| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-Id: <1122331550497151@iva7-d29a8296bc3c.qloud-c.yandex.net>
Date: Mon, 18 Feb 2019 16:39:11 +0300
From: Nazarov Sergey <s-nazarov@...dex.ru>
To: Paul Moore <paul@...l-moore.com>,
David Miller <davem@...emloft.net>
Cc: "netdev@...r.kernel.org" <netdev@...r.kernel.org>,
"linux-security-module@...r.kernel.org"
<linux-security-module@...r.kernel.org>,
"kuznet@....inr.ac.ru" <kuznet@....inr.ac.ru>,
"yoshfuji@...ux-ipv6.org" <yoshfuji@...ux-ipv6.org>
Subject: Re: [PATCH] NETWORKING: avoid use IPCB in cipso_v4_error
I think, it would not be a good solution, if I will analyze all subsystems using icmp_send, because I do not have enough knowledge for this.
I propose to add a new function, for example, ismp_send_safe, something like that:
void icmp_send_safe(struct sk_buff *skb_in, int type, int code, __be32 info)
{
unsigned char optbuf[sizeof(struct ip_options) + 40];
struct ip_options *opt = (struct ip_options *)optbuf;
memset(opt, 0, sizeof(struct ip_options));
opt->optlen = ip_hdr(skb_in)->ihl*4 - sizeof(struct iphdr);
memcpy(opt->__data, (unsigned char *)&(ip_hdr(skb_in)[1]), opt->optlen);
if (ip_options_compile(dev_net(skb_in->dev), opt, NULL))
return;
__icmp_send(skb_in, type, code, info, opt);
}
which could be used when the code works at different network stack layers.
And the subsystems developers, knowing their code well, will decide which one to use.
15.02.2019, 23:04, "Paul Moore" <paul@...l-moore.com>:
> On Fri, Feb 15, 2019 at 3:00 PM David Miller <davem@...emloft.net> wrote:
>> From: Paul Moore <paul@...l-moore.com>
>> Date: Fri, 15 Feb 2019 14:02:31 -0500
>>
>> > On Thu, Feb 14, 2019 at 11:43 AM David Miller <davem@...emloft.net> wrote:
>> >> From: Nazarov Sergey <s-nazarov@...dex.ru>
>> >> Date: Tue, 12 Feb 2019 18:10:03 +0300
>> >>
>> >> > Since cipso_v4_error might be called from different network stack layers, we can't safely use icmp_send there.
>> >> > icmp_send copies IP options with ip_option_echo, which uses IPCB to take access to IP header compiled data.
>> >> > But after commit 971f10ec ("tcp: better TCP_SKB_CB layout to reduce cache line misses"), IPCB can't be used
>> >> > above IP layer.
>> >> > This patch fixes the problem by creating in cipso_v4_error a local copy of compiled IP options and using it with
>> >> > introduced __icmp_send function. This looks some overloaded, but in quite rare error conditions only.
>> >> >
>> >> > The original discussion is here:
>> >> > https://lore.kernel.org/linux-security-module/16659801547571984@sas1-890ba5c2334a.qloud-c.yandex.net/
>> >> >
>> >> > Signed-off-by: Sergey Nazarov <s-nazarov@...dex.ru>
>> >>
>> >> This problem is not unique to Cipso, net/atm/clip.c's error handler
>> >> has the same exact issue.
>> >>
>> >> I didn't scan more of the tree, there are probably a couple more
>> >> locations as well.
>> >
>> > David, are you happy with Sergey's solution as a fix for this?
>> >
>> > If so, would you prefer a respin of this patch to apply the to the
>> > other broken callers (e.g. net/atm/clip.c), or would you rather merge
>> > this patch and deal with the other callers in separate patches?
>>
>> I'd like the other broken callers to be handled.
>
> Sergey, do you think you could fix the other callers too, or do you
> want some help with that?
>
> --
> paul moore
> www.paul-moore.com
Powered by blists - more mailing lists