lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
Open Source and information security mailing list archives
| ||
|
Date: Thu, 22 Sep 2016 01:36:29 -0400 (EDT) From: David Miller <davem@...emloft.net> To: shmulik.ladkani@...ellosystems.com Cc: jiri@...lanox.com, daniel@...earbox.net, pshelar@....org, eric.dumazet@...il.com, netdev@...r.kernel.org, shmulik.ladkani@...il.com Subject: Re: [PATCH v3 net-next 1/2] net: skbuff: Remove errornous length validation in skb_vlan_pop() From: Shmulik Ladkani <shmulik.ladkani@...ellosystems.com> Date: Tue, 20 Sep 2016 12:48:36 +0300 > In 93515d53b1 > "net: move vlan pop/push functions into common code" > skb_vlan_pop was moved from its private location in openvswitch to > skbuff common code. > > In case skb has non hw-accel vlan tag, the original 'pop_vlan()' assured > that skb->len is sufficient (if skb->len < VLAN_ETH_HLEN then pop was > considered a no-op). > > This validation was moved as is into the new common 'skb_vlan_pop'. > > Alas, in its original location (openvswitch), there was a guarantee that > 'data' points to the mac_header, therefore the 'skb->len < VLAN_ETH_HLEN' > condition made sense. > However there's no such guarantee in the generic 'skb_vlan_pop'. > > For short packets received in rx path going through 'skb_vlan_pop', > this causes 'skb_vlan_pop' to fail pop-ing a valid vlan hdr (in the non > hw-accel case) or to fail moving next tag into hw-accel tag. > > Remove the 'skb->len < VLAN_ETH_HLEN' condition entirely: > It is superfluous since inner '__skb_vlan_pop' already verifies there > are VLAN_ETH_HLEN writable bytes at the mac_header. > > Note this presents a slight change to skb_vlan_pop() users: > In case total length is smaller than VLAN_ETH_HLEN, skb_vlan_pop() now > returns an error, as opposed to previous "no-op" behavior. > Existing callers (e.g. tc act vlan, ovs) usually drop the packet if > 'skb_vlan_pop' fails. > > Fixes: 93515d53b1 ("net: move vlan pop/push functions into common code") > Signed-off-by: Shmulik Ladkani <shmulik.ladkani@...il.com> Applied.
Powered by blists - more mailing lists