lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [thread-next>] [day] [month] [year] [list] 
Date:	Tue, 13 Aug 2013 13:55:58 -0400
From:	Vlad Yasevich <vyasevic@...hat.com>
To:	netdev@...r.kernel.org
Cc:	mst@...hat.com, Vlad Yasevich <vyasevic@...hat.com>
Subject: [PATCH] macvtap: Correctly set tap features when IFF_VNET_HDR is disabled.

When the user turns off IFF_VNET_HDR flag, attempts to change
offload features via TUNSETOFFLOAD do not work.  This could cause
GSO packets to be delivered to the user when the user is
not prepared to handle them.

To solve, allow processing of TUNSETOFFLOAD when IFF_VNET_HDR is
disabled and make sure to turn off all offloads in this case.
Also, when IFF_VNET_HDR is disabled, run throught the offload change
as well to make sure that the functionality is not dependent on
the order of the ioclt() calls.

Signed-off-by: Vlad Yasevich <vyasevic@...hat.com>
---
 drivers/net/macvtap.c | 27 +++++++++++++++++++--------
 1 file changed, 19 insertions(+), 8 deletions(-)

diff --git a/drivers/net/macvtap.c b/drivers/net/macvtap.c
index a98fb0e..076b9e7 100644
--- a/drivers/net/macvtap.c
+++ b/drivers/net/macvtap.c
@@ -1019,6 +1019,7 @@ static int set_offload(struct macvtap_queue *q, unsigned long arg)
 	struct macvlan_dev *vlan;
 	netdev_features_t features;
 	netdev_features_t feature_mask = 0;
+	netdev_features_t tap_mask = TUN_OFFLOADS;
 
 	vlan = rtnl_dereference(q->vlan);
 	if (!vlan)
@@ -1026,7 +1027,12 @@ static int set_offload(struct macvtap_queue *q, unsigned long arg)
 
 	features = vlan->dev->features;
 
-	if (arg & TUN_F_CSUM) {
+	if (!(q->flags & IFF_VNET_HDR)) {
+		/* Turn off all checsum offloading also if user does
+		 * not user vnet_hdr.
+		 */
+		tap_mask |= NETIF_F_ALL_CSUM;
+	} else if (arg & TUN_F_CSUM) {
 		feature_mask = NETIF_F_HW_CSUM;
 
 		if (arg & (TUN_F_TSO4 | TUN_F_TSO6)) {
@@ -1058,8 +1064,7 @@ static int set_offload(struct macvtap_queue *q, unsigned long arg)
 	/* tap_features are the same as features on tun/tap and
 	 * reflect user expectations.
 	 */
-	vlan->tap_features = vlan->dev->features &
-			    (feature_mask | ~TUN_OFFLOADS);
+	vlan->tap_features = vlan->dev->features & (feature_mask | ~tap_mask);
 	vlan->set_features = features;
 	netdev_update_features(vlan->dev);
 
@@ -1092,8 +1097,18 @@ static long macvtap_ioctl(struct file *file, unsigned int cmd,
 		if ((u & ~(IFF_VNET_HDR | IFF_MULTI_QUEUE)) !=
 		    (IFF_NO_PI | IFF_TAP))
 			ret = -EINVAL;
-		else
+		else {
+			if ((q->flags ^ u) & IFF_VNET_HDR) {
+				/* vnet_hdr support impacts the offloads,
+				 * so we need to run throught the offload
+				 * change.
+				 */
+				rtnl_lock();
+				ret = set_offload(q, 0);
+				rtnl_unlock();
+			}
 			q->flags = u;
+		}
 
 		return ret;
 
@@ -1155,10 +1170,6 @@ static long macvtap_ioctl(struct file *file, unsigned int cmd,
 			    TUN_F_TSO_ECN | TUN_F_UFO))
 			return -EINVAL;
 
-		/* TODO: only accept frames with the features that
-			 got enabled for forwarded frames */
-		if (!(q->flags & IFF_VNET_HDR))
-			return  -EINVAL;
 		rtnl_lock();
 		ret = set_offload(q, arg);
 		rtnl_unlock();
-- 
1.8.1.4

--
To unsubscribe from this list: send the line "unsubscribe netdev" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ