lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Date:   Wed, 30 Nov 2016 23:54:04 +0000
From:   Ben Hutchings <ben@...adent.org.uk>
To:     Jiri Slaby <jslaby@...e.cz>, stable@...r.kernel.org
Cc:     linux-kernel@...r.kernel.org,
        "David S . Miller" <davem@...emloft.net>
Subject: Re: [PATCH 3.12 122/127] drivers/net: Disable UFO through virtio

On Fri, 2016-11-25 at 09:30 +0100, Jiri Slaby wrote:
> From: Ben Hutchings <ben@...adent.org.uk>
> 
> 3.12-stable review patch.  If anyone has any objections, please let me know.

This was reverted upstream (and in the only stable branch it was
applied to).  3.12 already has the compatible fix (commit
30ab1cf8b31d).

Ben.

> ===============
> 
> commit 3d0ad09412ffe00c9afa201d01effdb6023d09b4 upstream.
> 
> IPv6 does not allow fragmentation by routers, so there is no
> fragmentation ID in the fixed header.  UFO for IPv6 requires the ID to
> be passed separately, but there is no provision for this in the virtio
> net protocol.
> 
> Until recently our software implementation of UFO/IPv6 generated a new
> ID, but this was a bug.  Now we will use ID=0 for any UFO/IPv6 packet
> passed through a tap, which is even worse.
> 
> Unfortunately there is no distinction between UFO/IPv4 and v6
> features, so disable UFO on taps and virtio_net completely until we
> have a proper solution.
> 
> We cannot depend on VM managers respecting the tap feature flags, so
> keep accepting UFO packets but log a warning the first time we do
> this.
> 
> Signed-off-by: Ben Hutchings <ben@...adent.org.uk>
> Fixes: 916e4cf46d02 ("ipv6: reuse ip6_frag_id from ip6_ufo_append_data")
> Signed-off-by: David S. Miller <davem@...emloft.net>
> Signed-off-by: Jiri Slaby <jslaby@...e.cz>
[...]

-- 
Ben Hutchings
Beware of programmers who carry screwdrivers. - Leonard Brandwein

Download attachment "signature.asc" of type "application/pgp-signature" (834 bytes)

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ