| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-Id: <20180117.152021.1966828517960487469.davem@davemloft.net>
Date: Wed, 17 Jan 2018 15:20:21 -0500 (EST)
From: David Miller <davem@...emloft.net>
To: dja@...ens.net
Cc: netdev@...r.kernel.org, Manish.Chopra@...ium.com,
dev@...nvswitch.org
Subject: Re: [PATCH 0/3] Check gso_size of packets when forwarding
From: Daniel Axtens <dja@...ens.net>
Date: Tue, 16 Jan 2018 13:09:17 +1100
> When regular packets are forwarded, we validate their size against the
> MTU of the destination device. However, when GSO packets are
> forwarded, we do not validate their size against the MTU. We
> implicitly assume that when they are segmented, the resultant packets
> will be correctly sized.
>
> This is not always the case.
>
> We observed a case where a packet received on an ibmveth device had a
> GSO size of around 10kB. This was forwarded by Open vSwitch to a bnx2x
> device, where it caused a firmware assert. This is described in detail
> at [0] and was the genesis of this series. Rather than fixing it in
> the driver, this series fixes the forwarding path.
>
> To fix this:
>
> - Move a helper in patch 1.
>
> - Validate GSO segment lengths in is_skb_forwardable() in the GSO
> case, rather than assuming all will be well. This fixes bridges.
> This is patch 2.
>
> - Open vSwitch uses its own slightly specialised algorithm for
> checking lengths. Wire up checking for that in patch 3.
>
> [0]: https://patchwork.ozlabs.org/patch/859410/
This looks good to me, could the OVS folks please review this patch
series?
Thank you.
Powered by blists - more mailing lists