| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <CA+FuTSfrOwrN0N2OF8ykOMqX+N=p_+ib4R1nyTZ0R-Bw40mr-A@mail.gmail.com>
Date: Thu, 28 May 2020 18:08:59 -0400
From: Willem de Bruijn <willemdebruijn.kernel@...il.com>
To: Eric Dumazet <edumazet@...gle.com>
Cc: "David S . Miller" <davem@...emloft.net>,
netdev <netdev@...r.kernel.org>,
Eric Dumazet <eric.dumazet@...il.com>
Subject: Re: [PATCH net] net: be more gentle about silly gso requests coming
from user
On Thu, May 28, 2020 at 5:57 PM Eric Dumazet <edumazet@...gle.com> wrote:
>
> Recent change in virtio_net_hdr_to_skb() broke some packetdrill tests.
>
> When --mss=XXX option is set, packetdrill always provide gso_type & gso_size
> for its inbound packets, regardless of packet size.
>
> if (packet->tcp && packet->mss) {
> if (packet->ipv4)
> gso.gso_type = VIRTIO_NET_HDR_GSO_TCPV4;
> else
> gso.gso_type = VIRTIO_NET_HDR_GSO_TCPV6;
> gso.gso_size = packet->mss;
> }
>
> Since many other programs could do the same, relax virtio_net_hdr_to_skb()
> to no longer return an error, but instead ignore gso settings.
>
> This keeps Willem intent to make sure no malicious packet could
> reach gso stack.
>
> Note that TCP stack has a special logic in tcp_set_skb_tso_segs()
> to clear gso_size for small packets.
>
> Fixes: 6dd912f82680 ("net: check untrusted gso_size at kernel entry")
> Signed-off-by: Eric Dumazet <edumazet@...gle.com>
> Cc: Willem de Bruijn <willemb@...gle.com>
Acked-by: Willem de Bruijn <willemb@...gle.com>
Thanks a lot for fixing this immediately, Eric.
Powered by blists - more mailing lists