lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Message-ID: <20100227220731.GB6550@psychotron.redhat.com>
Date:	Sat, 27 Feb 2010 23:07:33 +0100
From:	Jiri Pirko <jpirko@...hat.com>
To:	Jason Gunthorpe <jgunthorpe@...idianresearch.com>
Cc:	Or Gerlitz <ogerlitz@...taire.com>, netdev@...r.kernel.org,
	linux-rdma@...r.kernel.org, davem@...emloft.net,
	Moni Shoua <monis@...taire.com>
Subject: Re: [net-next-2.6 PATCH] infiniband: convert to use
 netdev_for_each_mc_addr

Sat, Feb 27, 2010 at 07:44:10PM CET, jgunthorpe@...idianresearch.com wrote:
>On Sat, Feb 27, 2010 at 11:38:37AM +0100, Jiri Pirko wrote:
>
>> >The problem this statement is trying to solve had to do with bonding
>> >creating multicast addresess for ethernet rather than infiniband in
>> >some cases. This happens because bonding makes a device that switches
>> >from ethernet to infiniband during its lifetime. I'm not quite
>> >sure what kind of life cycle those addresses go through, but if they
>> >somehow stay on the mc_list then ipoib_mcast_addr_is_valid will still
>> >need to have the check.
>
>> Ok I see your point now. But in this case, the length check should be in all
>> drivers because if for example bonding device changes from infiniband back to
>> eth, the addresses stored would be "cut" to 6 bytes and would make no sense.
>
>Ideally, but the other wrinkle is due to other problems in the ipoib
>driver one bad multicast address blocks further addresses from being
>processed - effectively rendering the interface useless for
>multicast. Ethernet drivers will just subscribe to a bogus address, no
>real harm done.
>
>I would prefer to see the check remain in ipoib until we can see
>through testing that it is no longer triggering.

Fair enough.

Subject: [net-next-2.6 PATCH] ipoib: returned back addrle check for mc addresses

Apparently bogus mc address can brake IPOIB multicast processing. Therefore
returning the check for addrlen back until this is resolved in bonding (I don't
see any other point from where mc address with non-dev->addr_len length can came
from).

Signed-off-by: Jiri Pirko <jpirko@...hat.com>

diff --git a/drivers/infiniband/ulp/ipoib/ipoib_multicast.c b/drivers/infiniband/ulp/ipoib/ipoib_multicast.c
index 19eba3c..d41ea27 100644
--- a/drivers/infiniband/ulp/ipoib/ipoib_multicast.c
+++ b/drivers/infiniband/ulp/ipoib/ipoib_multicast.c
@@ -767,8 +767,11 @@ void ipoib_mcast_dev_flush(struct net_device *dev)
 	}
 }
 
-static int ipoib_mcast_addr_is_valid(const u8 *addr, const u8 *broadcast)
+static int ipoib_mcast_addr_is_valid(const u8 *addr, unsigned int addrlen,
+				     const u8 *broadcast)
 {
+	if (addrlen != INFINIBAND_ALEN)
+		return 0;
 	/* reserved QPN, prefix, scope */
 	if (memcmp(addr, broadcast, 6))
 		return 0;
@@ -812,6 +815,7 @@ void ipoib_mcast_restart_task(struct work_struct *work)
 		union ib_gid mgid;
 
 		if (!ipoib_mcast_addr_is_valid(mclist->dmi_addr,
+					       mclist->dmi_addrlen,
 					       dev->broadcast))
 			continue;
 
--
To unsubscribe from this list: send the line "unsubscribe netdev" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ