lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
Open Source and information security mailing list archives
| ||
|
Date: Tue, 26 Feb 2019 07:16:22 -0800 From: Eric Dumazet <eric.dumazet@...il.com> To: Michael Chan <michael.chan@...adcom.com>, davem@...emloft.net, maheshb@...gle.com, edumazet@...gle.com Cc: dja@...ens.net, netdev@...r.kernel.org Subject: Re: [PATCH RFC] net: Validate size of non-TSO packets in validate_xmit_skb(). On 02/26/2019 02:56 AM, Michael Chan wrote: > There have been reports of oversize UDP packets being sent to the > driver to be transmitted, causing error conditions. The issue is > likely caused by the dst of the SKB switching between 'lo' with > 64K MTU and the hardware device with a smaller MTU. Patches are > being proposed by Mahesh Bandewar <maheshb@...gle.com> to fix the > issue. > > Separately, we should add a length check in validate_xmit_skb() > to drop these oversize packets before they reach the driver. Why ? We keep adding checks in the 'fast path' and make slower and slower after each release. We need to fix the root cause really. > This patch only validates non-TSO packets. Complete validation > of segmented TSO packet size will probably be too slow. > > Signed-off-by: Michael Chan <michael.chan@...adcom.com> > --- > net/core/dev.c | 7 +++++++ > 1 file changed, 7 insertions(+) > > diff --git a/net/core/dev.c b/net/core/dev.c > index 5d03889..50c5174 100644 > --- a/net/core/dev.c > +++ b/net/core/dev.c > @@ -3373,6 +3373,13 @@ static struct sk_buff *validate_xmit_skb(struct sk_buff *skb, struct net_device > } > } > > + if (!skb_is_gso(skb) && > + skb->len > (dev->mtu + dev->hard_header_len + VLAN_HLEN)) { > + net_warn_ratelimited("%s(): Dropping %d bytes oversize skb.\n", > + __func__, skb->len); > + goto out_kfree_skb; > + } > + > skb = validate_xmit_xfrm(skb, features, again); > > return skb; >
Powered by blists - more mailing lists