lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [thread-next>] [day] [month] [year] [list] 
Message-ID: <CABcq3pG9GRCYqFDBAJ48H1vpnnX=41u+MhQnayF1ztLH4WX0Fw@mail.gmail.com>
Date:   Fri, 29 Oct 2021 13:51:30 +0300
From:   Andrew Melnichenko <andrew@...nix.com>
To:     davem@...emloft.net, willemb@...gle.com, bnemeth@...hat.com,
        gregkh@...uxfoundation.org
Cc:     Yan Vugenfirer <yan@...nix.com>,
        Yuri Benditovich <yuri.benditovich@...nix.com>,
        netdev@...r.kernel.org
Subject: VirtioNet L3 protocol patch advice request.

Hi all,
Recently I've discovered a patch that added an additional check for the
protocol in VirtioNet.
(https://www.spinics.net/lists/kernel/msg3866319.html)
Currently, that patch breaks UFOv6 support and possible USOv6 support in
upcoming patches.
The issue is the code next to the patch expects failure of
skb_flow_dissect_flow_keys_basic()
for IPv6 packets to retry it with protocol IPv6.
I'm not sure about the goals of the patch and propose the next solution:

static inline int virtio_net_hdr_set_proto(struct sk_buff *skb,
>                      const struct virtio_net_hdr *hdr)
> {
>     __be16 protocol;
>
>     protocol = dev_parse_header_protocol(skb);
>     switch (hdr->gso_type & ~VIRTIO_NET_HDR_GSO_ECN) {
>     case VIRTIO_NET_HDR_GSO_TCPV4:
>         skb->protocol = cpu_to_be16(ETH_P_IP);
>         break;
>     case VIRTIO_NET_HDR_GSO_TCPV6:
>         skb->protocol = cpu_to_be16(ETH_P_IPV6);
>         break;
>     case VIRTIO_NET_HDR_GSO_UDP:
>     case VIRTIO_NET_HDR_GSO_UDP_L4:
>         skb->protocol = protocol;
>     default:
>         return -EINVAL;
>     }
>
>     return protocol && protocol == skb->protocol ? 0 : -EINVAL;
> }
>

And in virtio_net_hdr_to_skb():

            if (!skb->protocol) {
>                 if(virtio_net_hdr_set_proto(skb, hdr))
>                     return -EINVAL;
>             }
>
>             if (!skb_flow_dissect_flow_keys_basic(NULL, skb, &keys,
>                              NULL, 0, 0, 0,
>                              0)) {
>                 return -EINVAL;
>             }
>

Would such changes suit the goals of the initial patch?

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ