Re: [PATCH] net: openvswitch: datapath: fix data type in queue_gso_packets

[Willem de Bruijn]

On Sat, Nov 25, 2017 at 2:14 PM, Gustavo A. R. Silva
<garsilva@xxxxxxxxxxxxxx> wrote:
> gso_type is being used in binary AND operations together with SKB_GSO_UDP.
> The issue is that variable gso_type is of type unsigned short and
> SKB_GSO_UDP expands to more than 16 bits:
>
> SKB_GSO_UDP = 1 << 16
>
> this makes any binary AND operation between gso_type and SKB_GSO_UDP to
> be always zero, hence making some code unreachable and likely causing
> undesired behavior.
>
> Fix this by changing the data type of variable gso_type to unsigned int.
>
> Addresses-Coverity-ID: 1462223
> Fixes: 0c19f846d582 ("net: accept UFO datagrams from tuntap and packet")
> Signed-off-by: Gustavo A. R. Silva <garsilva@xxxxxxxxxxxxxx>

Acked-by: Willem de Bruijn <willemb@xxxxxxxxxx>

Good catch, thanks!

The issue here is that I brought back SKB_GSO_UDP at the end of the
list at 1 << 16 to avoid renaming of all that used to follow, while it used
to be defined as 1 << 1.

The skb_shinfo(skb)->gso_type field itself has been expanded as of v4.12
in commit 7f564528a480 ("skbuff: Extend gso_type to unsigned int.").

A quick scan shows a few nic drivers that also still cast to unsigned
short: bnxt, atl1c and qede. Since UFO hardware offload no longer
exists, this is safe wrt this patch. And it is fine for older kernels as
no driver supported the previous entry at 1 << 16, SKB_GSO_ESP.
But it is fragile wrt follow-on offloads. Probably a net-next patch.

The only other likely issue I spotted with the longer gso_type is
in trace events. net_dev_start_xmit and net_dev_rx_verbose_template
both export as u16.