| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-Id: <1551178601-16564-1-git-send-email-michael.chan@broadcom.com>
Date: Tue, 26 Feb 2019 05:56:41 -0500
From: Michael Chan <michael.chan@...adcom.com>
To: davem@...emloft.net, maheshb@...gle.com, edumazet@...gle.com
Cc: dja@...ens.net, netdev@...r.kernel.org
Subject: [PATCH RFC] net: Validate size of non-TSO packets in validate_xmit_skb().
There have been reports of oversize UDP packets being sent to the
driver to be transmitted, causing error conditions. The issue is
likely caused by the dst of the SKB switching between 'lo' with
64K MTU and the hardware device with a smaller MTU. Patches are
being proposed by Mahesh Bandewar <maheshb@...gle.com> to fix the
issue.
Separately, we should add a length check in validate_xmit_skb()
to drop these oversize packets before they reach the driver.
This patch only validates non-TSO packets. Complete validation
of segmented TSO packet size will probably be too slow.
Signed-off-by: Michael Chan <michael.chan@...adcom.com>
---
net/core/dev.c | 7 +++++++
1 file changed, 7 insertions(+)
diff --git a/net/core/dev.c b/net/core/dev.c
index 5d03889..50c5174 100644
--- a/net/core/dev.c
+++ b/net/core/dev.c
@@ -3373,6 +3373,13 @@ static struct sk_buff *validate_xmit_skb(struct sk_buff *skb, struct net_device
}
}
+ if (!skb_is_gso(skb) &&
+ skb->len > (dev->mtu + dev->hard_header_len + VLAN_HLEN)) {
+ net_warn_ratelimited("%s(): Dropping %d bytes oversize skb.\n",
+ __func__, skb->len);
+ goto out_kfree_skb;
+ }
+
skb = validate_xmit_xfrm(skb, features, again);
return skb;
--
2.5.1
Powered by blists - more mailing lists