| Message ID | 20221129194309.3428340-1-artem.chernyshev@red-soft.ru (mailing list archive) |
|---|---|
| State | Changes Requested |
| Delegated to: | Netdev Maintainers |
| Headers | show |
| Series | [v2] net: dsa: Check return value from skb_trim_rcsum() | expand |
Hi, On Tue, Nov 29, 2022 at 10:43:09PM +0300, Artem Chernyshev wrote: > Return NULL if we got unexpected value from skb_trim_rcsum() > > Found by Linux Verification Center (linuxtesting.org) with SVACE. > > Fixes: 01ef09caad66 ("net: dsa: Add tag handling for Hirschmann Hellcreek switches") > Fixes: bafe9ba7d908 ("net: dsa: ksz: Factor out common tag code") > Fixes: 4913b8ebf8a9 ("net: dsa: add support for the SJA1110 native tagging protocol") > Signed-off-by: Artem Chernyshev <artem.chernyshev@red-soft.ru> > --- While you're fixing the same class of bug in 3 drivers, the bugs are unrelated to one another. SJA1110, KSZ and Hellcreek are switch families from 3 different hardware vendors, and none of those vendors cares about the other. When you squash 3 Fixes: tags into the same patch like that, the following will happen. $ git tag --contains 01ef09caad66 # "net: dsa: Add tag handling for Hirschmann Hellcreek switches" v5.11 $ git tag --contains bafe9ba7d908 # "net: dsa: ksz: Factor out common tag code" v5.0 $ git tag --contains 4913b8ebf8a9 # "net: dsa: add support for the SJA1110 native tagging protocol" v5.14 Your patch can only be backported down to linux-stable branch linux-5.15.y, because that's the only stable branch that contains the code you're modifying. The Hellcreek driver won't benefit from the bug fix on the 5.10 stable branch, and neither KSZ nor Hellcreek will benefit from it on 5.4. Be smart, write 3 patches with 3 distinct Fixes: tags, and each will be backported where it needs to, independent from the other. Oh, and also, don't send the v3 emails with an In-reply-to: header to v2. And please remember to run ./scripts/get_maintainer.pl again, on each patch revision.
One more thing. I gave you a Reviewed-by tag for v1. The patch submitter is supposed to carry it over to the applicable code in future patch revisions, below his Signed-off-by tag (see "git log" for examples). The reviewer is not supposed to chase the submitter from one revision to another with the same tags all over again. So I expect that v3 will have the tag added for the tag_ksz.c related change.
Hi, On Thu, Dec 01, 2022 at 12:53:30AM +0200, Vladimir Oltean wrote: > One more thing. I gave you a Reviewed-by tag for v1. The patch submitter > is supposed to carry it over to the applicable code in future patch > revisions, below his Signed-off-by tag (see "git log" for examples). > The reviewer is not supposed to chase the submitter from one revision to > another with the same tags all over again. So I expect that v3 will have > the tag added for the tag_ksz.c related change. Thank you for detailed explanation. I'll fix flaws in patches as quickly as possible. Artem
diff --git a/net/dsa/tag_hellcreek.c b/net/dsa/tag_hellcreek.c index 846588c0070a..53a206d11685 100644 --- a/net/dsa/tag_hellcreek.c +++ b/net/dsa/tag_hellcreek.c @@ -49,7 +49,8 @@ static struct sk_buff *hellcreek_rcv(struct sk_buff *skb, return NULL; } - pskb_trim_rcsum(skb, skb->len - HELLCREEK_TAG_LEN); + if (pskb_trim_rcsum(skb, skb->len - HELLCREEK_TAG_LEN)) + return NULL; dsa_default_offload_fwd_mark(skb); diff --git a/net/dsa/tag_ksz.c b/net/dsa/tag_ksz.c index 38fa19c1e2d5..429250298ac4 100644 --- a/net/dsa/tag_ksz.c +++ b/net/dsa/tag_ksz.c @@ -21,7 +21,8 @@ static struct sk_buff *ksz_common_rcv(struct sk_buff *skb, if (!skb->dev) return NULL; - pskb_trim_rcsum(skb, skb->len - len); + if (pskb_trim_rcsum(skb, skb->len - len)) + return NULL; dsa_default_offload_fwd_mark(skb); diff --git a/net/dsa/tag_sja1105.c b/net/dsa/tag_sja1105.c index 83e4136516b0..1a85125bda6d 100644 --- a/net/dsa/tag_sja1105.c +++ b/net/dsa/tag_sja1105.c @@ -665,7 +665,8 @@ static struct sk_buff *sja1110_rcv_inband_control_extension(struct sk_buff *skb, * padding and trailer we need to account for the fact that * skb->data points to skb_mac_header(skb) + ETH_HLEN. */ - pskb_trim_rcsum(skb, start_of_padding - ETH_HLEN); + if (pskb_trim_rcsum(skb, start_of_padding - ETH_HLEN)) + return NULL; /* Trap-to-host frame, no timestamp trailer */ } else { *source_port = SJA1110_RX_HEADER_SRC_PORT(rx_header);
Return NULL if we got unexpected value from skb_trim_rcsum() Found by Linux Verification Center (linuxtesting.org) with SVACE. Fixes: 01ef09caad66 ("net: dsa: Add tag handling for Hirschmann Hellcreek switches") Fixes: bafe9ba7d908 ("net: dsa: ksz: Factor out common tag code") Fixes: 4913b8ebf8a9 ("net: dsa: add support for the SJA1110 native tagging protocol") Signed-off-by: Artem Chernyshev <artem.chernyshev@red-soft.ru> --- V1->V2 Fixes for tag_hellcreek.c and tag_sja1105.c net/dsa/tag_hellcreek.c | 3 ++- net/dsa/tag_ksz.c | 3 ++- net/dsa/tag_sja1105.c | 3 ++- 3 files changed, 6 insertions(+), 3 deletions(-)