lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [day] [month] [year] [list]
Message-ID: <1429083152.6812.29.camel@googlemail.com>
Date:	Wed, 15 Apr 2015 09:32:32 +0200
From:	Sebastian Poehn <sebastian.poehn@...il.com>
To:	David Miller <davem@...emloft.net>
Cc:	eric.dumazet@...il.com, sebastian.poehn@...il.com,
	Yanjun.Zhu@...driver.com, netdev@...r.kernel.org, fw@...len.de
Subject: Re: [PATCH] ip_forward: Drop frames with attached skb->sk

On Tue, 2015-04-14 at 14:23 -0400, David Miller wrote:
> From: Eric Dumazet <eric.dumazet@...il.com>
> Date: Tue, 14 Apr 2015 04:54:47 -0700
> 
> > On Tue, 2015-04-14 at 08:40 +0200, Sebastian Poehn wrote:
> >> On Tue, 2015-04-14 at 14:33 +0800, yzhu1 wrote:
> >> > On 04/14/2015 01:52 PM, Sebastian Poehn wrote:
> >> > > Initial discussion was:
> >> > > [FYI] xfrm: Don't lookup sk_policy for timewait sockets
> >> > >
> >> > > Forwarded frames should not have a socket attached. Especially
> >> > > tw sockets will lead to panics later-on in the stack.
> >> > >
> >> > > This was observed with TPROXY assigning a tw socket and broken
> >> > > policy routing (misconfigured). As a result frame enters
> >> > > forwarding path instead of input. We cannot solve this in
> >> > > TPROXY as it cannot know that policy routing is broken.
> >> > >
> >> > > Signed-off-by: Sebastian Poehn <sebastian.poehn@...il.com>
> >> > > ---
> >> > > diff --git a/net/ipv4/ip_forward.c b/net/ipv4/ip_forward.c
> >> > > index 939992c..2fc3b3e 100644
> >> > > --- a/net/ipv4/ip_forward.c
> >> > > +++ b/net/ipv4/ip_forward.c
> >> > > @@ -82,6 +82,10 @@ int ip_forward(struct sk_buff *skb)
> >> > >   	if (skb->pkt_type != PACKET_HOST)
> >> > >   		goto drop;
> >> > >   
> >> > > +	/* this should happen neither */
> >> > Sorry. "neither" should be "either"?
> >> 
> >>         /* that should never happen */
> >>         if (skb->pkt_type != PACKET_HOST)
> >>                 goto drop;
> >> 
> >>         /* this should happen neither */
> >>         if (unlikely(skb->sk))
> >>                 goto drop;
> >> 
> >> Both of them should never happen.
> > 
> > I do not feel the comment is useful in this form.
> > 
> > I would prefer explicit TPROXY reference, maybe using this :
> > 
> > #if IS_ENABLED(CONFIG_NETFILTER_XT_TARGET_TPROXY)
> > 	if (skb->sk)
> > 		goto drop;
> > #endif
> > 
> > changelog will precisely describes the problem for the curious readers.
> 
> I suspect we really want this test unconditionally, because we are not able
> to safely operate past this point if skb->sk is NULL regardless of what made
> it that way.
> 
> At least, I'll sleep more soundly at night :)

I will send out a v2 patch like that when merge window has closed.
---
 		goto drop;
 
+	if (unlikely(skb->sk))
+		goto drop;
+
 	if (skb_warn_if_lro(skb))
 		goto drop;

---

--
To unsubscribe from this list: send the line "unsubscribe netdev" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ