Received: by 2002:a05:7412:419a:b0:f3:1519:9f41 with SMTP id i26csp3171363rdh; Mon, 27 Nov 2023 07:55:34 -0800 (PST) X-Google-Smtp-Source: AGHT+IHiePw1sHSD0SyLPM5q3EPxzSHKe3QQkWEm+lYk4arkMOSA620a4aYIjmEZBD65SfJRF/jF X-Received: by 2002:a05:6a20:8096:b0:18b:d248:bafb with SMTP id c22-20020a056a20809600b0018bd248bafbmr9301544pza.25.1701100533829; Mon, 27 Nov 2023 07:55:33 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1701100533; cv=none; d=google.com; s=arc-20160816; b=b8dIldQZgDafiTyWRd2XD08iaaq5MqN0bXjONc4lyltZyHgO/LHgNh19r2GNXiV5gB ncUzZPM+7bJirrzrswq0r3yGde+MKMU0l8cb4bdNMOSxu3h08qVOonHAgqSYiWtopHX+ IxjSVc/yckjOYbD9EKkTjbEnD6jc3YbIgmNj9R4RyVNdqv4albkm6jOdcG9NVgLzN5tr KgKBMdAyX8Mhcqe5tJBaxmc6BWeJVYhOKaXmKWfflgrArP0pz0E7Wu6YUZvsL/r+QSNu zbEKVJ+qwCVRBjUjU/1fcX0HujvVXWrukHurkNnLSj1qichTd8oimvS+H3FgxcjGT0Hw dzuA== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:content-transfer-encoding:mime-version:subject :references:in-reply-to:message-id:cc:to:from:date:dkim-signature; bh=+99aoCcs4VcRRjnd4ABIm3+igMsBj2nosPKDWuod+R8=; fh=Jplz4VbQ3fDsSLLBIqt+SZtoxgSKIn6gJCO5m2FFXw4=; b=elE83qgdN+svR5+D7pm6JjfzMYZDfN36UawcrvD8RXk+eC+etXe3RRxrD57biFmFYL k1umSj8N/uE6HiQIPWtflush5bOfDTWOAiBLEUAKxo3A1GDohBqTOTtS79U1ciXzF+ZI /jIweULrCdHLzZsCBIuLbEFRJULPpGyrHjJHXQUBj8poiJWkvg7L+qvuenB1KIvidnWp MHeAjvM2vVnE6uTuqhfuWLJFcFKo4xJX7PPX6GB+42ub5/dzRanX13as4fjR5KJUFAq3 myFgHCKzLXXQXXqqRk9DEofu4AfjcXWptv6oo+PzBiAp3ihyEm6gYDRL9EYHmjK6etC9 RxuQ== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@gmail.com header.s=20230601 header.b=IkA3SKIV; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::3:2 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=QUARANTINE dis=NONE) header.from=gmail.com Return-Path: Received: from agentk.vger.email (agentk.vger.email. [2620:137:e000::3:2]) by mx.google.com with ESMTPS id f6-20020a056a00238600b006be26c1be4bsi10211435pfc.73.2023.11.27.07.55.33 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Mon, 27 Nov 2023 07:55:33 -0800 (PST) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::3:2 as permitted sender) client-ip=2620:137:e000::3:2; Authentication-Results: mx.google.com; dkim=pass header.i=@gmail.com header.s=20230601 header.b=IkA3SKIV; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::3:2 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=QUARANTINE dis=NONE) header.from=gmail.com Received: from out1.vger.email (depot.vger.email [IPv6:2620:137:e000::3:0]) by agentk.vger.email (Postfix) with ESMTP id 919898098401; Mon, 27 Nov 2023 07:55:31 -0800 (PST) X-Virus-Status: Clean X-Virus-Scanned: clamav-milter 0.103.11 at agentk.vger.email Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S234123AbjK0Py5 (ORCPT + 99 others); Mon, 27 Nov 2023 10:54:57 -0500 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:48610 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S234120AbjK0Py4 (ORCPT ); Mon, 27 Nov 2023 10:54:56 -0500 Received: from mail-oi1-x229.google.com (mail-oi1-x229.google.com [IPv6:2607:f8b0:4864:20::229]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id AB80A92; Mon, 27 Nov 2023 07:55:02 -0800 (PST) Received: by mail-oi1-x229.google.com with SMTP id 5614622812f47-3b861a3be3eso1181966b6e.0; Mon, 27 Nov 2023 07:55:02 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20230601; t=1701100502; x=1701705302; darn=vger.kernel.org; h=content-transfer-encoding:mime-version:subject:references :in-reply-to:message-id:cc:to:from:date:from:to:cc:subject:date :message-id:reply-to; bh=+99aoCcs4VcRRjnd4ABIm3+igMsBj2nosPKDWuod+R8=; b=IkA3SKIVW4Hsa1eRfeI9QDNPojKONP3L/sOGYrMjDuTR2L7Rh8ihNriu69lJHnQQUK 4ZqqL39E37+YAQZ7NGvd+G5HKBHZ3NLvSO4fK04dvfyRCWZbRDMWPfrchqtvW+gPQ5nt iwvkNtMeynjdwiA9yA5P0c+vX1iDXppdhqSV4FwYUh1tCsksEeV7UuUbZggylMwoCNy9 +k8bwwGQVBix3y9jLfaZze1OFWEdnAAsjkVppXR+oLJjSS6sSM2xpAgBmOjJE+yHrzGv 5QSmYAgh3J8btaJCExdZGPgR8P/7iYoE2O3wO9EcfGJLYyUqpv2rDkxE8P7j0zrFl+Us SHdQ== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1701100502; x=1701705302; h=content-transfer-encoding:mime-version:subject:references :in-reply-to:message-id:cc:to:from:date:x-gm-message-state:from:to :cc:subject:date:message-id:reply-to; bh=+99aoCcs4VcRRjnd4ABIm3+igMsBj2nosPKDWuod+R8=; b=oPeIx5A2FUMiK9QJZ3AQ8CouW/efabC7wqIYlOqmJkn4ers6NlInN7n4GjzMT5MepM bsnlNwr5noRNZJj3kifvYrNwRFMHbIHaDQnhFsLFzsJonvRaoMntbmdm0mVZbu/dMSLZ 3X+Kf/E4EjdyYp7SCY45qQt14tC8gO2d14Aq8WZZqODwwQ8167RLw31YOsTES5yZ3cSJ IPzwYRTesIOk+l7XWtV9BJsxeN71K7G8A4ju0t02iytDPoRruystFvQQToucwD19dBrZ SuLWP+sCE+0El8t5HJmGJd2QFpDd/Y8pZF8TmryAertPh2kKB5t1ygMfy9OdOiumaLiF u2Qw== X-Gm-Message-State: AOJu0Yy/F49m3MUyaNNxtn1r2jhpQEPlCfZCKjDoZ+UUdmzwxSziga5T HOKhR9gmtzlZ4lnKIeDlITk= X-Received: by 2002:a05:6808:3c9:b0:3b8:6380:e9ec with SMTP id o9-20020a05680803c900b003b86380e9ecmr6593757oie.55.1701100501957; Mon, 27 Nov 2023 07:55:01 -0800 (PST) Received: from localhost (240.157.150.34.bc.googleusercontent.com. [34.150.157.240]) by smtp.gmail.com with ESMTPSA id du3-20020a05621409a300b0067a2bda64a3sm2369426qvb.2.2023.11.27.07.55.01 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Mon, 27 Nov 2023 07:55:01 -0800 (PST) Date: Mon, 27 Nov 2023 10:55:01 -0500 From: Willem de Bruijn To: Shigeru Yoshida , davem@davemloft.net, dsahern@kernel.org, edumazet@google.com, kuba@kernel.org, pabeni@redhat.com Cc: netdev@vger.kernel.org, linux-kernel@vger.kernel.org, Shigeru Yoshida Message-ID: <6564bbd5580de_8a1ac29481@willemb.c.googlers.com.notmuch> In-Reply-To: <20231126151652.372783-1-syoshida@redhat.com> References: <20231126151652.372783-1-syoshida@redhat.com> Subject: Re: [PATCH net] ipv4: ip_gre: Handle skb_pull() failure in ipgre_xmit() Mime-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: 7bit X-Spam-Status: No, score=-0.6 required=5.0 tests=DKIM_SIGNED,DKIM_VALID, DKIM_VALID_AU,FREEMAIL_FORGED_FROMDOMAIN,FREEMAIL_FROM, HEADER_FROM_DIFFERENT_DOMAINS,MAILING_LIST_MULTI,SPF_HELO_NONE, SPF_PASS,T_SCC_BODY_TEXT_LINE autolearn=unavailable autolearn_force=no version=3.4.6 X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on agentk.vger.email Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org X-Greylist: Sender passed SPF test, not delayed by milter-greylist-4.6.4 (agentk.vger.email [0.0.0.0]); Mon, 27 Nov 2023 07:55:31 -0800 (PST) Shigeru Yoshida wrote: > In ipgre_xmit(), skb_pull() may fail even if pskb_inet_may_pull() returns > true. For example, applications can create a malformed packet that causes > this problem with PF_PACKET. It may fail because because pskb_inet_may_pull does not account for tunnel->hlen. Is that what you are referring to with malformed packet? Can you eloborate a bit on in which way the packet has to be malformed to reach this? FYI: I had a quick look at the IPv6 equivalent code. ip6gre_tunnel_xmit is sufficiently different. It makes sense that this is an IPv4 only patch. > This patch fixes the problem by dropping skb and returning from the > function if skb_pull() fails. > > Fixes: c54419321455 ("GRE: Refactor GRE tunneling code.") > Signed-off-by: Shigeru Yoshida > --- > net/ipv4/ip_gre.c | 3 ++- > 1 file changed, 2 insertions(+), 1 deletion(-) > > diff --git a/net/ipv4/ip_gre.c b/net/ipv4/ip_gre.c > index 22a26d1d29a0..95efa97cb84b 100644 > --- a/net/ipv4/ip_gre.c > +++ b/net/ipv4/ip_gre.c > @@ -643,7 +643,8 @@ static netdev_tx_t ipgre_xmit(struct sk_buff *skb, > /* Pull skb since ip_tunnel_xmit() needs skb->data pointing > * to gre header. > */ > - skb_pull(skb, tunnel->hlen + sizeof(struct iphdr)); > + if (!skb_pull(skb, tunnel->hlen + sizeof(struct iphdr))) > + goto free_skb; > skb_reset_mac_header(skb); > > if (skb->ip_summed == CHECKSUM_PARTIAL && > -- > 2.41.0 >