| Message ID | 20170213194431.24075-1-linus.luessing@c0d3.blue (mailing list archive) |
|---|---|
| State | Accepted, archived |
| Commit | 464eff3b1768ff190466a453a57ac140ea5cb756 |
| Delegated to: | Simon Wunderlich |
| Headers |
Return-Path: <b.a.t.m.a.n-bounces@lists.open-mesh.org> X-Original-To: patchwork@open-mesh.org Delivered-To: patchwork@open-mesh.org Received: from open-mesh.org (localhost [IPv6:::1]) by open-mesh.org (Postfix) with ESMTP id 536DE83556; Mon, 13 Feb 2017 20:44:36 +0100 (CET) Authentication-Results: open-mesh.org; dmarc=none header.from=c0d3.blue Received: from mail.aperture-lab.de (mail.aperture-lab.de [IPv6:2a01:4f8:171:314c::100:a1]) by open-mesh.org (Postfix) with ESMTPS id E5D29834F0 for <b.a.t.m.a.n@lists.open-mesh.org>; Mon, 13 Feb 2017 20:44:34 +0100 (CET) Authentication-Results: open-mesh.org; dmarc=none header.from=c0d3.blue Received: from localhost (localhost [127.0.0.1]) by mail.aperture-lab.de (Postfix) with ESMTP id 25AF9E0796; Mon, 13 Feb 2017 20:44:35 +0100 (CET) X-Virus-Scanned: Debian amavisd-new at aperture-lab.de Received: from mail.aperture-lab.de ([127.0.0.1]) by localhost (mail.aperture-lab.de [127.0.0.1]) (amavisd-new, port 10025) with ESMTP id qJC7SKOqnIDH; Mon, 13 Feb 2017 20:44:34 +0100 (CET) Received: from localhost (unknown [IPv6:2001:67c:2d50:0:c85:8cff:fe0f:63fe]) (Authenticated sender: linus.luessing@c0d3.blue) by mail.aperture-lab.de (Postfix) with ESMTPSA; Mon, 13 Feb 2017 20:44:34 +0100 (CET) From: =?utf-8?q?Linus_L=C3=BCssing?= <linus.luessing@c0d3.blue> To: b.a.t.m.a.n@lists.open-mesh.org Date: Mon, 13 Feb 2017 20:44:31 +0100 Message-Id: <20170213194431.24075-1-linus.luessing@c0d3.blue> X-Mailer: git-send-email 2.11.0 MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Subject: [B.A.T.M.A.N.] [PATCH maint] batman-adv: Fix transmission of final, 16th fragment X-BeenThere: b.a.t.m.a.n@lists.open-mesh.org X-Mailman-Version: 2.1.18 Precedence: list List-Id: The list for a Better Approach To Mobile Ad-hoc Networking <b.a.t.m.a.n.lists.open-mesh.org> List-Unsubscribe: <https://lists.open-mesh.org/mm/options/b.a.t.m.a.n>, <mailto:b.a.t.m.a.n-request@lists.open-mesh.org?subject=unsubscribe> List-Archive: <http://lists.open-mesh.org/pipermail/b.a.t.m.a.n/> List-Post: <mailto:b.a.t.m.a.n@lists.open-mesh.org> List-Help: <mailto:b.a.t.m.a.n-request@lists.open-mesh.org?subject=help> List-Subscribe: <https://lists.open-mesh.org/mm/listinfo/b.a.t.m.a.n>, <mailto:b.a.t.m.a.n-request@lists.open-mesh.org?subject=subscribe> Reply-To: The list for a Better Approach To Mobile Ad-hoc Networking <b.a.t.m.a.n@lists.open-mesh.org> Errors-To: b.a.t.m.a.n-bounces@lists.open-mesh.org Sender: "B.A.T.M.A.N" <b.a.t.m.a.n-bounces@lists.open-mesh.org> |
Commit Message
Linus Lüssing
Feb. 13, 2017, 7:44 p.m. UTC
Trying to split and transmit a unicast packet in 16 parts will fail for
the final fragment: After having sent the 15th one with a frag_packet.no
index of 14, we will increase the the index to 15 - and return with an
error code immediately, even though one more fragment is due for
transmission and allowed.
Fixing this issue by moving the check before incrementing the index.
While at it, adding an unlikely(), because the check is actually more of
an assertion.
Signed-off-by: Linus Lüssing <linus.luessing@c0d3.blue>
---
Compile time tested only
---
net/batman-adv/fragmentation.c | 12 ++++++------
1 file changed, 6 insertions(+), 6 deletions(-)
Comments
On Mon, Feb 13, 2017 at 08:44:31PM +0100, Linus Lüssing wrote: > Trying to split and transmit a unicast packet in 16 parts will fail for > the final fragment: After having sent the 15th one with a frag_packet.no > index of 14, we will increase the the index to 15 - and return with an > error code immediately, even though one more fragment is due for > transmission and allowed. > > Fixing this issue by moving the check before incrementing the index. > > While at it, adding an unlikely(), because the check is actually more of > an assertion. > > Signed-off-by: Linus Lüssing <linus.luessing@c0d3.blue> > > --- > > Compile time tested only > --- > net/batman-adv/fragmentation.c | 12 ++++++------ > 1 file changed, 6 insertions(+), 6 deletions(-) > > diff --git a/net/batman-adv/fragmentation.c b/net/batman-adv/fragmentation.c > index 0854ebd..f181868 100644 > --- a/net/batman-adv/fragmentation.c > +++ b/net/batman-adv/fragmentation.c > @@ -499,6 +499,12 @@ int batadv_frag_send_packet(struct sk_buff *skb, And one more thing which seems fishy to me in this function: 526 /* Make room for the fragment header. */ 527 if (batadv_skb_head_push(skb, header_size) < 0 || 528 pskb_expand_head(skb, header_size + ETH_HLEN, 0, GFP_ATOMIC) < 0) { 529 ret = -ENOMEM; 530 goto put_primary_if; 531 } 532 533 memcpy(skb->data, &frag_header, header_size); For the pskb_expand_head() case, there is an skb_push(header_size) missing, isn't it?
On Montag, 13. Februar 2017 20:44:31 CET Linus Lüssing wrote: > Trying to split and transmit a unicast packet in 16 parts will fail for > the final fragment: After having sent the 15th one with a frag_packet.no > index of 14, we will increase the the index to 15 - and return with an > error code immediately, even though one more fragment is due for > transmission and allowed. > > Fixing this issue by moving the check before incrementing the index. > > While at it, adding an unlikely(), because the check is actually more of > an assertion. > > Signed-off-by: Linus Lüssing <linus.luessing@c0d3.blue> > > --- > > Compile time tested only Seems to make sense. But have to talk with Simon how he wants to proceed with the maint branch regarding the net.git submissions. And we should add The fixes line before committing. Fixes: db56e4ecf5c2 ("batman-adv: Fragment and send skbs larger than mtu") Reviewed-by: Sven Eckelmann <sven@narfation.org> Kind regards, Sven
On Montag, 13. Februar 2017 21:00:08 CET Linus Lüssing wrote: [...] > And one more thing which seems fishy to me in this function: > > 526 /* Make room for the fragment header. */ > 527 if (batadv_skb_head_push(skb, header_size) < 0 || > 528 pskb_expand_head(skb, header_size + ETH_HLEN, 0, GFP_ATOMIC) < 0) { > 529 ret = -ENOMEM; > 530 goto put_primary_if; > 531 } > 532 > 533 memcpy(skb->data, &frag_header, header_size); > > > For the pskb_expand_head() case, there is an skb_push(header_size) missing, > isn't it? I am a little bit confused about your remark... and about the code. So let's check what Martin wrote: * get header_size more room in our data section * allocate new buffer to get header_size + ETH_HLEN in front (but not part) of our data section If one of these two fails then it will get in panic mode and leave the function. I agree that the header_size in pskb_expand_head is slightly odd and I don't see why we would need it. My best guess would be to compensate the extra header which "stole" some bytes from the headroom which the underlying interface may need. But more importantly, I don't understand why an extra skb_push(header_size) (like you've suggested) would be necessary here. Why would you want to have an empty header_size region in the fragment between the actual header and the fragment data? Kind regards, Sven
On Mon, Feb 13, 2017 at 10:23:52PM +0100, Sven Eckelmann wrote: > On Montag, 13. Februar 2017 21:00:08 CET Linus Lüssing wrote: > [...] > > And one more thing which seems fishy to me in this function: > > > > 526 /* Make room for the fragment header. */ > > 527 if (batadv_skb_head_push(skb, header_size) < 0 || > > 528 pskb_expand_head(skb, header_size + ETH_HLEN, 0, GFP_ATOMIC) < 0) { > > 529 ret = -ENOMEM; > > 530 goto put_primary_if; > > 531 } > > 532 > > 533 memcpy(skb->data, &frag_header, header_size); > > > > > > For the pskb_expand_head() case, there is an skb_push(header_size) missing, > > isn't it? > > I am a little bit confused about your remark... and about the code. > > So let's check what Martin wrote: > > * get header_size more room in our data section > * allocate new buffer to get header_size + ETH_HLEN in front (but not part) > of our data section > > If one of these two fails then it will get in panic mode and leave the > function. Aiy, I'm sorry, misread that, you are right. Forget my remark.
On Montag, 13. Februar 2017 20:44:31 CET Linus Lüssing wrote: > Trying to split and transmit a unicast packet in 16 parts will fail for > the final fragment: After having sent the 15th one with a frag_packet.no > index of 14, we will increase the the index to 15 - and return with an > error code immediately, even though one more fragment is due for > transmission and allowed. > > Fixing this issue by moving the check before incrementing the index. > > While at it, adding an unlikely(), because the check is actually more of > an assertion. > > Signed-off-by: Linus Lüssing <linus.luessing@c0d3.blue> Applied in 464eff3b1768ff190466a453a57ac140ea5cb756 [1] Thanks, Sven [1] https://git.open-mesh.org/batman-adv.git/commit/464eff3b1768ff190466a453a57ac140ea5cb756
diff --git a/net/batman-adv/fragmentation.c b/net/batman-adv/fragmentation.c index 0854ebd..f181868 100644 --- a/net/batman-adv/fragmentation.c +++ b/net/batman-adv/fragmentation.c @@ -499,6 +499,12 @@ int batadv_frag_send_packet(struct sk_buff *skb, /* Eat and send fragments from the tail of skb */ while (skb->len > max_fragment_size) { + /* The initial check in this function should cover this case */ + if (unlikely(frag_header.no == BATADV_FRAG_MAX_FRAGMENTS - 1)) { + ret = -EINVAL; + goto put_primary_if; + } + skb_fragment = batadv_frag_create(skb, &frag_header, mtu); if (!skb_fragment) { ret = -ENOMEM; @@ -515,12 +521,6 @@ int batadv_frag_send_packet(struct sk_buff *skb, } frag_header.no++; - - /* The initial check in this function should cover this case */ - if (frag_header.no == BATADV_FRAG_MAX_FRAGMENTS - 1) { - ret = -EINVAL; - goto put_primary_if; - } } /* Make room for the fragment header. */