lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Message-ID: <Y3WgFgLlRQSaguqv@Laptop-X1>
Date:   Thu, 17 Nov 2022 10:44:38 +0800
From:   Hangbin Liu <liuhangbin@...il.com>
To:     Jay Vosburgh <jay.vosburgh@...onical.com>
Cc:     "David S . Miller" <davem@...emloft.net>,
        Eric Dumazet <eric.dumazet@...il.com>, netdev@...r.kernel.org,
        Jakub Kicinski <kuba@...nel.org>,
        Jonathan Toppins <jtoppins@...hat.com>,
        Paolo Abeni <pabeni@...hat.com>,
        David Ahern <dsahern@...il.com>, Liang Li <liali@...hat.com>,
        David Ahern <dsahern@...nel.org>
Subject: Re: [PATCHv3 net] bonding: fix ICMPv6 header handling when receiving
 IPv6 messages

On Wed, Nov 16, 2022 at 07:16:14AM -0800, Jay Vosburgh wrote:
> >Hi David,
> >
> >The patch state[1] is Changes Requested, but I think Eric has no object on this
> >patch now. Should I keep waiting, or re-send the patch?
> >
> >[1] https://patchwork.kernel.org/project/netdevbpf/patch/20221109014018.312181-1-liuhangbin@gmail.com/
> 
> 	The excerpt above is confirming that using skb_header_pointer()
> is the correct implementation to use.
> 
> 	However, the patch needs to change to call skb_header_pointer()
> sooner, to insure that the IPv6 header is available.  I've copied the
> relevant part of the discussion below:
> 
> >>   	struct slave *curr_active_slave, *curr_arp_slave;
> >> -	struct icmp6hdr *hdr = icmp6_hdr(skb);
> >>   	struct in6_addr *saddr, *daddr;
> >> +	const struct icmp6hdr *hdr;
> >> +	struct icmp6hdr _hdr;
> >>     	if (skb->pkt_type == PACKET_OTHERHOST ||
> >>   	    skb->pkt_type == PACKET_LOOPBACK ||
> >> -	    hdr->icmp6_type != NDISC_NEIGHBOUR_ADVERTISEMENT)
> >> +	    ipv6_hdr(skb)->nexthdr != NEXTHDR_ICMP)
> >
> >
> >What makes sure IPv6 header is in skb->head (linear part of the skb) ?
> 
> 	The above comment is from Eric.  I had also mentioned that this
> particular problem already existed in the code being patched.

Yes, I also saw your comments. I was thinking to fix this issue separately.
i.e. in bond_rcv_validate(). With this we can check both IPv6 header and ARP
header. e.g.

diff --git a/drivers/net/bonding/bond_main.c b/drivers/net/bonding/bond_main.c
index 2c6356232668..ae4c30a25b76 100644
--- a/drivers/net/bonding/bond_main.c
+++ b/drivers/net/bonding/bond_main.c
@@ -3278,8 +3278,10 @@ int bond_rcv_validate(const struct sk_buff *skb, struct bonding *bond,
 {
 #if IS_ENABLED(CONFIG_IPV6)
 	bool is_ipv6 = skb->protocol == __cpu_to_be16(ETH_P_IPV6);
+	struct ipv6hdr ip6_hdr;
 #endif
 	bool is_arp = skb->protocol == __cpu_to_be16(ETH_P_ARP);
+	struct arphdr arp_hdr;
 
 	slave_dbg(bond->dev, slave->dev, "%s: skb->dev %s\n",
 		  __func__, skb->dev->name);
@@ -3293,10 +3295,10 @@ int bond_rcv_validate(const struct sk_buff *skb, struct bonding *bond,
 		    !slave_do_arp_validate_only(bond))
 			slave->last_rx = jiffies;
 		return RX_HANDLER_ANOTHER;
-	} else if (is_arp) {
+	} else if (is_arp && skb_header_pointer(skb, 0, sizeof(arp_hdr), &arp_hdr)) {
 		return bond_arp_rcv(skb, bond, slave);
 #if IS_ENABLED(CONFIG_IPV6)
-	} else if (is_ipv6) {
+	} else if (is_ipv6 && skb_header_pointer(skb, 0, sizeof(ip6_hdr), &ip6_hdr)) {
 		return bond_na_rcv(skb, bond, slave);
 #endif
 	} else {

What do you think?

Thanks
Hangbin

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ