WARNING - OLD ARCHIVES

This is an archived copy of the Xen.org mailing list, which we have preserved to ensure that existing links to archives are not broken. The live archive, which contains the latest emails, can be found at http://lists.xen.org/
   
 
 
Xen 
 
Home Products Support Community News
 
   
 

xen-devel

[Xen-devel] Re: [Bugme-new] [Bug 16529] New: xennet driver crashes when

To: Eric Dumazet <eric.dumazet@xxxxxxxxx>
Subject: [Xen-devel] Re: [Bugme-new] [Bug 16529] New: xennet driver crashes when using with pseudowire aka l2tpv3
From: Ian Campbell <Ian.Campbell@xxxxxxxxxxxxx>
Date: Thu, 26 Aug 2010 09:14:08 +0100
Cc: Jeremy Fitzhardinge <jeremy@xxxxxxxx>, "Xen-devel@xxxxxxxxxxxxxxxxxxx" <Xen-devel@xxxxxxxxxxxxxxxxxxx>, "netdev@xxxxxxxxxxxxxxx" <netdev@xxxxxxxxxxxxxxx>, "bugzilla-daemon@xxxxxxxxxxxxxxxxxxx" <bugzilla-daemon@xxxxxxxxxxxxxxxxxxx>, Chapman <jchapman@xxxxxxxxxxx>, Chris Wright <chrisw@xxxxxxxxxxxx>, "bugme-daemon@xxxxxxxxxxxxxxxxxxx" <bugme-daemon@xxxxxxxxxxxxxxxxxxx>, James, "heil@xxxxxxxxxxxxxxxxxxxxxx" <heil@xxxxxxxxxxxxxxxxxxxxxx>, Andrew Morton <akpm@xxxxxxxxxxxxxxxxxxxx>, David Miller <davem@xxxxxxxxxxxxx>
Delivery-date: Thu, 26 Aug 2010 01:15:01 -0700
Envelope-to: www-data@xxxxxxxxxxxxxxxxxxx
In-reply-to: <1282809788.2476.59.camel@edumazet-laptop>
List-help: <mailto:xen-devel-request@lists.xensource.com?subject=help>
List-id: Xen developer discussion <xen-devel.lists.xensource.com>
List-post: <mailto:xen-devel@lists.xensource.com>
List-subscribe: <http://lists.xensource.com/mailman/listinfo/xen-devel>, <mailto:xen-devel-request@lists.xensource.com?subject=subscribe>
List-unsubscribe: <http://lists.xensource.com/mailman/listinfo/xen-devel>, <mailto:xen-devel-request@lists.xensource.com?subject=unsubscribe>
Organization: Citrix Systems, Inc.
References: <bug-16529-10286@xxxxxxxxxxxxxxxxxxxxxxxxx/> <20100825153107.2f547f0e.akpm@xxxxxxxxxxxxxxxxxxxx> <4C759F8C.9050301@xxxxxxxx> <1282806640.3469.26.camel@xxxxxxxxxxxxxxxxxxxxx> <1282809788.2476.59.camel@edumazet-laptop>
Sender: xen-devel-bounces@xxxxxxxxxxxxxxxxxxx
On Thu, 2010-08-26 at 09:03 +0100, Eric Dumazet wrote:
> Here is the patch, could you test it please ?
> 
> Thanks !
> 
> [PATCH] l2tp: test for malicious frames in l2tp_eth_dev_recv()
> 
> close https://bugzilla.kernel.org/show_bug.cgi?id=16529
> 
> Before calling dev_forward_skb(), we should make sure skb contains at
> least an ethernet header, even if length included in upper layer said
> so.

Does this imply that there is some problem with xen-netfront setting
skb->len or skb->data_len or something incorrectly? It's not clear where
data_len has come from in this context.

Ian.

> 
> Reported-by: Thomas Heil <heil@xxxxxxxxxxxxxxxxxxxxxx>
> Reported-by: Ian Campbell <Ian.Campbell@xxxxxxxxxxxxx>
> Signed-off-by: Eric Dumazet <eric.dumazet@xxxxxxxxx>
> ---
>  net/l2tp/l2tp_core.c |    2 +-
>  net/l2tp/l2tp_eth.c  |    2 +-
>  2 files changed, 2 insertions(+), 2 deletions(-)
> 
> diff --git a/net/l2tp/l2tp_eth.c b/net/l2tp/l2tp_eth.c
> index 58c6c4c..0687c5c 100644
> --- a/net/l2tp/l2tp_eth.c
> +++ b/net/l2tp/l2tp_eth.c
> @@ -132,7 +132,7 @@ static void l2tp_eth_dev_recv(struct l2tp_session 
> *session, struct sk_buff *skb,
>               printk("\n");
>       }
>  
> -     if (data_len < ETH_HLEN)
> +     if (skb->len < ETH_HLEN)
>               goto error;
>  
>       secpath_reset(skb);
> 
> 



_______________________________________________
Xen-devel mailing list
Xen-devel@xxxxxxxxxxxxxxxxxxx
http://lists.xensource.com/xen-devel