lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite for Android: free password hash cracker in your pocket
[<prev] [next>] [<thread-prev] [day] [month] [year] [list]
Date:   Fri, 24 May 2019 13:28:49 -0700 (PDT)
From:   David Miller <davem@...emloft.net>
To:     vladbu@...lanox.com
Cc:     xiyou.wangcong@...il.com, netdev@...r.kernel.org, jhs@...atatu.com,
        ecree@...arflare.com, jiri@...nulli.us, pablo@...filter.org,
        andy@...yhouse.net, jakub.kicinski@...ronome.com,
        michael.chan@...adcom.com, vishal@...lsio.com, lucasb@...atatu.com,
        roid@...lanox.com
Subject: Re: [PATCH net] net: sched: don't use tc_action->order during
 action dump

From: Vlad Buslov <vladbu@...lanox.com>
Date: Thu, 23 May 2019 09:32:31 +0300

> Function tcf_action_dump() relies on tc_action->order field when starting
> nested nla to send action data to userspace. This approach breaks in
> several cases:
> 
> - When multiple filters point to same shared action, tc_action->order field
>   is overwritten each time it is attached to filter. This causes filter
>   dump to output action with incorrect attribute for all filters that have
>   the action in different position (different order) from the last set
>   tc_action->order value.
> 
> - When action data is displayed using tc action API (RTM_GETACTION), action
>   order is overwritten by tca_action_gd() according to its position in
>   resulting array of nl attributes, which will break filter dump for all
>   filters attached to that shared action that expect it to have different
>   order value.
> 
> Don't rely on tc_action->order when dumping actions. Set nla according to
> action position in resulting array of actions instead.
> 
> Signed-off-by: Vlad Buslov <vladbu@...lanox.com>
> Acked-by: Jamal Hadi Salim <jhs@...atatu.com>

Applied and queued up for -stable.

Powered by blists - more mailing lists