| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <YREcqAdU+6IpT0+w@shredder>
Date: Mon, 9 Aug 2021 15:16:40 +0300
From: Ido Schimmel <idosch@...sch.org>
To: Vladimir Oltean <vladimir.oltean@....com>, nikolay@...dia.com
Cc: netdev@...r.kernel.org, Jakub Kicinski <kuba@...nel.org>,
"David S. Miller" <davem@...emloft.net>,
Jiri Pirko <jiri@...nulli.us>, Roopa Prabhu <roopa@...dia.com>,
Nikolay Aleksandrov <nikolay@...dia.com>,
bridge@...ts.linux-foundation.org,
syzkaller-bugs <syzkaller-bugs@...glegroups.com>,
syzbot+9ba1174359adba5a5b7c@...kaller.appspotmail.com
Subject: Re: [PATCH net] net: bridge: validate the NUD_PERMANENT bit when
adding an extern_learn FDB entry
On Mon, Aug 02, 2021 at 02:17:30AM +0300, Vladimir Oltean wrote:
> diff --git a/net/bridge/br.c b/net/bridge/br.c
> index ef743f94254d..bbab9984f24e 100644
> --- a/net/bridge/br.c
> +++ b/net/bridge/br.c
> @@ -166,7 +166,8 @@ static int br_switchdev_event(struct notifier_block *unused,
> case SWITCHDEV_FDB_ADD_TO_BRIDGE:
> fdb_info = ptr;
> err = br_fdb_external_learn_add(br, p, fdb_info->addr,
> - fdb_info->vid, false);
> + fdb_info->vid,
> + fdb_info->is_local, false);
When 'is_local' was added in commit 2c4eca3ef716 ("net: bridge:
switchdev: include local flag in FDB notifications") it was not
initialized in all the call sites that emit
'SWITCHDEV_FDB_ADD_TO_BRIDGE' notification, so it can contain garbage.
> if (err) {
> err = notifier_from_errno(err);
> break;
[...]
> @@ -1281,6 +1292,10 @@ int br_fdb_external_learn_add(struct net_bridge *br, struct net_bridge_port *p,
>
> if (swdev_notify)
> flags |= BIT(BR_FDB_ADDED_BY_USER);
> +
> + if (is_local)
> + flags |= BIT(BR_FDB_LOCAL);
I have at least once selftest where I forgot the 'static' keyword:
bridge fdb add de:ad:be:ef:13:37 dev $swp1 master extern_learn vlan 1
This patch breaks the test when run against both the kernel and hardware
data paths. I don't mind patching these tests, but we might get more
reports in the future.
Nik, what do you think?
> +
> fdb = fdb_create(br, p, addr, vid, flags);
> if (!fdb) {
> err = -ENOMEM;
> @@ -1307,6 +1322,9 @@ int br_fdb_external_learn_add(struct net_bridge *br, struct net_bridge_port *p,
> if (swdev_notify)
> set_bit(BR_FDB_ADDED_BY_USER, &fdb->flags);
>
> + if (is_local)
> + set_bit(BR_FDB_LOCAL, &fdb->flags);
> +
> if (modified)
> fdb_notify(br, fdb, RTM_NEWNEIGH, swdev_notify);
> }
> diff --git a/net/bridge/br_private.h b/net/bridge/br_private.h
> index 2b48b204205e..aa64d8d63ca3 100644
> --- a/net/bridge/br_private.h
> +++ b/net/bridge/br_private.h
> @@ -711,7 +711,7 @@ int br_fdb_get(struct sk_buff *skb, struct nlattr *tb[], struct net_device *dev,
> int br_fdb_sync_static(struct net_bridge *br, struct net_bridge_port *p);
> void br_fdb_unsync_static(struct net_bridge *br, struct net_bridge_port *p);
> int br_fdb_external_learn_add(struct net_bridge *br, struct net_bridge_port *p,
> - const unsigned char *addr, u16 vid,
> + const unsigned char *addr, u16 vid, bool is_local,
> bool swdev_notify);
> int br_fdb_external_learn_del(struct net_bridge *br, struct net_bridge_port *p,
> const unsigned char *addr, u16 vid,
> --
> 2.25.1
>
Powered by blists - more mailing lists