lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [thread-next>] [day] [month] [year] [list] 
Message-ID: <20250422092540.182091-1-mbloch@nvidia.com>
Date: Tue, 22 Apr 2025 12:25:37 +0300
From: Mark Bloch <mbloch@...dia.com>
To: "David S . Miller" <davem@...emloft.net>, Jakub Kicinski
	<kuba@...nel.org>, Paolo Abeni <pabeni@...hat.com>, Eric Dumazet
	<edumazet@...gle.com>, Andrew Lunn <andrew+netdev@...n.ch>
CC: Saeed Mahameed <saeedm@...dia.com>, Tariq Toukan <tariqt@...dia.com>,
	"Leon Romanovsky" <leon@...nel.org>, <netdev@...r.kernel.org>,
	<linux-rdma@...r.kernel.org>, <linux-kernel@...r.kernel.org>, Mark Bloch
	<mbloch@...dia.com>
Subject: [PATCH net-next 0/3] net/mlx5: HWS, Improve IP version handling

This small series hardens our checks against a single matcher containing
rules that match on IPv4 and IPv6. This scenario is not supported by
hardware steering and the implementation now signals this instead of
failing silently.

Patches:
* Patch 1 forbids a single definer to match on mixed IP versions for
  source and destination address.
* Patch 2 reproduces a couple of firmware checks: it forbids creating
  a definer that matches on IP address without matching on IP version,
  and also disallows matching on IPv6 addresses and the IPv4 IHL fields
  in the same definer.
* Patch 3 forbids mixing rules that match on IPv4 and IPv6 addresses in
  the same matcher. The underlying definer mechanism does not support
  that.

Thanks,
Mark

Vlad Dogaru (3):
  net/mlx5: HWS, Fix IP version decision
  net/mlx5: HWS, Harden IP version definer checks
  net/mlx5: HWS, Disallow matcher IP version mixing

 .../mellanox/mlx5/core/steering/hws/definer.c |  78 +++++++----
 .../mellanox/mlx5/core/steering/hws/matcher.c |  26 ++++
 .../mellanox/mlx5/core/steering/hws/matcher.h |  12 ++
 .../mellanox/mlx5/core/steering/hws/rule.c    | 122 ++++++++++++++++++
 4 files changed, 216 insertions(+), 22 deletions(-)


base-commit: 07e32237ed9d3f5815fb900dee9458b5f115a678
-- 
2.34.1

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ