| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Tue, 12 Oct 2021 22:44:54 +0000
From: Joel Stanley <joel@....id.au>
To: Kumar Thangavel <kumarthangavel.hcl@...il.com>
Cc: Samuel Mendoza-Jonas <sam@...dozajonas.com>,
"David S. Miller" <davem@...emloft.net>,
Jakub Kicinski <kuba@...nel.org>,
linux-aspeed <linux-aspeed@...ts.ozlabs.org>,
Networking <netdev@...r.kernel.org>,
OpenBMC Maillist <openbmc@...ts.ozlabs.org>,
Amithash Prasad <amithash@...com>,
Linux Kernel Mailing List <linux-kernel@...r.kernel.org>,
velumanit@....com, patrickw3@...com
Subject: Re: [PATCH] net: ncsi: Adding padding bytes in the payload
On Tue, 12 Oct 2021 at 06:23, Kumar Thangavel
<kumarthangavel.hcl@...il.com> wrote:
>
> Update NC-SI command handler (both standard and OEM) to take into
> account of payload paddings in allocating skb (in case of payload
> size is not 32-bit aligned).
>
> The checksum field follows payload field, without taking payload
> padding into account can cause checksum being truncated, leading to
> dropped packets.
Can you help us review this by pointing out where this is described in
the NCSI spec?
We've been running this code for a number of years now and I wonder
why this hasn't been a problem so far.
Cheers,
Joel
>
> Signed-off-by: Kumar Thangavel <thangavel.k@....com>
>
> ---
> net/ncsi/ncsi-cmd.c | 21 +++++++++++++++++----
> 1 file changed, 17 insertions(+), 4 deletions(-)
>
> diff --git a/net/ncsi/ncsi-cmd.c b/net/ncsi/ncsi-cmd.c
> index ba9ae482141b..4625fc935603 100644
> --- a/net/ncsi/ncsi-cmd.c
> +++ b/net/ncsi/ncsi-cmd.c
> @@ -214,11 +214,19 @@ static int ncsi_cmd_handler_oem(struct sk_buff *skb,
> struct ncsi_cmd_oem_pkt *cmd;
> unsigned int len;
>
> + /* NC-SI spec requires payload to be padded with 0
> + * to 32-bit boundary before the checksum field.
> + * Ensure the padding bytes are accounted for in
> + * skb allocation
> + */
> +
> + unsigned short payload = ALIGN(nca->payload, 4);
> +
> len = sizeof(struct ncsi_cmd_pkt_hdr) + 4;
> - if (nca->payload < 26)
> + if (payload < 26)
> len += 26;
> else
> - len += nca->payload;
> + len += payload;
>
> cmd = skb_put_zero(skb, len);
> memcpy(&cmd->mfr_id, nca->data, nca->payload);
> @@ -272,6 +280,7 @@ static struct ncsi_request *ncsi_alloc_command(struct ncsi_cmd_arg *nca)
> struct net_device *dev = nd->dev;
> int hlen = LL_RESERVED_SPACE(dev);
> int tlen = dev->needed_tailroom;
> + int payload;
> int len = hlen + tlen;
> struct sk_buff *skb;
> struct ncsi_request *nr;
> @@ -281,14 +290,18 @@ static struct ncsi_request *ncsi_alloc_command(struct ncsi_cmd_arg *nca)
> return NULL;
>
> /* NCSI command packet has 16-bytes header, payload, 4 bytes checksum.
> + * Payload needs padding so that the checksum field follwoing payload is
> + * aligned to 32bit boundary.
> * The packet needs padding if its payload is less than 26 bytes to
> * meet 64 bytes minimal ethernet frame length.
> */
> len += sizeof(struct ncsi_cmd_pkt_hdr) + 4;
> - if (nca->payload < 26)
> +
> + payload = ALIGN(nca->payload, 4);
> + if (payload < 26)
> len += 26;
> else
> - len += nca->payload;
> + len += payload;
>
> /* Allocate skb */
> skb = alloc_skb(len, GFP_ATOMIC);
> --
> 2.17.1
>
Powered by blists - more mailing lists