lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Date:   Fri, 21 Apr 2023 08:15:36 -0700
From:   Jakub Kicinski <kuba@...nel.org>
To:     Pedro Tammela <pctammela@...atatu.com>
Cc:     netdev@...r.kernel.org, jhs@...atatu.com, xiyou.wangcong@...il.com,
        jiri@...nulli.us, davem@...emloft.net, edumazet@...gle.com,
        pabeni@...hat.com, simon.horman@...igine.com
Subject: Re: [PATCH net-next v4 3/5] net/sched: act_pedit: check static
 offsets a priori

On Fri, 21 Apr 2023 12:12:54 -0300 Pedro Tammela wrote:
> On 20/04/2023 23:41, Jakub Kicinski wrote:
> > On Tue, 18 Apr 2023 20:43:52 -0300 Pedro Tammela wrote:  
> >> @@ -414,12 +420,12 @@ TC_INDIRECT_SCOPE int tcf_pedit_act(struct sk_buff *skb,
> >>   					       sizeof(_d), &_d);
> >>   			if (!d)
> >>   				goto bad;
> >> -			offset += (*d & tkey->offmask) >> tkey->shift;
> >> -		}
> >>   
> >> -		if (offset % 4) {
> >> -			pr_info("tc action pedit offset must be on 32 bit boundaries\n");
> >> -			goto bad;
> >> +			offset += (*d & tkey->offmask) >> tkey->shift;  
> > 
> > this line loads part of the offset from packet data, so it's not
> > exactly equivalent to the init time check.  
> 
> The code uses 'tkey->offmask' as a check for static offsets vs packet 
> derived offsets, which have different handling.
> By checking the static offsets at init we can move the datapath
> 'offset % 4' check for the packet derived offsets only.
> 
> Note that this change only affects the offsets defined in 'tkey->off', 
> the 'at' offset logic stays the same.
> My intention was to keep the code semantically the same.
> Did I miss anything?

You are now erroring out if the static offset is not divisible by 4,
and technically it was possible to construct a case where that'd work
previously - if static offset was 2 and we load another 2 from the
packet, no?

If so it needs to be mentioned in the commit msg.

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ