| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Tue, 24 Jul 2018 22:06:39 +0200
From: Paolo Abeni <pabeni@...hat.com>
To: netdev@...r.kernel.org
Cc: Jamal Hadi Salim <jhs@...atatu.com>,
Cong Wang <xiyou.wangcong@...il.com>,
Jiri Pirko <jiri@...nulli.us>,
Daniel Borkmann <daniel@...earbox.net>,
Marcelo Ricardo Leitner <marcelo.leitner@...il.com>,
Eyal Birger <eyal.birger@...il.com>,
"David S. Miller" <davem@...emloft.net>
Subject: [PATCH net-next v3 1/5] tc/act: user space can't use TC_ACT_REDIRECT directly
Only cls_bpf and act_bpf can safely use such value. If a generic
action is configured by user space to return TC_ACT_REDIRECT,
the usually visible behavior is passing the skb up the stack - as
for unknown action, but, with complex configuration, more random
results can be obtained.
This patch forcefully converts TC_ACT_REDIRECT to TC_ACT_UNSPEC
at action init time, making the kernel behavior more consistent.
v1 -> v3: use TC_ACT_UNSPEC instead of a newly definied act value
Signed-off-by: Paolo Abeni <pabeni@...hat.com>
---
net/sched/act_api.c | 5 +++++
1 file changed, 5 insertions(+)
diff --git a/net/sched/act_api.c b/net/sched/act_api.c
index 148a89ab789b..24b5534967fe 100644
--- a/net/sched/act_api.c
+++ b/net/sched/act_api.c
@@ -895,6 +895,11 @@ struct tc_action *tcf_action_init_1(struct net *net, struct tcf_proto *tp,
}
}
+ if (a->tcfa_action == TC_ACT_REDIRECT) {
+ net_warn_ratelimited("TC_ACT_REDIRECT can't be used directly");
+ a->tcfa_action = TC_ACT_UNSPEC;
+ }
+
return a;
err_mod:
--
2.17.1
Powered by blists - more mailing lists