Stephen Hemminger <step...@networkplumber.org> writes: > On Thu, 04 Apr 2019 22:44:33 +0200 > Toke Høiland-Jørgensen <t...@redhat.com> wrote: > >> Stephen Hemminger <step...@networkplumber.org> writes: >> >> > On Thu, 04 Apr 2019 15:01:33 +0200 >> > Toke Høiland-Jørgensen <t...@redhat.com> wrote: >> > >> >> static u8 cake_handle_diffserv(struct sk_buff *skb, u16 wash) >> >> { >> >> + int wlen = skb_network_offset(skb); >> > >> > In theory this could be negative, you should handle that? >> > Rather than calling may_pull() with a huge unsigned value. >> >> Huh, that would imply that skb->network_header points to before >> skb->head; when does that happen? >> >> Also, pskb_may_pull() does check for len > skb->len, so I guess a >> follow-up question would be, "does it happen often enough to warrant >> handling at this level"? >> >> Also, I copied that bit from sch_dsmark, so if you really thing it needs >> to be fixed, I guess we should fix both... >> >> -Toke > > It should never happen just paranoid
Ah, right. Well in that case I think any overflow is handled fine inside pskb_may_pull(): if (unlikely(len > skb->len)) return 0; -Toke _______________________________________________ Cake mailing list Cake@lists.bufferbloat.net https://lists.bufferbloat.net/listinfo/cake