| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-Id: <20201030014910.2738809-1-vladimir.oltean@nxp.com>
Date: Fri, 30 Oct 2020 03:48:58 +0200
From: Vladimir Oltean <vladimir.oltean@....com>
To: netdev@...r.kernel.org
Cc: andrew@...n.ch, f.fainelli@...il.com, vivien.didelot@...il.com,
kuba@...nel.org, Christian Eggers <ceggers@...i.de>,
Kurt Kanzenbach <kurt@...utronix.de>
Subject: [PATCH v2 net-next 00/12] Generic TX reallocation for DSA
Christian has reported buggy usage of skb_put() in tag_ksz.c, which is
only triggerable in real life using his not-yet-published patches for
IEEE 1588 timestamping on Micrel KSZ switches.
The concrete problem there is that the driver can end up calling
skb_put() and exceed the end of the skb data area, because even though
it had reallocated the frame once before, it hadn't reallocated it large
enough. Christian explained it in more detail here:
https://lore.kernel.org/netdev/20201014161719.30289-1-ceggers@arri.de/
https://lore.kernel.org/netdev/20201016200226.23994-1-ceggers@arri.de/
But actually there's a bigger problem, which is that some taggers which
get more rarely tested tend to do some shenanigans which are uncaught
for the longest time, and in the meanwhile, their code gets copy-pasted
into other taggers, creating a mess. For example, the tail tagging
driver for Marvell 88E6060 currently reallocates _every_single_frame_ on
TX. Is that an obvious indication that nobody is using it? Sure. Is it a
good model to follow when developing a new tail tagging driver? No.
DSA has all the information it needs in order to simplify the job of a
tagger on TX. It knows whether it's a normal or a tail tagger, and what
is the protocol overhead it incurs. So this series performs the
reallocation centrally.
Changes in v2:
- Dropped the tx_realloc counters for now, since the patch was pretty
controversial and I lack the time at the moment to introduce new UAPI
for that.
- Do padding for tail taggers irrespective of whether they need to
reallocate the skb or not.
Christian Eggers (2):
net: dsa: tag_ksz: don't allocate additional memory for
padding/tagging
net: dsa: trailer: don't allocate additional memory for
padding/tagging
Vladimir Oltean (10):
net: dsa: implement a central TX reallocation procedure
net: dsa: tag_qca: let DSA core deal with TX reallocation
net: dsa: tag_ocelot: let DSA core deal with TX reallocation
net: dsa: tag_mtk: let DSA core deal with TX reallocation
net: dsa: tag_lan9303: let DSA core deal with TX reallocation
net: dsa: tag_edsa: let DSA core deal with TX reallocation
net: dsa: tag_brcm: let DSA core deal with TX reallocation
net: dsa: tag_dsa: let DSA core deal with TX reallocation
net: dsa: tag_gswip: let DSA core deal with TX reallocation
net: dsa: tag_ar9331: let DSA core deal with TX reallocation
net/dsa/slave.c | 45 ++++++++++++++++++++++++++
net/dsa/tag_ar9331.c | 3 --
net/dsa/tag_brcm.c | 3 --
net/dsa/tag_dsa.c | 5 ---
net/dsa/tag_edsa.c | 4 ---
net/dsa/tag_gswip.c | 5 ---
net/dsa/tag_ksz.c | 73 ++++++-------------------------------------
net/dsa/tag_lan9303.c | 9 ------
net/dsa/tag_mtk.c | 3 --
net/dsa/tag_ocelot.c | 7 -----
net/dsa/tag_qca.c | 3 --
net/dsa/tag_trailer.c | 31 ++----------------
12 files changed, 56 insertions(+), 135 deletions(-)
--
2.25.1
Powered by blists - more mailing lists