| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <99A14DCC-2F9B-4770-927F-075978141D8E@redhat.com>
Date: Thu, 27 Jun 2024 09:13:57 +0200
From: Eelco Chaudron <echaudro@...hat.com>
To: Adrián Moreno <amorenoz@...hat.com>
Cc: netdev@...r.kernel.org, aconole@...hat.com, horms@...nel.org,
i.maximets@....org, dev@...nvswitch.org, Jamal Hadi Salim <jhs@...atatu.com>,
Cong Wang <xiyou.wangcong@...il.com>, Jiri Pirko <jiri@...nulli.us>,
"David S. Miller" <davem@...emloft.net>, Eric Dumazet <edumazet@...gle.com>,
Jakub Kicinski <kuba@...nel.org>, Paolo Abeni <pabeni@...hat.com>,
linux-kernel@...r.kernel.org
Subject: Re: [PATCH net-next v5 02/10] net: sched: act_sample: add action
cookie to sample
On 26 Jun 2024, at 22:06, Adrián Moreno wrote:
> On Wed, Jun 26, 2024 at 04:28:01PM GMT, Eelco Chaudron wrote:
>>
>>
>> On 25 Jun 2024, at 22:51, Adrian Moreno wrote:
>>
>>> If the action has a user_cookie, pass it along to the sample so it can
>>> be easily identified.
>>>
>>> Signed-off-by: Adrian Moreno <amorenoz@...hat.com>
>>> ---
>>> net/sched/act_sample.c | 12 ++++++++++++
>>> 1 file changed, 12 insertions(+)
>>>
>>> diff --git a/net/sched/act_sample.c b/net/sched/act_sample.c
>>> index a69b53d54039..2ceb4d141b71 100644
>>> --- a/net/sched/act_sample.c
>>> +++ b/net/sched/act_sample.c
>>> @@ -167,7 +167,9 @@ TC_INDIRECT_SCOPE int tcf_sample_act(struct sk_buff *skb,
>>> {
>>> struct tcf_sample *s = to_sample(a);
>>> struct psample_group *psample_group;
>>> + u8 cookie_data[TC_COOKIE_MAX_SIZE];
>>> struct psample_metadata md = {};
>>> + struct tc_cookie *user_cookie;
>>> int retval;
>>>
>>> tcf_lastuse_update(&s->tcf_tm);
>>> @@ -189,6 +191,16 @@ TC_INDIRECT_SCOPE int tcf_sample_act(struct sk_buff *skb,
>>> if (skb_at_tc_ingress(skb) && tcf_sample_dev_ok_push(skb->dev))
>>> skb_push(skb, skb->mac_len);
>>>
>>> + rcu_read_lock();
>>> + user_cookie = rcu_dereference(a->user_cookie);
>>> + if (user_cookie) {
>>> + memcpy(cookie_data, user_cookie->data,
>>> + user_cookie->len);
>>
>> Maybe I’m over paranoid, but can we assume user_cookie->len, will not be larger than TC_COOKIE_MAX_SIZE?
>> Or should we do something like min(user_cookie->len, sizeof(cookie_data))
>>
>
> I think it's good to be paranoid with this kind of things. I do,
> however, think it should be safe to use. The cookie is extracted from
> the netlink attribute directly and its length is verified with the
> nla_policy [1]. So nothing that comes into the kernel should be larger
> than TC_COOKIE_MAX_SIZE.
ACK, confirmed that [1] seems to be the only way to set the cookie. So this patch seems fine to me too.
Acked-by: Eelco Chaudron <echaudro@...hat.com>
> I guess if there is some previous bug that allows for the size to get
> corrupted, then this might happen but doing those kind of checks in the
> fast path seems a bit excessive. For example, Ilya argued in v2 [2] that
> we should avoid zeroing "u8 cookie_data[TC_COOKIE_MAX_SIZE]" to safe the
> unneeded cycles.
>
> [1] https://github.com/torvalds/linux/blob/55027e689933ba2e64f3d245fb1ff185b3e7fc81/net/sched/act_api.c#L1299
> [2] https://patchwork.kernel.org/project/netdevbpf/patch/20240603185647.2310748-3-amorenoz@redhat.com/
>
> Thanks.
> Adrián
>
>>> + md.user_cookie = cookie_data;
>>> + md.user_cookie_len = user_cookie->len;
>>> + }
>>> + rcu_read_unlock();
>>> +
>>> md.trunc_size = s->truncate ? s->trunc_size : skb->len;
>>> psample_sample_packet(psample_group, skb, s->rate, &md);
>>>
>>> --
>>> 2.45.1
>>
Powered by blists - more mailing lists