From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from mx1.redhat.com (mx1.redhat.com [209.132.183.28]) by dpdk.org (Postfix) with ESMTP id 401B31B494 for ; Fri, 4 Jan 2019 14:28:20 +0100 (CET) Received: from smtp.corp.redhat.com (int-mx06.intmail.prod.int.phx2.redhat.com [10.5.11.16]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by mx1.redhat.com (Postfix) with ESMTPS id A16BFC05001C; Fri, 4 Jan 2019 13:28:19 +0000 (UTC) Received: from ktraynor.remote.csb (ovpn-117-13.ams2.redhat.com [10.36.117.13]) by smtp.corp.redhat.com (Postfix) with ESMTP id 2AEE55C1A1; Fri, 4 Jan 2019 13:28:17 +0000 (UTC) From: Kevin Traynor To: Bruce Richardson Cc: Hemant Agrawal , dpdk stable Date: Fri, 4 Jan 2019 13:24:44 +0000 Message-Id: <20190104132455.15170-62-ktraynor@redhat.com> In-Reply-To: <20190104132455.15170-1-ktraynor@redhat.com> References: <20190104132455.15170-1-ktraynor@redhat.com> MIME-Version: 1.0 Content-Transfer-Encoding: 8bit X-Scanned-By: MIMEDefang 2.79 on 10.5.11.16 X-Greylist: Sender IP whitelisted, not delayed by milter-greylist-4.5.16 (mx1.redhat.com [10.5.110.31]); Fri, 04 Jan 2019 13:28:19 +0000 (UTC) Subject: [dpdk-stable] patch 'net: fix underflow for checksum of invalid IPv4 packets' has been queued to LTS release 18.11.1 X-BeenThere: stable@dpdk.org X-Mailman-Version: 2.1.15 Precedence: list List-Id: patches for DPDK stable branches List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 04 Jan 2019 13:28:20 -0000 Hi, FYI, your patch has been queued to LTS release 18.11.1 Note it hasn't been pushed to http://dpdk.org/browse/dpdk-stable yet. It will be pushed if I get no objections before 01/11/19. So please shout if anyone has objections. Also note that after the patch there's a diff of the upstream commit vs the patch applied to the branch. This will indicate if there was any rebasing needed to apply to the stable branch. If there were code changes for rebasing (ie: not only metadata diffs), please double check that the rebase was correctly done. Thanks. Kevin Traynor --- >>From d9d904fabe373e75ac360c4450bbcdf0bd41c365 Mon Sep 17 00:00:00 2001 From: Bruce Richardson Date: Mon, 17 Dec 2018 15:50:04 +0000 Subject: [PATCH] net: fix underflow for checksum of invalid IPv4 packets [ upstream commit 8743d499a59c3d6a7c743861fd3baf06ed5fe763 ] If we receive a packet with an invalid IP header, where the total packet length is reported as less than the IP header length, we would end up getting an underflow in the length subtraction. This could cause us to checksum e.g. 4GB of data in the case where the result of the subtraction was -1. We fix this by having the function return 0 - an invalid sum - when the length is less than the header length. Fixes: af75078fece3 ("first public release") Fixes: 6006818cfb26 ("net: new checksum functions") Signed-off-by: Bruce Richardson Acked-by: Hemant Agrawal --- lib/librte_net/rte_ip.h | 12 ++++++++---- 1 file changed, 8 insertions(+), 4 deletions(-) diff --git a/lib/librte_net/rte_ip.h b/lib/librte_net/rte_ip.h index f2a8904a2..f9b909090 100644 --- a/lib/librte_net/rte_ip.h +++ b/lib/librte_net/rte_ip.h @@ -311,5 +311,6 @@ rte_ipv4_phdr_cksum(const struct ipv4_hdr *ipv4_hdr, uint64_t ol_flags) * The pointer to the beginning of the L4 header. * @return - * The complemented checksum to set in the IP packet. + * The complemented checksum to set in the IP packet + * or 0 on error */ static inline uint16_t @@ -317,8 +318,11 @@ rte_ipv4_udptcp_cksum(const struct ipv4_hdr *ipv4_hdr, const void *l4_hdr) { uint32_t cksum; - uint32_t l4_len; + uint32_t l3_len, l4_len; - l4_len = (uint32_t)(rte_be_to_cpu_16(ipv4_hdr->total_length) - - sizeof(struct ipv4_hdr)); + l3_len = rte_be_to_cpu_16(ipv4_hdr->total_length); + if (l3_len < sizeof(struct ipv4_hdr)) + return 0; + + l4_len = l3_len - sizeof(struct ipv4_hdr); cksum = rte_raw_cksum(l4_hdr, l4_len); -- 2.19.0 --- Diff of the applied patch vs upstream commit (please double-check if non-empty: --- --- - 2019-01-04 13:23:08.958542188 +0000 +++ 0062-net-fix-underflow-for-checksum-of-invalid-IPv4-packe.patch 2019-01-04 13:23:07.000000000 +0000 @@ -1,8 +1,10 @@ -From 8743d499a59c3d6a7c743861fd3baf06ed5fe763 Mon Sep 17 00:00:00 2001 +From d9d904fabe373e75ac360c4450bbcdf0bd41c365 Mon Sep 17 00:00:00 2001 From: Bruce Richardson Date: Mon, 17 Dec 2018 15:50:04 +0000 Subject: [PATCH] net: fix underflow for checksum of invalid IPv4 packets +[ upstream commit 8743d499a59c3d6a7c743861fd3baf06ed5fe763 ] + If we receive a packet with an invalid IP header, where the total packet length is reported as less than the IP header length, we would end up getting an underflow in the length subtraction. @@ -15,7 +17,6 @@ Fixes: af75078fece3 ("first public release") Fixes: 6006818cfb26 ("net: new checksum functions") -Cc: stable@dpdk.org Signed-off-by: Bruce Richardson Acked-by: Hemant Agrawal