lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Date:	Tue, 1 Sep 2015 14:10:45 -0700
From:	Pravin Shelar <pshelar@...ira.com>
To:	Tom Herbert <tom@...bertland.com>
Cc:	Linux Kernel Network Developers <netdev@...r.kernel.org>
Subject: Re: [PATCH net] skbuff: Fix skb checksum flag on skb pull

On Tue, Sep 1, 2015 at 12:55 PM, Tom Herbert <tom@...bertland.com> wrote:
> On Tue, Sep 1, 2015 at 12:20 PM, Pravin Shelar <pshelar@...ira.com> wrote:
>> On Tue, Sep 1, 2015 at 7:19 AM, Tom Herbert <tom@...bertland.com> wrote:
>>> On Mon, Aug 31, 2015 at 10:15 PM, Pravin Shelar <pshelar@...ira.com> wrote:
>>>> On Mon, Aug 31, 2015 at 9:12 PM, Tom Herbert <tom@...bertland.com> wrote:
>>>>> On Mon, Aug 31, 2015 at 3:55 PM, Pravin B Shelar <pshelar@...ira.com> wrote:
>>>>>> VXLAN device can receive skb with checksum partial. But the checksum
>>>>>> offset could be in outer header which is pulled on receive. Such skb
>>>>>> can cause the panic when checksum is calculated on skb. Following patch
>>>>>> fixes the bug by setting checksum unnecessary while pulling outer header.
>>>>>>
>>>>> Okay, I think I understand what you are doing. I suggest in the
>>>>> openvswitch path, if there is a checksum CHECKSUM_PARTIAL that refers
>>>>> to the outer headers which must have been verified at this point then
>>>>> set to CHECKSUM_NONE-- assuming CHECKSUM_UNNECESSARY on the inner
>>>>> header is not correct in this case. If the CHECKSUM_PARTIAL refers to
>>>>> the inner header then you can call skb_checksum_help to resolve an
>>>>> inner checksum.
>>>>>
>>>>
>>>> That would be OVS specific fix, But I do see skb_checksum_help()
>>>> called in multiple places outside OVS that could result in similar
>>>> kernel panic. Therefore I want to solve it up in networking stack
>>>> rather than in OVS.
>>>>
>>> Please try to reproduce this out of OVS from the top of the tree then
>>> and report down exactly where panic is occurring the code. Unlike most
>>> of the of the other cases where skb_checksum_help() is being called
>>> this in the RX path so skb is probably not pulled over the checksum
>>> offset for those. Even so, if the skb is pulled beyond the checksum
>>> offset then this should result in a negative offset in
>>> skb_checksum_start_offset(skb) which should be okay. It looks like
>>> this in itself should not be causing your panic.
>>>
>>
>> ip_do_fragment() also calls skb_checksum_help() that can results in
>> similar panic. But it is not easy to reproduce it in this case due to
>> call site is in exception path.
>> The negative checksum offset can atleast cause assert failure in
>> skb_checksum_help(). I will send patch to fix that.
>
> Which BUG_ON do you see is hitting?

BUG_ON(offset >= skb_headlen(skb));
where skb_headlen() returns unsigned int, therefore negative offset
cast to unsigned int.
--
To unsubscribe from this list: send the line "unsubscribe netdev" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ