lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [day] [month] [year] [list] 
Date:   Wed, 17 Jan 2018 15:51:53 +0300
From:   Alexey Kodanev <alexey.kodanev@...cle.com>
To:     David Miller <davem@...emloft.net>
Cc:     netdev@...r.kernel.org, tom@...bertland.com
Subject: Re: [PATCH net] ip6_gre: init dev->mtu and dev->hard_header_len
 correctly

On 01/16/2018 07:32 PM, David Miller wrote:
> From: Alexey Kodanev <alexey.kodanev@...cle.com>
> Date: Thu, 11 Jan 2018 16:02:54 +0300
> 
>> For ip6gretap, reset dev->mtu to zero in ip6gre_tap_setup()
>> after ether_setup(), in order for it to work with the new check
>> in ip6gre_tunnel_init_common().
> 
> This part is error prone.  Please instead add a new boolean argument
> to ip6gre_tunnel_init_common: "bool set_mtu".  Set it to true when
> it is invoked from ip6gre_tap_init() and false when it is invoked
> from ip6gre_tunnel_init().

Hi David,

This way it won't fix the first regression mentioned in the patch for
ip6gretap, i.e. if a user sets a MTU manually on the device creation.

May be it would be less error prone if a MTU is adjusted again in
ip6gre_newlink with "tb[IFLA_MTU]" parameter and ip6gre_tnl_link_config()
is moved after register_netdevice()? I haven't tested the following patch
yet but it looks like it is fixing all the mentioned cases as well:

diff --git a/net/ipv6/ip6_gre.c b/net/ipv6/ip6_gre.c
index 7726959..d12550e 100644
--- a/net/ipv6/ip6_gre.c
+++ b/net/ipv6/ip6_gre.c
@@ -337,11 +337,12 @@ static void ip6gre_tunnel_unlink(struct ip6gre_net *ign, struct ip6_tnl *t)

        nt->dev = dev;
        nt->net = dev_net(dev);
-       ip6gre_tnl_link_config(nt, 1);

        if (register_netdevice(dev) < 0)
                goto failed_free;

+       ip6gre_tnl_link_config(nt, 1);
+
        /* Can use a lockless transmit, unless we generate output sequences */
        if (!(nt->parms.o_flags & TUNNEL_SEQ))
                dev->features |= NETIF_F_LLTX;
@@ -1303,7 +1304,6 @@ static void ip6gre_netlink_parms(struct nlattr *data[],

 static int ip6gre_tap_init(struct net_device *dev)
 {
-       struct ip6_tnl *tunnel;
        int ret;

        ret = ip6gre_tunnel_init_common(dev);
@@ -1312,10 +1312,6 @@ static int ip6gre_tap_init(struct net_device *dev)

        dev->priv_flags |= IFF_LIVE_ADDR_CHANGE;

-       tunnel = netdev_priv(dev);
-
-       ip6gre_tnl_link_config(tunnel, 1);
-
        return 0;
 }

@@ -1408,12 +1404,16 @@ static int ip6gre_newlink(struct net *src_net, struct net_device *dev,

        nt->dev = dev;
        nt->net = dev_net(dev);
-       ip6gre_tnl_link_config(nt, !tb[IFLA_MTU]);

        err = register_netdevice(dev);
        if (err)
                goto out;

+       ip6gre_tnl_link_config(nt, !tb[IFLA_MTU]);
+
+       if (tb[IFLA_MTU])
+               dev->mtu = nla_get_u32(tb[IFLA_MTU]);
+
        dev_hold(dev);
        ip6gre_tunnel_link(ign, nt);


Thanks,
Alexey

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ