On Tue, 07 Dec 2010, Oliver Hartkopp wrote: > On 06.12.2010 14:06, Michal Sojka wrote: > > skb->sk is used in dev_pick_tx() which is called from dev_queue_xmit(). If > > sk points to an arbitrary magic value, dev_pick_tx() returns a wrong value, > > which can lead to various memory corruption bugs. > > Dear Michal, > > while searching for an alternative to ensure the single hop routing of CAN > skbs, i tried to use existing skb-fields that can detect this case, e.g.: > > if (skb->dev->ifindex != skb->skb_iif) > return; > > Finally i discussed with a colleague about common use-cases for CAN routings > and we wondered, if it would be ok to remove the one-hop restriction entirely, > like you already did here: > > http://rtime.felk.cvut.cz/gitweb/shark/linux.git/commitdiff/92487e4f349cd7518cc3202662f42fea7d42ba73 > > The question is if we could allow > > - the (currently enabled) routing to the originating interface (can0 -> can0) > - the routing over several hops (can0 -> vcan0 -> vcan1 -> can0) > > without any restrictions. > > As only root can create CAN routing entries with netlink-API we problably can > assume, that "he knows what he's doing" ... maybe accompanied by some warnings > from the cangw tool, when obviously strange configurations are to be written. > > What do you think about this removal of the one-hop restriction?
Hi, I do not know much about possible use cases you have in mind, but I think that what should definitely be prohibited is infinite recursion. I'm afraid that simply removing the test could lead to the recursion which will cause stack overflow and kernel crash. No userspace activity should be able to crash the kernel. I'm not completely familiar with softirq logic so there might by some mechanisms to avoid stack overflow and to defer the work to later time, but in any case it will load the CPU by 100%. Maybe we could use skb->dropcount (or some other field) to count the number of hops and drop the packet after some (perhaps configurable) value. I briefly looked for inspiration to ipv4 and netfilter code to see how they deal with infinite packet looping and I cannot find anything. In fact I'm not sure whether it is possible to route a single ipv4 packet multiple times. There are possibilities to augment routing with netfilter and rule-based routing, but it still seems to me that the packet is routed only once. So the question is what multi-hop routing brings new when compared to single hop routing. Is there anything? -Michal _______________________________________________ Socketcan-users mailing list [email protected] https://lists.berlios.de/mailman/listinfo/socketcan-users
