pabeni@redhat.com, netdev@vger.kernel.org, linux-kernel@vger.kernel.org Subject: Re: [PATCH] net: xfrm: fix return value check in ipcomp_compress Message-ID: <20231006115912.GB29258@breakpoint.cc> References: <20231006114106.3982925-1-make_ruc2021@163.com> <20231006114751.GA29258@breakpoint.cc> MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <20231006114751.GA29258@breakpoint.cc> User-Agent: Mutt/1.10.1 (2018-07-13) X-Spam-Status: No, score=2.8 required=5.0 tests=HEADER_FROM_DIFFERENT_DOMAINS, MAILING_LIST_MULTI,RCVD_IN_SBL_CSS,SPF_HELO_NONE,SPF_PASS autolearn=no autolearn_force=no version=3.4.6 X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on lipwig.vger.email Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org X-Greylist: Sender passed SPF test, not delayed by milter-greylist-4.6.4 (lipwig.vger.email [0.0.0.0]); Fri, 06 Oct 2023 04:59:38 -0700 (PDT) X-Spam-Level: ** Florian Westphal wrote: > Ma Ke wrote: > > In ipcomp_compress, to avoid an unexpected result returned by > > pskb_trim, we should check the return value of pskb_trim(). > > > > Signed-off-by: Ma Ke > > --- > > net/xfrm/xfrm_ipcomp.c | 4 +++- > > 1 file changed, 3 insertions(+), 1 deletion(-) > > > > diff --git a/net/xfrm/xfrm_ipcomp.c b/net/xfrm/xfrm_ipcomp.c > > index 9c0fa0e1786a..5f2e6edadf48 100644 > > --- a/net/xfrm/xfrm_ipcomp.c > > +++ b/net/xfrm/xfrm_ipcomp.c > > @@ -144,7 +144,9 @@ static int ipcomp_compress(struct xfrm_state *x, struct sk_buff *skb) > > memcpy(start + sizeof(struct ip_comp_hdr), scratch, dlen); > > local_bh_enable(); > > > > - pskb_trim(skb, dlen + sizeof(struct ip_comp_hdr)); > > + err = pskb_trim(skb, dlen + sizeof(struct ip_comp_hdr)); > > + if (unlikely(err)) > > + goto out; > > This can't be right, this now calls local_bh_enable() twice. Furthermore, looking at this: 1. skb went through skb_linearize_cow() before, so no paged data anymore 2. Right before there is a check to bail in case compression inflated packet size. IOW, this pskb_trim cannot fail, it boils down to __skb_trim().