lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [thread-next>] [day] [month] [year] [list]
Message-Id: <20240702174451.22735-1-justin.iurman@uliege.be>
Date: Tue,  2 Jul 2024 19:44:49 +0200
From: Justin Iurman <justin.iurman@...ege.be>
To: netdev@...r.kernel.org
Cc: davem@...emloft.net,
	dsahern@...nel.org,
	edumazet@...gle.com,
	kuba@...nel.org,
	pabeni@...hat.com,
	linux-kernel@...r.kernel.org,
	justin.iurman@...ege.be
Subject: [PATCH net 0/2] net: ioam6: fix bugs in ioam6_iptunnel

When running some measurements on IOAM, we discovered a "bug" that
triggers two reallocations instead of one in some specific cases. Those
specific cases are:
- "inline" mode with pre-allocated data size 236 or 240 bytes
- "encap" mode with pre-allocated data size 196 or 200 bytes

The reason is that we (unluckily) fall on a boundary and, since we use
skb->mac_len by default in skb_cow_head(), the second call to
skb_cow_head() after the insertion may need more than available in the
headroom (because, there, we call LL_RESERVED_SPACE()). Example on a
machine that reallocates by steps of 64 bytes:
- I need to add 256 bytes (+14 skb->mac_len), so 270 bytes
- current headroom is 206 bytes
- call to skb_cow_head, the headroom is now 270 bytes (+64 bytes)
- after the insertion, we want to make sure that the dev has enough
  headroom (LL_RESERVED_SPACE() gives 16 bytes in our case: 14+2)
- current headroom is 14 bytes (yep, remember... see above)
- call to skb_cow_head... oh wait, I need 16 bytes and I only have 14
  available... let's reallocate! The headroom is now 78 bytes (+64)

And so every single time. Patch 2 solves this issue by providing a
mitigation.

Also, while fixing the above, we discovered another bug: after the
insertion, the second call to skb_cow_head() makes sure that the dev has
enough headroom for layer 2 and stuff. In that case, the "old" dst entry
is used, which is not correct. Patch 1 solves this issue.

Justin Iurman (2):
  net: ioam6: use "new" dst entry with skb_cow_head
  net: ioam6: mitigate the two reallocations problem

 net/ipv6/ioam6_iptunnel.c | 85 ++++++++++++++++++++-------------------
 1 file changed, 44 insertions(+), 41 deletions(-)

-- 
2.34.1


Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ