| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Thu, 29 Aug 2019 15:22:41 +0300
From: Shmulik Ladkani <shmulik.ladkani@...il.com>
To: Daniel Borkmann <daniel@...earbox.net>
Cc: Eric Dumazet <eric.dumazet@...il.com>,
netdev <netdev@...r.kernel.org>,
Alexander Duyck <alexander.duyck@...il.com>,
Alexei Starovoitov <ast@...nel.org>,
Yonghong Song <yhs@...com>,
Steffen Klassert <steffen.klassert@...unet.com>,
shmulik@...anetworks.com, eyal@...anetworks.com
Subject: Re: BUG_ON in skb_segment, after bpf_skb_change_proto was applied
On Tue, 27 Aug 2019 14:10:35 +0200
Daniel Borkmann <daniel@...earbox.net> wrote:
> Given first point above wrt hitting rarely, it would be good to first get a
> better understanding for writing a reproducer. Back then Yonghong added one
> to the BPF kernel test suite [0], so it would be desirable to extend it for
> the case you're hitting. Given NAT64 use-case is needed and used by multiple
> parties, we should try to (fully) fix it generically.
>
Thanks Daniel.
Managed to write a reproducer which mimics the skb we see on prodction,
that hits the exact same BUG_ON.
Submitted as a separate RFC PATCH to bpf-next.
Tested on v5.0.y (and fwd ported to net-next for submission).
Daniel, please use this reproducer.
Do note that the test assigns:
+ skb_shinfo(skb[0])->gso_size = 1288;
which is the *mangled* gso_size value, to mimic the works of
bpf_skb_proto_4_to_6().
When setting 'gso_size = 1288 + 20' (the *original* gso_size of the
GROed skb prior bpf_skb_proto_4_to_6), the test passes successfully and
we don't hit the mentioned BUG_ON.
Best,
Shmulik
Powered by blists - more mailing lists