| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-Id: <20240819-net-mptcp-pm-reusing-id-v1-0-38035d40de5b@kernel.org>
Date: Mon, 19 Aug 2024 21:45:18 +0200
From: "Matthieu Baerts (NGI0)" <matttbe@...nel.org>
To: mptcp@...ts.linux.dev, Mat Martineau <martineau@...nel.org>,
Geliang Tang <geliang@...nel.org>, "David S. Miller" <davem@...emloft.net>,
Eric Dumazet <edumazet@...gle.com>, Jakub Kicinski <kuba@...nel.org>,
Paolo Abeni <pabeni@...hat.com>, Shuah Khan <shuah@...nel.org>
Cc: netdev@...r.kernel.org, linux-kernel@...r.kernel.org,
linux-kselftest@...r.kernel.org,
"Matthieu Baerts (NGI0)" <matttbe@...nel.org>, stable@...r.kernel.org
Subject: [PATCH net 00/14] mptcp: pm: fix IDs not being reusable
Here are more fixes for the MPTCP in-kernel path-manager. In this
series, the fixes are around the endpoint IDs not being reusable for
on-going connections when re-creating endpoints with previously used IDs.
- Patch 1 fixes this case for endpoints being used to send ADD_ADDR.
Patch 2 validates this fix. The issue is present since v5.10.
- Patch 3 fixes this case for endpoints being used to establish new
subflows. Patch 4 validates this fix. The issue is present since v5.10.
- Patch 5 fixes this case when all endpoints are flushed. Patch 6
validates this fix. The issue is present since v5.13.
- Patch 7 removes a helper that is confusing, and introduced in v5.10.
It helps simplifying the next patches.
- Patch 8 makes sure a 'subflow' counter is only decremented when
removing a 'subflow' endpoint. Can be backported up to v5.13.
- Patch 9 is similar, but for a 'signal' counter. Can be backported up
to v5.10.
- Patch 10 checks the last max accepted ADD_ADDR limit before accepting
new ADD_ADDR. For v5.10 as well.
- Patch 11 removes a wrong restriction for the userspace PM, added
during a refactoring in v6.5.
- Patch 12 makes sure the fullmesh mode sets the ID 0 when a new subflow
using the source address of the initial subflow is created. Patch 13
covers this case. This issue is present since v5.15.
- Patch 14 avoid possible UaF when selecting an address from the
endpoints list.
Signed-off-by: Matthieu Baerts (NGI0) <matttbe@...nel.org>
---
Matthieu Baerts (NGI0) (14):
mptcp: pm: re-using ID of unused removed ADD_ADDR
selftests: mptcp: join: check re-using ID of unused ADD_ADDR
mptcp: pm: re-using ID of unused removed subflows
selftests: mptcp: join: check re-using ID of closed subflow
mptcp: pm: re-using ID of unused flushed subflows
selftests: mptcp: join: test for flush/re-add endpoints
mptcp: pm: remove mptcp_pm_remove_subflow()
mptcp: pm: only mark 'subflow' endp as available
mptcp: pm: only decrement add_addr_accepted for MPJ req
mptcp: pm: check add_addr_accept_max before accepting new ADD_ADDR
mptcp: pm: only in-kernel cannot have entries with ID 0
mptcp: pm: fullmesh: select the right ID later
selftests: mptcp: join: validate fullmesh endp on 1st sf
mptcp: pm: avoid possible UaF when selecting endp
net/mptcp/pm.c | 13 ---
net/mptcp/pm_netlink.c | 142 ++++++++++++++++--------
net/mptcp/protocol.h | 3 -
tools/testing/selftests/net/mptcp/mptcp_join.sh | 76 +++++++++++--
4 files changed, 160 insertions(+), 74 deletions(-)
---
base-commit: 565d121b69980637f040eb4d84289869cdaabedf
change-id: 20240819-net-mptcp-pm-reusing-id-eb08827b7be6
Best regards,
--
Matthieu Baerts (NGI0) <matttbe@...nel.org>
Powered by blists - more mailing lists