| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Wed, 16 Jan 2013 18:00:44 -0500 (EST) From: David Miller <davem@...emloft.net> To: dwmw2@...radead.org Cc: netdev@...r.kernel.org Subject: Re: [RFC PATCH 1/3] Avoid making inappropriate requests of NETIF_F_V[46]_CSUM devices From: David Woodhouse <dwmw2@...radead.org> Date: Wed, 16 Jan 2013 22:34:18 +0000 > On Wed, 2013-01-16 at 15:54 -0500, David Miller wrote: >> >> My opinion on this is that the injectors of packets are responsible >> for ensuring checksum types are set on SKBs in an appropriate way. >> >> So we ensure this in the local protocol stacks that generate packets, >> and if foreign alien entities can inject SKBs with these checksum >> settings (like the tun device can) the burdon of verification falls >> upon whatever layer allows that to happen. >> >> So really, the fix is in the tun device and the virtio layer. > > The virtio layer (and the tun device) expose the equivalent of the > NETIF_F_HW_CSUM capability to the guest. In the case where we have a > real device on the host which *also* has NETIF_F_HW_CSUM capability, are > you saying that the tun driver should do the checksum for non-UDP/TCP > packets in software *anyway*, just because the packet might end up going > out a device *without* that capability, and the check in > harmonize_features() isn't sophisticated enough to cope properly? I'm saying that tun can't inject unchecked crap into our stack. -- To unsubscribe from this list: send the line "unsubscribe netdev" in the body of a message to majordomo@...r.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html
Powered by blists - more mailing lists