| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <ZycCx6CqjvsxPMqd@archie.me>
Date: Sun, 3 Nov 2024 11:57:43 +0700
From: Bagas Sanjaya <bagasdotme@...il.com>
To: Breno Leitao <leitao@...ian.org>, Jonathan Corbet <corbet@....net>,
Akinobu Mita <akinobu.mita@...il.com>,
"David S. Miller" <davem@...emloft.net>,
Eric Dumazet <edumazet@...gle.com>,
Jakub Kicinski <kuba@...nel.org>, Paolo Abeni <pabeni@...hat.com>,
Simon Horman <horms@...nel.org>,
Andrew Morton <akpm@...ux-foundation.org>
Cc: linux-doc@...r.kernel.org, linux-kernel@...r.kernel.org,
netdev@...r.kernel.org, kernel-team@...a.com
Subject: Re: [PATCH net-next v5] net: Implement fault injection forcing skb
reallocation
On Fri, Nov 01, 2024 at 03:09:33AM -0700, Breno Leitao wrote:
> diff --git a/Documentation/fault-injection/fault-injection.rst b/Documentation/fault-injection/fault-injection.rst
> index 8b8aeea71c685b358dfebb419ae74277e729298a..880237dca4ff78e7f11dac3cca70969a18a70cc3 100644
> --- a/Documentation/fault-injection/fault-injection.rst
> +++ b/Documentation/fault-injection/fault-injection.rst
> @@ -45,6 +45,32 @@ Available fault injection capabilities
> ALLOW_ERROR_INJECTION() macro, by setting debugfs entries
> under /sys/kernel/debug/fail_function. No boot option supported.
>
> +- fail_skb_realloc
> +
> + inject skb (socket buffer) reallocation events into the network path. The
> + primary goal is to identify and prevent issues related to pointer
> + mismanagement in the network subsystem. By forcing skb reallocation at
> + strategic points, this feature creates scenarios where existing pointers to
> + skb headers become invalid.
> +
> + When the fault is injected and the reallocation is triggered, cached pointers
> + to skb headers and data no longer reference valid memory locations. This
> + deliberate invalidation helps expose code paths where proper pointer updating
> + is neglected after a reallocation event.
> +
> + By creating these controlled fault scenarios, the system can catch instances
> + where stale pointers are used, potentially leading to memory corruption or
> + system instability.
> +
> + To select the interface to act on, write the network name to the following file:
> + `/sys/kernel/debug/fail_skb_realloc/devname`
"... write the network name to /sys/kernel/debug/fail_skb_realloc/devname."
> + If this field is left empty (which is the default value), skb reallocation
> + will be forced on all network interfaces.
> +
> + The effectiveness of this fault detection is enhanced when KASAN is
> + enabled, as it helps identify invalid memory references and use-after-free
> + (UAF) issues.
> +
> - NVMe fault injection
>
> inject NVMe status code and retry flag on devices permitted by setting
> @@ -216,6 +242,19 @@ configuration of fault-injection capabilities.
> use a negative errno, you better use 'printf' instead of 'echo', e.g.:
> $ printf %#x -12 > retval
>
> +- /sys/kernel/debug/fail_skb_realloc/devname:
> +
> + Specifies the network interface on which to force SKB reallocation. If
> + left empty, SKB reallocation will be applied to all network interfaces.
> +
> + Example usage::
> +
> + # Force skb reallocation on eth0
> + echo "eth0" > /sys/kernel/debug/fail_skb_realloc/devname
> +
> + # Clear the selection and force skb reallocation on all interfaces
> + echo "" > /sys/kernel/debug/fail_skb_realloc/devname
> +
The rest of docs changes looks good.
Thanks.
--
An old man doll... just what I always wanted! - Clara
Download attachment "signature.asc" of type "application/pgp-signature" (229 bytes)
Powered by blists - more mailing lists