From mboxrd@z Thu Jan  1 00:00:00 1970
Return-Path: <yskoh@mellanox.com>
Received: from mellanox.co.il (mail-il-dmz.mellanox.com [193.47.165.129])
 by dpdk.org (Postfix) with ESMTP id D57F5A3
 for <stable@dpdk.org>; Fri,  8 Mar 2019 18:48:27 +0100 (CET)
Received: from Internal Mail-Server by MTLPINE1 (envelope-from
 yskoh@mellanox.com)
 with ESMTPS (AES256-SHA encrypted); 8 Mar 2019 19:48:23 +0200
Received: from scfae-sc-2.mti.labs.mlnx (scfae-sc-2.mti.labs.mlnx
 [10.101.0.96])
 by labmailer.mlnx (8.13.8/8.13.8) with ESMTP id x28HloAZ002625;
 Fri, 8 Mar 2019 19:48:22 +0200
From: Yongseok Koh <yskoh@mellanox.com>
To: Bruce Richardson <bruce.richardson@intel.com>
Cc: Hemant Agrawal <hemant.agrawal@nxp.com>, dpdk stable <stable@dpdk.org>
Date: Fri,  8 Mar 2019 09:46:57 -0800
Message-Id: <20190308174749.30771-19-yskoh@mellanox.com>
X-Mailer: git-send-email 2.11.0
In-Reply-To: <20190308174749.30771-1-yskoh@mellanox.com>
References: <20190308174749.30771-1-yskoh@mellanox.com>
Subject: [dpdk-stable] patch 'net: fix underflow for checksum of invalid
	IPv4 packets' has been queued to LTS release 17.11.6
X-BeenThere: stable@dpdk.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: patches for DPDK stable branches <stable.dpdk.org>
List-Unsubscribe: <https://mails.dpdk.org/options/stable>,
 <mailto:stable-request@dpdk.org?subject=unsubscribe>
List-Archive: <http://mails.dpdk.org/archives/stable/>
List-Post: <mailto:stable@dpdk.org>
List-Help: <mailto:stable-request@dpdk.org?subject=help>
List-Subscribe: <https://mails.dpdk.org/listinfo/stable>,
 <mailto:stable-request@dpdk.org?subject=subscribe>
X-List-Received-Date: Fri, 08 Mar 2019 17:48:28 -0000

Hi,

FYI, your patch has been queued to LTS release 17.11.6

Note it hasn't been pushed to http://dpdk.org/browse/dpdk-stable yet.
It will be pushed if I get no objection by 03/13/19. So please
shout if anyone has objection.

Also note that after the patch there's a diff of the upstream commit vs the patch applied
to the branch. If the code is different (ie: not only metadata diffs), due for example to
a change in context or macro names, please double check it.

Thanks.

Yongseok

---
>>From 15482f832ef5a7681a18cd486d2e08a8a78c01f6 Mon Sep 17 00:00:00 2001
From: Bruce Richardson <bruce.richardson@intel.com>
Date: Mon, 17 Dec 2018 15:50:04 +0000
Subject: [PATCH] net: fix underflow for checksum of invalid IPv4 packets

[ upstream commit 8743d499a59c3d6a7c743861fd3baf06ed5fe763 ]

If we receive a packet with an invalid IP header, where the total packet
length is reported as less than the IP header length, we would end up
getting an underflow in the length subtraction.

This could cause us to checksum e.g. 4GB of data in the case where the
result of the subtraction was -1.

We fix this by having the function return 0 - an invalid sum - when
the length is less than the header length.

Fixes: af75078fece3 ("first public release")
Fixes: 6006818cfb26 ("net: new checksum functions")

Signed-off-by: Bruce Richardson <bruce.richardson@intel.com>
Acked-by: Hemant Agrawal <hemant.agrawal@nxp.com>
---
 lib/librte_net/rte_ip.h | 12 ++++++++----
 1 file changed, 8 insertions(+), 4 deletions(-)

diff --git a/lib/librte_net/rte_ip.h b/lib/librte_net/rte_ip.h
index b22c1f800..8d4907f07 100644
--- a/lib/librte_net/rte_ip.h
+++ b/lib/librte_net/rte_ip.h
@@ -372,16 +372,20 @@ rte_ipv4_phdr_cksum(const struct ipv4_hdr *ipv4_hdr, uint64_t ol_flags)
  * @param l4_hdr
  *   The pointer to the beginning of the L4 header.
  * @return
- *   The complemented checksum to set in the IP packet.
+ *   The complemented checksum to set in the IP packet
+ *   or 0 on error
  */
 static inline uint16_t
 rte_ipv4_udptcp_cksum(const struct ipv4_hdr *ipv4_hdr, const void *l4_hdr)
 {
 	uint32_t cksum;
-	uint32_t l4_len;
+	uint32_t l3_len, l4_len;
+
+	l3_len = rte_be_to_cpu_16(ipv4_hdr->total_length);
+	if (l3_len < sizeof(struct ipv4_hdr))
+		return 0;
 
-	l4_len = (uint32_t)(rte_be_to_cpu_16(ipv4_hdr->total_length) -
-		sizeof(struct ipv4_hdr));
+	l4_len = l3_len - sizeof(struct ipv4_hdr);
 
 	cksum = rte_raw_cksum(l4_hdr, l4_len);
 	cksum += rte_ipv4_phdr_cksum(ipv4_hdr, 0);
-- 
2.11.0

---
  Diff of the applied patch vs upstream commit (please double-check if non-empty:
---
--- -	2019-03-08 09:46:41.305328052 -0800
+++ 0019-net-fix-underflow-for-checksum-of-invalid-IPv4-packe.patch	2019-03-08 09:46:40.051400000 -0800
@@ -1,8 +1,10 @@
-From 8743d499a59c3d6a7c743861fd3baf06ed5fe763 Mon Sep 17 00:00:00 2001
+From 15482f832ef5a7681a18cd486d2e08a8a78c01f6 Mon Sep 17 00:00:00 2001
 From: Bruce Richardson <bruce.richardson@intel.com>
 Date: Mon, 17 Dec 2018 15:50:04 +0000
 Subject: [PATCH] net: fix underflow for checksum of invalid IPv4 packets
 
+[ upstream commit 8743d499a59c3d6a7c743861fd3baf06ed5fe763 ]
+
 If we receive a packet with an invalid IP header, where the total packet
 length is reported as less than the IP header length, we would end up
 getting an underflow in the length subtraction.
@@ -15,7 +17,6 @@
 
 Fixes: af75078fece3 ("first public release")
 Fixes: 6006818cfb26 ("net: new checksum functions")
-Cc: stable@dpdk.org
 
 Signed-off-by: Bruce Richardson <bruce.richardson@intel.com>
 Acked-by: Hemant Agrawal <hemant.agrawal@nxp.com>
@@ -24,10 +25,10 @@
  1 file changed, 8 insertions(+), 4 deletions(-)
 
 diff --git a/lib/librte_net/rte_ip.h b/lib/librte_net/rte_ip.h
-index f2a8904a2..f9b909090 100644
+index b22c1f800..8d4907f07 100644
 --- a/lib/librte_net/rte_ip.h
 +++ b/lib/librte_net/rte_ip.h
-@@ -310,16 +310,20 @@ rte_ipv4_phdr_cksum(const struct ipv4_hdr *ipv4_hdr, uint64_t ol_flags)
+@@ -372,16 +372,20 @@ rte_ipv4_phdr_cksum(const struct ipv4_hdr *ipv4_hdr, uint64_t ol_flags)
   * @param l4_hdr
   *   The pointer to the beginning of the L4 header.
   * @return