lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening PHC | |
Open Source and information security mailing list archives
| ||
|
Date: Mon, 1 Aug 2022 09:08:37 -0600 From: David Ahern <dsahern@...nel.org> To: Alexander Mikhalitsyn <alexander.mikhalitsyn@...tuozzo.com>, netdev@...r.kernel.org Cc: "Denis V. Lunev" <den@...nvz.org>, "David S. Miller" <davem@...emloft.net>, Eric Dumazet <edumazet@...gle.com>, Jakub Kicinski <kuba@...nel.org>, Paolo Abeni <pabeni@...hat.com>, Daniel Borkmann <daniel@...earbox.net>, Yajun Deng <yajun.deng@...ux.dev>, Roopa Prabhu <roopa@...dia.com>, linux-kernel@...r.kernel.org, Alexey Kuznetsov <kuznet@....inr.ac.ru>, Konstantin Khorenko <khorenko@...tuozzo.com>, kernel@...nvz.org Subject: Re: [PATCH 1/2] neigh: fix possible DoS due to net iface start/stop loop On 7/29/22 4:35 AM, Alexander Mikhalitsyn wrote: > The patch proposed doing very simple thing. It drops only packets from it does 2 things - adds a namespace check and a performance based change with the way the list is walked. > the same namespace in the pneigh_queue_purge() where network interface > state change is detected. This is enough to prevent the problem for the > whole node preserving original semantics of the code. > > diff --git a/net/core/neighbour.c b/net/core/neighbour.c > index 54625287ee5b..213ec0be800b 100644 > --- a/net/core/neighbour.c > +++ b/net/core/neighbour.c > @@ -386,8 +396,7 @@ static int __neigh_ifdown(struct neigh_table *tbl, struct net_device *dev, > neigh_flush_dev(tbl, dev, skip_perm); > pneigh_ifdown_and_unlock(tbl, dev); > > - del_timer_sync(&tbl->proxy_timer); why are you removing this line too? > - pneigh_queue_purge(&tbl->proxy_queue); > + pneigh_queue_purge(&tbl->proxy_queue, dev_net(dev)); > return 0; > } >
Powered by blists - more mailing lists