| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <541e6836-a3be-58ef-dbbf-0f114042b86a@gmail.com>
Date: Thu, 22 Mar 2018 07:30:48 -0700
From: Eric Dumazet <eric.dumazet@...il.com>
To: Ursula Braun <ubraun@...ux.vnet.ibm.com>, davem@...emloft.net
Cc: netdev@...r.kernel.org, linux-s390@...r.kernel.org,
schwidefsky@...ibm.com, heiko.carstens@...ibm.com,
raspl@...ux.vnet.ibm.com
Subject: Re: [PATCH net-next 1/1] net/ipv4: disable SMC TCP option with SYN
Cookies
On 03/22/2018 06:23 AM, Ursula Braun wrote:
> We moved the clear to cookie_v4_check()/cookie_v6_check. However, this does not seem to
> be sufficient to prevent the SYNACK from containing the SMC experimental option.
> We found that an additional check in tcp_conn_request() helps:
>
> --- a/net/ipv4/tcp_input.c
> +++ b/net/ipv4/tcp_input.c
> @@ -6248,6 +6248,9 @@ int tcp_conn_request(struct request_sock
> if (want_cookie && !tmp_opt.saw_tstamp)
> tcp_clear_options(&tmp_opt);
>
> + if (IS_ENABLED(CONFIG_SMC) && want_cookie && tmp_opt.smc_ok)
> + tmp_opt.smc_ok = 0;
> +
> tmp_opt.tstamp_ok = tmp_opt.saw_tstamp;
> tcp_openreq_init(req, &tmp_opt, skb, sk);
> inet_rsk(req)->no_srccheck = inet_sk(sk)->transparent;
>
> Do you think this could be the right place for clearing the smc_ok bit?
Yes, but since tmp_opt is private to this thread/cpu, no false sharing to be afraid of
if (IS_ENABLED(CONFIG_SMC) && want_cookie)
tmp_opt.smc_ok = 0;
Powered by blists - more mailing lists