lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
Open Source and information security mailing list archives
| ||
|
Date: Fri, 24 Nov 2017 01:37:58 +0900 (KST) From: David Miller <davem@...emloft.net> To: willemdebruijn.kernel@...il.com Cc: netdev@...r.kernel.org, jasowang@...hat.com, mkubecek@...e.cz, willemb@...gle.com Subject: Re: [PATCH net v2] net: accept UFO datagrams from tuntap and packet From: Willem de Bruijn <willemdebruijn.kernel@...il.com> Date: Tue, 21 Nov 2017 10:22:25 -0500 > From: Willem de Bruijn <willemb@...gle.com> > > Tuntap and similar devices can inject GSO packets. Accept type > VIRTIO_NET_HDR_GSO_UDP, even though not generating UFO natively. > > Processes are expected to use feature negotiation such as TUNSETOFFLOAD > to detect supported offload types and refrain from injecting other > packets. This process breaks down with live migration: guest kernels > do not renegotiate flags, so destination hosts need to expose all > features that the source host does. > > Partially revert the UFO removal from 182e0b6b5846~1..d9d30adf5677. > This patch introduces nearly(*) no new code to simplify verification. > It brings back verbatim tuntap UFO negotiation, VIRTIO_NET_HDR_GSO_UDP > insertion and software UFO segmentation. > > It does not reinstate protocol stack support, hardware offload > (NETIF_F_UFO), SKB_GSO_UDP tunneling in SKB_GSO_SOFTWARE or reception > of VIRTIO_NET_HDR_GSO_UDP packets in tuntap. > > To support SKB_GSO_UDP reappearing in the stack, also reinstate > logic in act_csum and openvswitch. Achieve equivalence with v4.13 HEAD > by squashing in commit 939912216fa8 ("net: skb_needs_check() removes > CHECKSUM_UNNECESSARY check for tx.") and reverting commit 8d63bee643f1 > ("net: avoid skb_warn_bad_offload false positives on UFO"). > > (*) To avoid having to bring back skb_shinfo(skb)->ip6_frag_id, > ipv6_proxy_select_ident is changed to return a __be32 and this is > assigned directly to the frag_hdr. Also, SKB_GSO_UDP is inserted > at the end of the enum to minimize code churn. ... > Link: http://lkml.kernel.org/r/<CAF=yD-LuUeDuL9YWPJD9ykOZ0QCjNeznPDr6whqZ9NGMNF12Mw@...l.gmail.com> > Fixes: fb652fdfe837 ("macvlan/macvtap: Remove NETIF_F_UFO advertisement.") > Reported-by: Michal Kubecek <mkubecek@...e.cz> > Signed-off-by: Willem de Bruijn <willemb@...gle.com> Applied and queued up for -stable, thanks!
Powered by blists - more mailing lists