lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  PHC 
Open Source and information security mailing list archives
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [day] [month] [year] [list]
Date:   Fri, 01 May 2020 12:47:13 -0700 (PDT)
From:   David Miller <>
Subject: Re: [PATCH v2 net] ipv6: Use global sernum for dst validation with
 nexthop objects

From: David Ahern <>
Date: Fri,  1 May 2020 08:53:08 -0600

> Nik reported a bug with pcpu dst cache when nexthop objects are
> used illustrated by the following:
> Conversion of FIB entries to work with external nexthop objects
> missed an important difference between IPv4 and IPv6 - how dst
> entries are invalidated when the FIB changes. IPv4 has a per-network
> namespace generation id (rt_genid) that is bumped on changes to the FIB.
> Checking if a dst_entry is still valid means comparing rt_genid in the
> rtable to the current value of rt_genid for the namespace.
> IPv6 also has a per network namespace counter, fib6_sernum, but the
> count is saved per fib6_node. With the per-node counter only dst_entries
> based on fib entries under the node are invalidated when changes are
> made to the routes - limiting the scope of invalidations. IPv6 uses a
> reference in the rt6_info, 'from', to track the corresponding fib entry
> used to create the dst_entry. When validating a dst_entry, the 'from'
> is used to backtrack to the fib6_node and check the sernum of it to the
> cookie passed to the dst_check operation.
> With the inline format (nexthop definition inline with the fib6_info),
> dst_entries cached in the fib6_nh have a 1:1 correlation between fib
> entries, nexthop data and dst_entries. With external nexthops, IPv6
> looks more like IPv4 which means multiple fib entries across disparate
> fib6_nodes can all reference the same fib6_nh. That means validation
> of dst_entries based on external nexthops needs to use the IPv4 format
> - the per-network namespace counter.
> Add sernum to rt6_info and set it when creating a pcpu dst entry. Update
> rt6_get_cookie to return sernum if it is set and update dst_check for
> IPv6 to look for sernum set and based the check on it if so. Finally,
> rt6_get_pcpu_route needs to validate the cached entry before returning
> a pcpu entry (similar to the rt_cache_valid calls in __mkroute_input and
> __mkroute_output for IPv4).
> This problem only affects routes using the new, external nexthops.
> Thanks to the kbuild test robot for catching the IS_ENABLED needed
> around rt_genid_ipv6 before I sent this out.
> Fixes: 5b98324ebe29 ("ipv6: Allow routes to use nexthop objects")
> Reported-by: Nikolay Aleksandrov <>
> Signed-off-by: David Ahern <>
> Reviewed-by: Nikolay Aleksandrov <>
> Tested-by: Nikolay Aleksandrov <>

Applied and queued up for -stable, thanks David.

Powered by blists - more mailing lists