| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Wed, 29 May 2019 12:25:38 +0200
From: Stefan Bader <stefan.bader@...onical.com>
To: stable <stable@...r.kernel.org>, netdev@...r.kernel.org,
linux-kernel@...r.kernel.org
Cc: Eric Dumazet <edumazet@...gle.com>,
Sasha Levin <sashal@...nel.org>,
Peter Oskolkov <posk@...gle.com>,
Ben Hutchings <ben.hutchings@...ethink.co.uk>,
Andy Whitcroft <andy.whitcroft@...onical.com>,
Greg KH <gregkh@...uxfoundation.org>
Subject: [PATCH 0/4] ipv6: frags: fixups for linux-4.4.y
While this backport proposal is based on the 4.4.y stable tree, it
might also apply in some form to any stable tree which backported
05c0b86b96: "ipv6: frags: rewrite ip6_expire_frag_queue()"
While this made ip6_expire_frag_queue() similar to ip_exire(),
it did not follow the additional changes to ip_expire() which
were also backported:
fa0f527358: "ip: use rb trees for IP frag queue."
a4fd284a1f: "ip: process in-order fragments efficiently"
The former of the two not only adds handling for rb trees, but
also modifies ip_expire() to take the first skb off the queue
before using it for the sending the icmp message. This also got
rid of the need to protect the skb by incrementing its reference
count (which is the reason for the crash in ip6_expire_frag_queue()).
My first approach was do those changes in ip6_expire_frag_queue(),
but only the former of the two can be done without problems. The
latter uses code which is only locally defined in ipv4/ip_fragment.c.
This was changed upstream in 5.1 when moving code around to be shared
c23f35d19d: "net: IP defrag: encapsulate rbtree defrag code into
callable functions"
And while backporting that I found the two other changes which sounded
like one might want them backported, too. Maybe even more since the
second (ip: fail fast on IP defrag errors) is already partially
included in the backport of "net: ipv4: do not handle duplicate
fragments as overlapping".
Though I do realize that "net: IP defrag: encapsulate rbtree
defrag code into callable functions" is rather large and for
that reason maybe not qualifying as a stable backport.
So I would like to ask what the net-developers think about
this.
Thanks,
Stefan
0001: v4.20: ipv4: ipv6: netfilter: Adjust the frag mem limit when
truesize changes
0002: v4.20: ip: fail fast on IP defrag errors
0003: v5.1 : net: IP defrag: encapsulate rbtree defrag code into
callable functions
0004: n/a : ipv6: frags: Use inet_frag_pull_head() in
ip6_expire_frag_queue()
Jiri Wiesner (1):
ipv4: ipv6: netfilter: Adjust the frag mem limit when truesize changes
Peter Oskolkov (2):
ip: fail fast on IP defrag errors
net: IP defrag: encapsulate rbtree defrag code into callable functions
Stefan Bader (1):
ipv6: frags: Use inet_frag_pull_head() in ip6_expire_frag_queue()
include/net/inet_frag.h | 16 +-
net/ipv4/inet_fragment.c | 293 +++++++++++++++++++++++
net/ipv4/ip_fragment.c | 294 +++---------------------
net/ipv6/netfilter/nf_conntrack_reasm.c | 8 +-
net/ipv6/reassembly.c | 20 +-
5 files changed, 359 insertions(+), 272 deletions(-)
--
2.17.1
Powered by blists - more mailing lists