lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [day] [month] [year] [list]
Date:   Fri, 24 Nov 2017 01:37:58 +0900 (KST)
From:   David Miller <davem@...emloft.net>
To:     willemdebruijn.kernel@...il.com
Cc:     netdev@...r.kernel.org, jasowang@...hat.com, mkubecek@...e.cz,
        willemb@...gle.com
Subject: Re: [PATCH net v2] net: accept UFO datagrams from tuntap and packet

From: Willem de Bruijn <willemdebruijn.kernel@...il.com>
Date: Tue, 21 Nov 2017 10:22:25 -0500

> From: Willem de Bruijn <willemb@...gle.com>
> 
> Tuntap and similar devices can inject GSO packets. Accept type
> VIRTIO_NET_HDR_GSO_UDP, even though not generating UFO natively.
> 
> Processes are expected to use feature negotiation such as TUNSETOFFLOAD
> to detect supported offload types and refrain from injecting other
> packets. This process breaks down with live migration: guest kernels
> do not renegotiate flags, so destination hosts need to expose all
> features that the source host does.
> 
> Partially revert the UFO removal from 182e0b6b5846~1..d9d30adf5677.
> This patch introduces nearly(*) no new code to simplify verification.
> It brings back verbatim tuntap UFO negotiation, VIRTIO_NET_HDR_GSO_UDP
> insertion and software UFO segmentation.
> 
> It does not reinstate protocol stack support, hardware offload
> (NETIF_F_UFO), SKB_GSO_UDP tunneling in SKB_GSO_SOFTWARE or reception
> of VIRTIO_NET_HDR_GSO_UDP packets in tuntap.
> 
> To support SKB_GSO_UDP reappearing in the stack, also reinstate
> logic in act_csum and openvswitch. Achieve equivalence with v4.13 HEAD
> by squashing in commit 939912216fa8 ("net: skb_needs_check() removes
> CHECKSUM_UNNECESSARY check for tx.") and reverting commit 8d63bee643f1
> ("net: avoid skb_warn_bad_offload false positives on UFO").
> 
> (*) To avoid having to bring back skb_shinfo(skb)->ip6_frag_id,
> ipv6_proxy_select_ident is changed to return a __be32 and this is
> assigned directly to the frag_hdr. Also, SKB_GSO_UDP is inserted
> at the end of the enum to minimize code churn.
 ...
> Link: http://lkml.kernel.org/r/<CAF=yD-LuUeDuL9YWPJD9ykOZ0QCjNeznPDr6whqZ9NGMNF12Mw@...l.gmail.com>
> Fixes: fb652fdfe837 ("macvlan/macvtap: Remove NETIF_F_UFO advertisement.")
> Reported-by: Michal Kubecek <mkubecek@...e.cz>
> Signed-off-by: Willem de Bruijn <willemb@...gle.com>

Applied and queued up for -stable, thanks!

Powered by blists - more mailing lists