| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Sun, 04 Mar 2018 03:02:20 +1100
From: Daniel Axtens <dja@...ens.net>
To: Daniel Borkmann <daniel@...earbox.net>, ast@...nel.org
Cc: netdev@...r.kernel.org,
Marcelo Ricardo Leitner <marcelo.leitner@...il.com>
Subject: Re: [PATCH bpf] bpf: fix bpf_skb_adjust_net/bpf_skb_proto_xlat to deal with gso sctp skbs
Hi Daniel,
> From: Daniel Axtens <dja@...ens.net>
>
> SCTP GSO skbs have a gso_size of GSO_BY_FRAGS, so any sort of
> unconditionally mangling of that will result in nonsense value
> and would corrupt the skb later on.
>
> Therefore, i) add two helpers skb_increase_gso_size() and
> skb_decrease_gso_size() that would throw a one time warning and
> bail out for such skbs and ii) refuse and return early with an
> error in those BPF helpers that are affected. We do need to bail
> out as early as possible from there before any changes on the
> skb have been performed.
>
> Fixes: 6578171a7ff0 ("bpf: add bpf_skb_change_proto helper")
> Co-authored-by: Daniel Borkmann <daniel@...earbox.net>
> Signed-off-by: Daniel Axtens <dja@...ens.net>
> Cc: Marcelo Ricardo Leitner <marcelo.leitner@...il.com>
> Acked-by: Alexei Starovoitov <ast@...nel.org>
I've looked over your changes and they all look good to me.
> +/* Note: Should be called only if skb_is_gso(skb) is true */
> +static inline bool skb_is_gso_sctp(const struct sk_buff *skb)
> +{
> + return skb_shinfo(skb)->gso_type & SKB_GSO_SCTP;
> +}
> +
This helper is a fantastic idea and I will send a docs update to
highlight it.
Regards,
Daniel
Powered by blists - more mailing lists