lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <e4bdb561-4479-ebd1-2d44-d9418cd805ce@kernel.org>
Date:   Wed, 22 Feb 2023 08:20:37 -0700
From:   David Ahern <dsahern@...nel.org>
To:     Lu Wei <luwei32@...wei.com>, davem@...emloft.net,
        edumazet@...gle.com, kuba@...nel.org, pabeni@...hat.com,
        netdev@...r.kernel.org, linux-kernel@...r.kernel.org
Subject: Re: [PATCH net,v4,1/2] ipv6: Add lwtunnel encap size of all siblings
 in nexthop calculation

On 2/22/23 1:36 AM, Lu Wei wrote:
> In function rt6_nlmsg_size(), the length of nexthop is calculated
> by multipling the nexthop length of fib6_info and the number of
> siblings. However if the fib6_info has no lwtunnel but the siblings
> have lwtunnels, the nexthop length is less than it should be, and
> it will trigger a warning in inet6_rt_notify() as follows:
> 
> WARNING: CPU: 0 PID: 6082 at net/ipv6/route.c:6180 inet6_rt_notify+0x120/0x130
> ......
> Call Trace:
>  <TASK>
>  fib6_add_rt2node+0x685/0xa30
>  fib6_add+0x96/0x1b0
>  ip6_route_add+0x50/0xd0
>  inet6_rtm_newroute+0x97/0xa0
>  rtnetlink_rcv_msg+0x156/0x3d0
>  netlink_rcv_skb+0x5a/0x110
>  netlink_unicast+0x246/0x350
>  netlink_sendmsg+0x250/0x4c0
>  sock_sendmsg+0x66/0x70
>  ___sys_sendmsg+0x7c/0xd0
>  __sys_sendmsg+0x5d/0xb0
>  do_syscall_64+0x3f/0x90
>  entry_SYSCALL_64_after_hwframe+0x72/0xdc
> 
> This bug can be reproduced by script:
> 
> ip -6 addr add 2002::2/64 dev ens2
> ip -6 route add 100::/64 via 2002::1 dev ens2 metric 100
> 
> for i in 10 20 30 40 50 60 70;
> do
> 	ip link add link ens2 name ipv_$i type ipvlan
> 	ip -6 addr add 2002::$i/64 dev ipv_$i
> 	ifconfig ipv_$i up
> done
> 
> for i in 10 20 30 40 50 60;
> do
> 	ip -6 route append 100::/64 encap ip6 dst 2002::$i via 2002::1
> dev ipv_$i metric 100
> done
> 
> ip -6 route append 100::/64 via 2002::1 dev ipv_70 metric 100
> 
> This patch fixes it by adding nexthop_len of every siblings using
> rt6_nh_nlmsg_size().
> 
> Fixes: beb1afac518d ("net: ipv6: Add support to dump multipath routes via RTA_MULTIPATH attribute")
> Signed-off-by: Lu Wei <luwei32@...wei.com>
> ---
>  net/ipv6/route.c | 11 ++++++-----
>  1 file changed, 6 insertions(+), 5 deletions(-)
> 

Reviewed-by: David Ahern <dsahern@...nel.org>


Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ