lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [thread-next>] [day] [month] [year] [list]
Message-Id: <20190529151344.31267-1-maxime.chevallier@bootlin.com>
Date:   Wed, 29 May 2019 17:13:44 +0200
From:   Maxime Chevallier <maxime.chevallier@...tlin.com>
To:     davem@...emloft.net, Pablo Neira Ayuso <pablo@...filter.org>,
        Florian Fainelli <f.fainelli@...il.com>,
        Jiri Pirko <jiri@...lanox.com>,
        Jakub Kicinski <jakub.kicinski@...ronome.com>
Cc:     Maxime Chevallier <maxime.chevallier@...tlin.com>,
        netdev@...r.kernel.org, linux-kernel@...r.kernel.org,
        Antoine Tenart <antoine.tenart@...tlin.com>,
        thomas.petazzoni@...tlin.com
Subject: [PATCH net v2] ethtool: Drop check for vlan etype and vlan tci when parsing flow_rule

When parsing an ethtool flow spec to build a flow_rule, the code checks
if both the vlan etype and the vlan tci are specified by the user to add
a FLOW_DISSECTOR_KEY_VLAN match.

However, when the user only specified a vlan etype or a vlan tci, this
check silently ignores these parameters.

For example, the following rule :

ethtool -N eth0 flow-type udp4 vlan 0x0010 action -1 loc 0

will result in no error being issued, but the equivalent rule will be
created and passed to the NIC driver :

ethtool -N eth0 flow-type udp4 action -1 loc 0

In the end, neither the NIC driver using the rule nor the end user have
a way to know that these keys were dropped along the way, or that
incorrect parameters were entered.

This kind of check should be left to either the driver, or the ethtool
flow spec layer.

This commit makes so that ethtool parameters are forwarded as-is to the
NIC driver.

Since none of the users of ethtool_rx_flow_rule_create are using the
VLAN dissector, I don't think this qualifies as a regression.

Fixes: eca4205f9ec3 ("ethtool: add ethtool_rx_flow_spec to flow_rule structure translator")
Signed-off-by: Maxime Chevallier <maxime.chevallier@...tlin.com>
---
V2: Added Fixes: tag, targetted to -net.

 net/core/ethtool.c | 31 ++++++++++++++-----------------
 1 file changed, 14 insertions(+), 17 deletions(-)

diff --git a/net/core/ethtool.c b/net/core/ethtool.c
index 4a593853cbf2..2fe86893e9b5 100644
--- a/net/core/ethtool.c
+++ b/net/core/ethtool.c
@@ -3010,26 +3010,23 @@ ethtool_rx_flow_rule_create(const struct ethtool_rx_flow_spec_input *input)
 		const struct ethtool_flow_ext *ext_h_spec = &fs->h_ext;
 		const struct ethtool_flow_ext *ext_m_spec = &fs->m_ext;
 
-		if (ext_m_spec->vlan_etype &&
-		    ext_m_spec->vlan_tci) {
-			match->key.vlan.vlan_tpid = ext_h_spec->vlan_etype;
-			match->mask.vlan.vlan_tpid = ext_m_spec->vlan_etype;
+		match->key.vlan.vlan_tpid = ext_h_spec->vlan_etype;
+		match->mask.vlan.vlan_tpid = ext_m_spec->vlan_etype;
 
-			match->key.vlan.vlan_id =
-				ntohs(ext_h_spec->vlan_tci) & 0x0fff;
-			match->mask.vlan.vlan_id =
-				ntohs(ext_m_spec->vlan_tci) & 0x0fff;
+		match->key.vlan.vlan_id =
+			ntohs(ext_h_spec->vlan_tci) & 0x0fff;
+		match->mask.vlan.vlan_id =
+			ntohs(ext_m_spec->vlan_tci) & 0x0fff;
 
-			match->key.vlan.vlan_priority =
-				(ntohs(ext_h_spec->vlan_tci) & 0xe000) >> 13;
-			match->mask.vlan.vlan_priority =
-				(ntohs(ext_m_spec->vlan_tci) & 0xe000) >> 13;
+		match->key.vlan.vlan_priority =
+			(ntohs(ext_h_spec->vlan_tci) & 0xe000) >> 13;
+		match->mask.vlan.vlan_priority =
+			(ntohs(ext_m_spec->vlan_tci) & 0xe000) >> 13;
 
-			match->dissector.used_keys |=
-				BIT(FLOW_DISSECTOR_KEY_VLAN);
-			match->dissector.offset[FLOW_DISSECTOR_KEY_VLAN] =
-				offsetof(struct ethtool_rx_flow_key, vlan);
-		}
+		match->dissector.used_keys |=
+			BIT(FLOW_DISSECTOR_KEY_VLAN);
+		match->dissector.offset[FLOW_DISSECTOR_KEY_VLAN] =
+			offsetof(struct ethtool_rx_flow_key, vlan);
 	}
 	if (fs->flow_type & FLOW_MAC_EXT) {
 		const struct ethtool_flow_ext *ext_h_spec = &fs->h_ext;
-- 
2.20.1

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ