| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <1464904363.5939.185.camel@edumazet-glaptop3.roam.corp.google.com>
Date: Thu, 02 Jun 2016 14:52:43 -0700
From: Eric Dumazet <eric.dumazet@...il.com>
To: Paul Moore <paul@...l-moore.com>,
David Miller <davem@...emloft.net>
Cc: samanthakumar@...gle.com, linux-security-module@...r.kernel.org,
selinux@...ho.nsa.gov, netdev@...r.kernel.org,
Stephen Smalley <sds@...ho.nsa.gov>,
samanthakumar <samanthakumar@...gle.com>
Subject: Re: Possible problem with e6afc8ac ("udp: remove headers from UDP
packets before queueing")
From: Eric Dumazet <edumazet@...gle.com>
Paul Moore tracked a regression caused by a recent commit, which
mistakenly assumed that sk_filter() could be avoided if socket
had no current BPF filter.
The intent was to avoid udp_lib_checksum_complete() overhead.
But sk_filter() also checks skb_pfmemalloc() and
security_sock_rcv_skb(), so better call it.
Fixes: e6afc8ace6dd ("udp: remove headers from UDP packets before queueing")
Signed-off-by: Eric Dumazet <edumazet@...gle.com>
Reported-by: Paul Moore <paul@...l-moore.com>
Tested-by: Paul Moore <paul@...l-moore.com>
Tested-by: Stephen Smalley <sds@...ho.nsa.gov>
Cc: samanthakumar <samanthakumar@...gle.com>
---
net/ipv4/udp.c | 10 +++++-----
net/ipv6/udp.c | 12 ++++++------
2 files changed, 11 insertions(+), 11 deletions(-)
diff --git a/net/ipv4/udp.c b/net/ipv4/udp.c
index d56c0559b477..0ff31d97d485 100644
--- a/net/ipv4/udp.c
+++ b/net/ipv4/udp.c
@@ -1618,12 +1618,12 @@ int udp_queue_rcv_skb(struct sock *sk, struct sk_buff *skb)
}
}
- if (rcu_access_pointer(sk->sk_filter)) {
- if (udp_lib_checksum_complete(skb))
+ if (rcu_access_pointer(sk->sk_filter) &&
+ udp_lib_checksum_complete(skb))
goto csum_error;
- if (sk_filter(sk, skb))
- goto drop;
- }
+
+ if (sk_filter(sk, skb))
+ goto drop;
udp_csum_pull_header(skb);
if (sk_rcvqueues_full(sk, sk->sk_rcvbuf)) {
diff --git a/net/ipv6/udp.c b/net/ipv6/udp.c
index 2da1896af934..f421c9f23c5b 100644
--- a/net/ipv6/udp.c
+++ b/net/ipv6/udp.c
@@ -653,12 +653,12 @@ int udpv6_queue_rcv_skb(struct sock *sk, struct sk_buff *skb)
}
}
- if (rcu_access_pointer(sk->sk_filter)) {
- if (udp_lib_checksum_complete(skb))
- goto csum_error;
- if (sk_filter(sk, skb))
- goto drop;
- }
+ if (rcu_access_pointer(sk->sk_filter) &&
+ udp_lib_checksum_complete(skb))
+ goto csum_error;
+
+ if (sk_filter(sk, skb))
+ goto drop;
udp_csum_pull_header(skb);
if (sk_rcvqueues_full(sk, sk->sk_rcvbuf)) {
Powered by blists - more mailing lists