lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite for Android: free password hash cracker in your pocket
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Date:   Tue, 26 Feb 2019 07:16:22 -0800
From:   Eric Dumazet <eric.dumazet@...il.com>
To:     Michael Chan <michael.chan@...adcom.com>, davem@...emloft.net,
        maheshb@...gle.com, edumazet@...gle.com
Cc:     dja@...ens.net, netdev@...r.kernel.org
Subject: Re: [PATCH RFC] net: Validate size of non-TSO packets in
 validate_xmit_skb().



On 02/26/2019 02:56 AM, Michael Chan wrote:
> There have been reports of oversize UDP packets being sent to the
> driver to be transmitted, causing error conditions.  The issue is
> likely caused by the dst of the SKB switching between 'lo' with
> 64K MTU and the hardware device with a smaller MTU.  Patches are
> being proposed by Mahesh Bandewar <maheshb@...gle.com> to fix the
> issue.
> 
> Separately, we should add a length check in validate_xmit_skb()
> to drop these oversize packets before they reach the driver.

Why ?

We keep adding checks in the 'fast path' and make slower and slower after each release.

We need to fix the root cause really.

> This patch only validates non-TSO packets.  Complete validation
> of segmented TSO packet size will probably be too slow.
> 
> Signed-off-by: Michael Chan <michael.chan@...adcom.com>
> ---
>  net/core/dev.c | 7 +++++++
>  1 file changed, 7 insertions(+)
> 
> diff --git a/net/core/dev.c b/net/core/dev.c
> index 5d03889..50c5174 100644
> --- a/net/core/dev.c
> +++ b/net/core/dev.c
> @@ -3373,6 +3373,13 @@ static struct sk_buff *validate_xmit_skb(struct sk_buff *skb, struct net_device
>  		}
>  	}
>  
> +	if (!skb_is_gso(skb) &&
> +	    skb->len > (dev->mtu + dev->hard_header_len + VLAN_HLEN)) {
> +		net_warn_ratelimited("%s(): Dropping %d bytes oversize skb.\n",
> +				     __func__, skb->len);
> +		goto out_kfree_skb;
> +	}
> +
>  	skb = validate_xmit_xfrm(skb, features, again);
>  
>  	return skb;
> 

Powered by blists - more mailing lists