lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  PHC 
Open Source and information security mailing list archives
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Date:   Mon, 11 May 2020 13:49:38 -0700 (PDT)
From:   David Miller <>
To:     David.Laight@...LAB.COM
Subject: Re: [PATCH net-next] net/ipv4/raw Optimise ipv4 raw sends when

From: David Laight <David.Laight@...LAB.COM>
Date: Sun, 10 May 2020 16:00:41 +0000

> The final routing for ipv4 packets may be done with the IP address
> from the message header not that from the address buffer.
> If the addresses are different FLOWI_FLAG_KNOWN_NH must be set so
> that a temporary 'struct rtable' entry is created to send the message.
> However the allocate + free (under RCU) is relatively expensive
> and can be avoided by a quick check shows the addresses match.
> Signed-off-by: David Laight <>

The user can change the daddr field in userspace between when you do
this test and when the iphdr is copied into the sk_buff.

Also, you are obfuscating what you are doing in the way you have coded
this check.  You extract 4 bytes from a magic offset (16), which is
hard to understand.

Just explicitly code out the fact that you are accessing the daddr
field of an ip header.

But nonetheless you have to solve the "modified in userspace
meanwhile" problem, as this is a bug we fix often in the kernel so we
don't want to add new instances.


Powered by blists - more mailing lists