lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [day] [month] [year] [list] 
Date:	Thu, 14 Apr 2016 16:45:09 -0400 (EDT)
From:	David Miller <davem@...emloft.net>
To:	kafai@...com
Cc:	netdev@...r.kernel.org, xiyou.wangcong@...il.com,
	edumazet@...gle.com, weiwan@...gle.com, kernel-team@...com
Subject: Re: [PATCH v2 net 0/4] ipv6: datagram: Update dst cache of a
 connected udp sk during pmtu update

From: Martin KaFai Lau <kafai@...com>
Date: Mon, 11 Apr 2016 15:29:33 -0700

> v2:
> ~ Protect __sk_dst_get() operations with rcu_read_lock in
>   release_cb() because another thread may do ip6_dst_store()
>   for a udp sk without taking the sk lock (e.g. in sendmsg).
> ~ Do a ipv6_addr_v4mapped(&sk->sk_v6_daddr) check before
>   calling ip6_datagram_dst_update() in patch 3 and 4.  It is
>   similar to how __ip6_datagram_connect handles it.
> ~ One fix in ip6_datagram_dst_update() in patch 2.  It needs
>   to check (np->flow_label & IPV6_FLOWLABEL_MASK) before
>   doing fl6_sock_lookup.  I was confused with the naming
>   of IPV6_FLOWLABEL_MASK and IPV6_FLOWINFO_MASK.
> ~ Check dst->obsolete just on the safe side, although I think it
>   should at least have DST_OBSOLETE_FORCE_CHK by now.
> ~ Add Fixes tag to patch 3 and 4
> ~ Add some points from the previous discussion about holding
>   sk lock to the commit message in patch 3.
> 
> v1:
> There is a case in connected UDP socket such that
> getsockopt(IPV6_MTU) will return a stale MTU value. The reproducible
> sequence could be the following:
> 1. Create a connected UDP socket
> 2. Send some datagrams out
> 3. Receive a ICMPV6_PKT_TOOBIG
> 4. No new outgoing datagrams to trigger the sk_dst_check()
>    logic to update the sk->sk_dst_cache.
> 5. getsockopt(IPV6_MTU) returns the mtu from the invalid
>    sk->sk_dst_cache instead of the newly created RTF_CACHE clone.
> 
> Patch 1 and 2 are the prep work.
> Patch 3 and 4 are the fixes.

Series applied, thanks Martin.

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ