lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Message-ID: <20160130161702.GA11601@oracle.com>
Date:	Sat, 30 Jan 2016 11:17:02 -0500
From:	Sowmini Varadhan <sowmini.varadhan@...cle.com>
To:	Eric Dumazet <eric.dumazet@...il.com>
Cc:	Alexander Duyck <aduyck@...antis.com>, netdev@...r.kernel.org,
	davem@...emloft.net, alexander.duyck@...il.com, tom@...bertland.com
Subject: Re: [net PATCH] flow_dissector: Fix unaligned access in
 __skb_flow_dissector when used by eth_get_headlen

On (01/29/16 19:23), Eric Dumazet wrote:
> BTW, even a memcpy(&key_addrs->v4addrs, &iph->saddr, 8) could crash, as
> the compiler can certainly assume src and dst are 4 bytes aligned, and
> could use word accesses when inlining memcpy() even on Sparc.
> 
> Apparently the compiler used by Sowmini is gentle.

One more subtlety that I missed until now.. 

eth_get_headlen passes in flow_keys_buf_dissector (NOT flow_keys_dissector!)

So FLOW_DISSECTOR_KEY_IPV4_ADDRS is not set, and this helps to dodge
the unaligned iph->saddr access.

But as others have pointed out, much of this code is brittle
because it's accessing the data before the driver has had a chance
to align things. The page_offset initialization of NET_IP_ALIGN,
with all its weaknesses, at least matches (in principle) the prescription
used for the xmit path.

--Sowmini

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ