[PATCH,v3] arm64: fix the illegal address access in some cases
guodeqing
geffrey.guo at huawei.com
Thu Jul 30 07:24:06 EDT 2020
If do the following test in the arm64 VM, a panic will be produced.
$ ifconfig eth0 up
$ ip netns add ns1
$ ip link add gw link eth0 type ipvlan
$ ip addr add 168.16.0.1/24 dev gw
$ ip link set dev gw up
$ ip link add ip1 link eth0 type ipvlan
$ ip link set ip1 netns ns1
$ ip netns exec ns1 ip link set ip1 up
$ ip netns exec ns1 ip addr add 168.16.0.2/24 dev ip1
$ ip netns exec ns1 ip link set lo up
$ ip netns exec ns1 ip addr add 127.0.0.1/8 dev lo
$ ip netns exec ns1 tc qdisc add dev ip1 root netem corrupt 100%
$ ip netns exec ns1 ping 168.16.0.1
| Unable to handle kernel paging request at virtual address
| Internal error: Oops: 96000007 [#1] SMP
| CPU: 1 PID: 525 Comm: ping Not tainted 5.8.0-rc6+ #3
| pstate: 20400005 (nzCv daif +PAN -UAO BTYPE=--)
| pc : __ip_local_out+0x84/0x188
| lr : ip_local_out+0x34/0x68 sp : ffff800013263440
| x29: ffff800013263440 x28: 0000000000000001
| x27: ffff8000111d2018 x26: ffff8000114cba80
| x25: ffff0000ec4e7400 x24: 0000000000000000
| x23: 0000000000000062 x22: ffff8000114c9000
| x21: ffff0000d97ac600 x20: ffff0000ec519000
| x19: ffff8000115b5bc0 x18: 0000000000000000
| x17: 0000000000000000 x16: 0000000000000000
| x15: 0000000000000000 x14: 0000000000000000
| x13: 0000000000000000 x12: 0000000000000001
| x11: ffff800010d21838 x10: 0000000000000001
| x9 : 0000000000000001 x8 : 0000000000000000
| x7 : 0000000000000000 x6 : ffff0000ec4e5e00
| x5 : 024079ca54000184 x4 : ffff0000ec4e5e10
| x3 : 0000000000000000 x2 : ffff0004ec4e5e20
| x1 : ffff0000f85f0000 x0 : 031d079626a9c7ae
| Call trace:
| __ip_local_out+0x84/0x188
| ip_local_out+0x34/0x68
| ipvlan_queue_xmit+0x548/0x5c0
| ipvlan_start_xmit+0x2c/0x90
| dev_hard_start_xmit+0xb4/0x260
| sch_direct_xmit+0x1b4/0x550
| __qdisc_run+0x140/0x648
| __dev_queue_xmit+0x6a4/0x8b8
| dev_queue_xmit+0x24/0x30
| ip_finish_output2+0x324/0x580
| __ip_finish_output+0x130/0x218
| ip_finish_output+0x38/0xd0
| ip_output+0xb4/0x130
Here I add the check of the ihl value to fix the problem.
Fixes: 0e455d8e80aa (arm64: Implement optimised IP checksum helpers)
Signed-off-by: guodeqing <geffrey.guo at huawei.com>
---
arch/arm64/include/asm/checksum.h | 3 +++
1 file changed, 3 insertions(+)
diff --git a/arch/arm64/include/asm/checksum.h b/arch/arm64/include/asm/checksum.h
index b6f7bc6..702ac89 100644
--- a/arch/arm64/include/asm/checksum.h
+++ b/arch/arm64/include/asm/checksum.h
@@ -25,6 +25,9 @@ static inline __sum16 ip_fast_csum(const void *iph, unsigned int ihl)
__uint128_t tmp;
u64 sum;
+ if (WARN_ON_ONCE(ihl < 5))
+ ihl = 5;
+
tmp = *(const __uint128_t *)iph;
iph += 16;
ihl -= 4;
--
2.7.4
More information about the linux-arm-kernel
mailing list