Commit 5ff8dda3 authored by Herbert Xu's avatar Herbert Xu Committed by David S. Miller

net: Ensure partial checksum offset is inside the skb head

On Thu, Jun 04, 2009 at 09:06:00PM +1000, Herbert Xu wrote:
>
> tun: Optimise handling of bogus gso->hdr_len
>
> As all current versions of virtio_net generate a value for the
> header length that's too small, we should optimise this so that
> we don't copy it twice.  This can be done by ensuring that it is
> at least as large as the place where we'll write the checksum.
>
> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>

With this applied we can strengthen the partial checksum check:

In skb_partial_csum_set we check to see if the checksum offset
is within the packet.  However, we really should check that it
is within the skb head as that's the only bit we can modify
without copying.
Signed-off-by: default avatarHerbert Xu <herbert@gondor.apana.org.au>
Acked-by: default avatarRusty Russell <rusty@rustcorp.com.au>
Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
parent 4909122f
...@@ -3026,12 +3026,12 @@ EXPORT_SYMBOL_GPL(skb_tstamp_tx); ...@@ -3026,12 +3026,12 @@ EXPORT_SYMBOL_GPL(skb_tstamp_tx);
*/ */
bool skb_partial_csum_set(struct sk_buff *skb, u16 start, u16 off) bool skb_partial_csum_set(struct sk_buff *skb, u16 start, u16 off)
{ {
if (unlikely(start > skb->len - 2) || if (unlikely(start > skb_headlen(skb)) ||
unlikely((int)start + off > skb->len - 2)) { unlikely((int)start + off > skb_headlen(skb) - 2)) {
if (net_ratelimit()) if (net_ratelimit())
printk(KERN_WARNING printk(KERN_WARNING
"bad partial csum: csum=%u/%u len=%u\n", "bad partial csum: csum=%u/%u len=%u\n",
start, off, skb->len); start, off, skb_headlen(skb));
return false; return false;
} }
skb->ip_summed = CHECKSUM_PARTIAL; skb->ip_summed = CHECKSUM_PARTIAL;
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment