lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Date:	Thu, 19 Feb 2015 15:27:53 -0500 (EST)
From:	David Miller <davem@...emloft.net>
To:	madalin.bucur@...escale.com
Cc:	netdev@...r.kernel.org, vyasevich@...il.com
Subject: Re: [PATCH] ipv6: address issue in __ip6_append_data

From: Madalin Bucur <madalin.bucur@...escale.com>
Date: Fri, 13 Feb 2015 17:30:59 +0200

> I think I've found a problem that allows generic IPv6 traffic to be
> sent by the stack with CHECKSUM_PARTIAL to a netdevice that declares
> NETIF_F_IPV6_CSUM. The NETIF_F_IPV6_CSUM flag is based on the
> NETIF_F_IPV6_CSUM_BIT that is described as referring only to TCP and
> UDP but in my test ICMPv6 frames with CHECKSUM_PARTIAL are seen:
> 
> NETIF_F_IPV6_CSUM_BIT,          /* Can checksum TCP/UDP over IPV6 */
> 
> I've traced the issue to a recent commit that includes this check:
> 
> 	rt->dst.dev->features & NETIF_F_V6_CSUM
> 
> The problem with this is that NETIF_F_V6_CSUM is more than one bit:
> 
> #define NETIF_F_V6_CSUM         (NETIF_F_GEN_CSUM | NETIF_F_IPV6_CSUM)
> 
> Thus the above check should be either:
> 
> 	(rt->dst.dev->features & NETIF_F_V6_CSUM) == NETIF_F_V6_CSUM
> 
> or probably should use NETIF_F_HW_CSUM only:
> 
> 	rt->dst.dev->features & NETIF_F_HW_CSUM
> 
> The mentioned commit is 32dce968dd987adfb0c00946d78dad9154f64759

Vlad, please review this fix.

Thanks.

>> Author: Vlad Yasevich <vyasevich@...il.com>
>> Date:   Sat Jan 31 10:40:18 2015 -0500
>>
>>	ipv6: Allow for partial checksums on non-ufo packets
>>
>>	Currntly, if we are not doing UFO on the packet, all UDP
>>	packets will start with CHECKSUM_NONE and thus perform full
>>	checksum computations in software even if device support
>>	IPv6 checksum offloading.
> 
>>	Let's start start with CHECKSUM_PARTIAL if the device
>>	supports it and we are sending only a single packet at
>>	or below mtu size.
> 
>>	Signed-off-by: Vladislav Yasevich <vyasevic@...hat.com>
>>	Signed-off-by: David S. Miller <davem@...emloft.net>
> 
> Reverting this commit solved the issue, then the changes below were
> validated as well. The problem was evidentiated by running ping6
> but it should be visible with any IPv6 payload that it is not UDP
> nor TCP.
> 
> Signed-off-by: Madalin Bucur <madalin.bucur@...escale.com>
> ---
>  net/ipv6/ip6_output.c | 2 +-
>  1 file changed, 1 insertion(+), 1 deletion(-)
> 
> diff --git a/net/ipv6/ip6_output.c b/net/ipv6/ip6_output.c
> index d33df4c..7177f63 100644
> --- a/net/ipv6/ip6_output.c
> +++ b/net/ipv6/ip6_output.c
> @@ -1275,7 +1275,7 @@ emsgsize:
>  	 */
>  	if (!skb &&
>  	    length + fragheaderlen < mtu &&
> -	    rt->dst.dev->features & NETIF_F_V6_CSUM &&
> +	    (rt->dst.dev->features & NETIF_F_V6_CSUM) == NETIF_F_V6_CSUM &&
>  	    !exthdrlen)
>  		csummode = CHECKSUM_PARTIAL;
>  	/*
> -- 
> 1.7.11.7
> 
--
To unsubscribe from this list: send the line "unsubscribe netdev" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html

Powered by blists - more mailing lists