lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Message-ID: <2e1ffc55aedb5d10eacce34cb7a5809138528d03.camel@redhat.com>
Date:   Mon, 17 May 2021 08:51:31 +0200
From:   Paolo Abeni <pabeni@...hat.com>
To:     Pavel Machek <pavel@...x.de>,
        Greg Kroah-Hartman <gregkh@...uxfoundation.org>
Cc:     linux-kernel@...r.kernel.org, stable@...r.kernel.org,
        Willem de Bruijn <willemb@...gle.com>,
        "David S. Miller" <davem@...emloft.net>,
        Sasha Levin <sashal@...nel.org>
Subject: Re: [PATCH 5.10 380/530] udp: never accept GSO_FRAGLIST packets

On Sat, 2021-05-15 at 10:37 +0200, Pavel Machek wrote:
> Hi!
> 
> > From: Paolo Abeni <pabeni@...hat.com>
> > 
> > [ Upstream commit 78352f73dc5047f3f744764cc45912498c52f3c9 ]
> > 
> > Currently the UDP protocol delivers GSO_FRAGLIST packets to
> > the sockets without the expected segmentation.
> > 
> > This change addresses the issue introducing and maintaining
> > a couple of new fields to explicitly accept SKB_GSO_UDP_L4
> > or GSO_FRAGLIST packets. Additionally updates  udp_unexpected_gso()
> > accordingly.
> > 
> > UDP sockets enabling UDP_GRO stil keep accept_udp_fraglist
> > zeroed.
> 
> What is going on here? accept_udp_fraglist variable is read-only.

Thank you for checking this!

The 'accept_udp_fraglist' field is implicitly initilized to zero at UDP
socket allocation time (done by sk_alloc).

So this patch effectively force segmentation of SKB_GSO_FRAGLIST
packets via the udp_unexpected_gso() helper.

We introduce the above field instead of unconditionally
segmenting SKB_GSO_FRAGLIST, because the next patch will use it (to
avoid unneeded segmentation for performance's sake for UDP tunnel), as
you noted.

Please let me know if the above clarifies the situation.

Thanks!

Paolo

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ