Toshiaki Makita <toshiaki.makita1@xxxxxxxxx> writes:
> On 2020/07/04 20:33, Toke Høiland-Jørgensen wrote:
>> Toshiaki Makita <toshiaki.makita1@xxxxxxxxx> writes:
>>> On 2020/07/04 5:26, Toke Høiland-Jørgensen wrote:
>>> ...
>>>> +/* A getter for the SKB protocol field which will handle VLAN tags consistently
>>>> + * whether VLAN acceleration is enabled or not.
>>>> + */
>>>> +static inline __be16 skb_protocol(const struct sk_buff *skb, bool skip_vlan)
>>>> +{
>>>> + unsigned int offset = skb_mac_offset(skb) + sizeof(struct ethhdr);
>>>> + __be16 proto = skb->protocol;
>>>> +
>>>> + if (!skip_vlan)
>>>> + /* VLAN acceleration strips the VLAN header from the skb and
>>>> + * moves it to skb->vlan_proto
>>>> + */
>>>> + return skb_vlan_tag_present(skb) ? skb->vlan_proto : proto;
>>>> +
>>>> + while (eth_type_vlan(proto)) {
>>>> + struct vlan_hdr vhdr, *vh;
>>>> +
>>>> + vh = skb_header_pointer(skb, offset, sizeof(vhdr), &vhdr);
>>>> + if (!vh)
>>>> + break;
>>>> +
>>>> + proto = vh->h_vlan_encapsulated_proto;
>>>> + offset += sizeof(vhdr);
>>>> + }
>>>
>>> Why don't you use __vlan_get_protocol() here? It looks quite similar.
>>> Is there any problem with using that?
>>
>> TBH, I completely missed that helper. It seems to have side effects,
>> though (pskb_may_pull()), which is one of the things the original patch
>> to sch_cake that initiated all of this was trying to avoid.
>
> Sorry for not completely following the discussion...
> Pulling data is wrong for cake or other schedulers?
This was not explicit in the current thread, but the reason I started
looking into this in the first place was a pull request on the
out-of-tree version of sch_cake that noticed that there are drivers that
will allocate SKBs in such a way that accessing the packet header causes
it to be reallocated: https://github.com/dtaht/sch_cake/pull/136
I'm not entirely positive that this applies to just reading the header
through pskb_may_pull(), or if it was only on skb_try_make_writable();
but in any case it seems to me that it's better for a helper like
__vlan_get_protocol() to not have side effects.
>> I guess I could just fix that, though, and switch __vlan_get_protocol()
>> over to using skb_header_pointer(). Will send a follow-up to do that.
>>
>> Any opinion on whether it's a good idea to limit the max parse depth
>> while I'm at it (see Daniel's reply)?
>
> The logic was originally introduced by skb_network_protocol() back in
> v3.10, and I have never heard of security report about that. But yes,
> I guess it potentially can be used for DoS attack.
Right, I'll add the limit as well, then :)
-Toke
