This is an archived copy of the Xen.org mailing list, which we have preserved to ensure that existing links to archives are not broken. The live archive, which contains the latest emails, can be found at http://lists.xen.org/
Home Products Support Community News


[Xen-devel] Re: [PATCH] xen: netfront: Drop GSO SKBs which do not have c

To: "netdev@xxxxxxxxxxxxxxx" <netdev@xxxxxxxxxxxxxxx>, David Miller <davem@xxxxxxxxxxxxx>
Subject: [Xen-devel] Re: [PATCH] xen: netfront: Drop GSO SKBs which do not have csum_blank.
From: Ian Campbell <Ian.Campbell@xxxxxxxxxxxxx>
Date: Tue, 11 Jan 2011 11:46:08 +0000
Cc: Jeremy Fitzhardinge <jeremy@xxxxxxxx>, "xen-devel@xxxxxxxxxxxxxxxxxxx" <xen-devel@xxxxxxxxxxxxxxxxxxx>
Delivery-date: Tue, 11 Jan 2011 04:07:51 -0800
Envelope-to: www-data@xxxxxxxxxxxxxxxxxxx
In-reply-to: <1294233811-28123-1-git-send-email-ian.campbell@xxxxxxxxxx>
List-help: <mailto:xen-devel-request@lists.xensource.com?subject=help>
List-id: Xen developer discussion <xen-devel.lists.xensource.com>
List-post: <mailto:xen-devel@lists.xensource.com>
List-subscribe: <http://lists.xensource.com/mailman/listinfo/xen-devel>, <mailto:xen-devel-request@lists.xensource.com?subject=subscribe>
List-unsubscribe: <http://lists.xensource.com/mailman/listinfo/xen-devel>, <mailto:xen-devel-request@lists.xensource.com?subject=unsubscribe>
Organization: Citrix Systems, Inc.
References: <1294233811-28123-1-git-send-email-ian.campbell@xxxxxxxxxx>
Sender: xen-devel-bounces@xxxxxxxxxxxxxxxxxxx
Hi David,

http://patchwork.ozlabs.org/patch/77593/ tells me this patch is "Not
Applicable". Is this scenario not worth worrying about for some reason?

The error would be due to a buggy peer (i.e. netback) so I guess this
frontend fix is really just a belt-and-braces thing.

However The equivalent netback patch (which is not upstream yet but I'm
working on cleaning it up for a first post soon) is more critical since
it could allow a malicious guest to spam the domain 0 syslog (via the
WARN_ON in skb_gso_segment) so I just wanted to check if I was also
missing some reason why the netback patch would be non-applicable too.


On Wed, 2011-01-05 at 13:23 +0000, Ian Campbell wrote:
> The Linux network stack expects all GSO SKBs to have ip_summed ==
> CHECKSUM_PARTIAL (which implies that the frame contains a partial
> checksum) and the Xen network ring protocol similarly expects an SKB
> which has GSO set to also have NETRX_csum_blank (which also implies a
> partial checksum). Therefore drop such frames on receive otherwise
> they will trigger the warning in skb_gso_segment.
> Signed-off-by: Ian Campbell <ian.campbell@xxxxxxxxxx>
> Cc: Jeremy Fitzhardinge <jeremy@xxxxxxxx>
> Cc: xen-devel@xxxxxxxxxxxxxxxxxxx
> Cc: netdev@xxxxxxxxxxxxxxx
> ---
>  drivers/net/xen-netfront.c |    5 +++++
>  1 files changed, 5 insertions(+), 0 deletions(-)
> diff --git a/drivers/net/xen-netfront.c b/drivers/net/xen-netfront.c
> index cdbeec9..8b8c480 100644
> --- a/drivers/net/xen-netfront.c
> +++ b/drivers/net/xen-netfront.c
> @@ -836,6 +836,11 @@ static int handle_incoming_queue(struct net_device *dev,
>                               dev->stats.rx_errors++;
>                               continue;
>                       }
> +             } else if (skb_is_gso(skb)) {
> +                     kfree_skb(skb);
> +                     packets_dropped++;
> +                     dev->stats.rx_errors++;
> +                     continue;
>               }
>               dev->stats.rx_packets++;

Xen-devel mailing list