From: Alexei Starovoitov <ast@plumgrid.com>
To: "David S. Miller" <davem@davemloft.net>
Cc: Jamal Hadi Salim <jhs@mojatatu.com>,
Daniel Borkmann <daniel@iogearbox.net>,
Jiri Pirko <jiri@resnulli.us>,
netdev@vger.kernel.org
Subject: [PATCH net-next] tc: fix tc actions in case of shared skb
Date: Fri, 10 Jul 2015 17:10:11 -0700 [thread overview]
Message-ID: <1436573411-5021-1-git-send-email-ast@plumgrid.com> (raw)
TC actions need to check for very unlikely event skb->users != 1,
otherwise subsequent pskb_may_pull/pskb_expand_head will crash.
When skb_shared() just drop the packet, since in the middle of actions
it's too late to call skb_share_check(), since classifiers/actions assume
the same skb pointer.
Signed-off-by: Alexei Starovoitov <ast@plumgrid.com>
---
net/sched/act_csum.c | 3 +++
net/sched/act_nat.c | 3 +++
net/sched/act_vlan.c | 3 +++
3 files changed, 9 insertions(+)
diff --git a/net/sched/act_csum.c b/net/sched/act_csum.c
index b07c535ba8e7..ac150bdc24f4 100644
--- a/net/sched/act_csum.c
+++ b/net/sched/act_csum.c
@@ -510,6 +510,9 @@ static int tcf_csum(struct sk_buff *skb,
if (unlikely(action == TC_ACT_SHOT))
goto drop;
+ if (unlikely(skb_shared(skb)))
+ goto drop;
+
switch (tc_skb_protocol(skb)) {
case cpu_to_be16(ETH_P_IP):
if (!tcf_csum_ipv4(skb, update_flags))
diff --git a/net/sched/act_nat.c b/net/sched/act_nat.c
index 5be0b3c1c5b0..8bb2657de635 100644
--- a/net/sched/act_nat.c
+++ b/net/sched/act_nat.c
@@ -114,6 +114,9 @@ static int tcf_nat(struct sk_buff *skb, const struct tc_action *a,
if (unlikely(action == TC_ACT_SHOT))
goto drop;
+ if (unlikely(skb_shared(skb)))
+ goto drop;
+
noff = skb_network_offset(skb);
if (!pskb_may_pull(skb, sizeof(*iph) + noff))
goto drop;
diff --git a/net/sched/act_vlan.c b/net/sched/act_vlan.c
index 796785e0bf96..6365ae036c6e 100644
--- a/net/sched/act_vlan.c
+++ b/net/sched/act_vlan.c
@@ -33,6 +33,9 @@ static int tcf_vlan(struct sk_buff *skb, const struct tc_action *a,
bstats_update(&v->tcf_bstats, skb);
action = v->tcf_action;
+ if (unlikely(skb_shared(skb)))
+ goto drop;
+
switch (v->tcfv_action) {
case TCA_VLAN_ACT_POP:
err = skb_vlan_pop(skb);
--
1.7.9.5
next reply other threads:[~2015-07-11 7:04 UTC|newest]
Thread overview: 16+ messages / expand[flat|nested] mbox.gz Atom feed top
2015-07-11 0:10 Alexei Starovoitov [this message]
2015-07-12 4:29 ` [PATCH net-next] tc: fix tc actions in case of shared skb David Miller
2015-07-13 19:47 ` Alexei Starovoitov
2015-07-13 20:04 ` David Miller
2015-07-13 20:17 ` Alexei Starovoitov
2015-07-13 20:55 ` Daniel Borkmann
2015-07-13 22:26 ` Alexei Starovoitov
2015-07-14 10:29 ` Daniel Borkmann
2015-07-14 11:57 ` Jamal Hadi Salim
2015-07-14 12:19 ` Daniel Borkmann
2015-07-14 15:46 ` Alexei Starovoitov
2015-07-14 22:34 ` David Miller
2015-07-14 23:08 ` Alexei Starovoitov
2015-07-15 0:58 ` John Fastabend
2015-07-15 1:01 ` Alexei Starovoitov
2015-07-13 13:13 ` Jamal Hadi Salim
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=1436573411-5021-1-git-send-email-ast@plumgrid.com \
--to=ast@plumgrid.com \
--cc=daniel@iogearbox.net \
--cc=davem@davemloft.net \
--cc=jhs@mojatatu.com \
--cc=jiri@resnulli.us \
--cc=netdev@vger.kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.