lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Message-ID: <229bcc37-de76-40ea-a30a-14e54a73265d@quicinc.com>
Date: Fri, 16 Aug 2024 07:30:23 -0700
From: Jeff Johnson <quic_jjohnson@...cinc.com>
To: Toke Høiland-Jørgensen <toke@...hat.com>,
        "Johannes
 Berg" <johannes@...solutions.net>,
        "David S. Miller" <davem@...emloft.net>,
        Eric Dumazet <edumazet@...gle.com>, Jakub Kicinski <kuba@...nel.org>,
        "Paolo
 Abeni" <pabeni@...hat.com>,
        Michael Braun <michael-dev@...i-braun.de>
CC: Harsh Kumar Bijlani <hbijlani@....qualcomm.com>,
        Kalyan Tallapragada
	<ktallapr@....qualcomm.com>,
        Jyothi Chukkapalli <jchukkap@....qualcomm.com>,
        Anirban Sirkhell <anirban@....qualcomm.com>,
        Johannes Berg
	<johannes.berg@...el.com>,
        <linux-wireless@...r.kernel.org>, <netdev@...r.kernel.org>,
        <linux-kernel@...r.kernel.org>, <ath12k@...ts.infradead.org>
Subject: Re: [PATCH] wifi: mac80211: Fix ieee80211_convert_to_unicast() logic

On 8/16/2024 4:31 AM, Toke Høiland-Jørgensen wrote:
> Jeff Johnson <quic_jjohnson@...cinc.com> writes:
> 
>> The current logic in ieee80211_convert_to_unicast() uses skb_clone()
>> to obtain an skb for each individual destination of a multicast
>> frame, and then updates the destination address in the cloned skb's
>> data buffer before placing that skb on the provided queue.
>>
>> This logic is flawed since skb_clone() shares the same data buffer
>> with the original and the cloned skb, and hence each time the
>> destination address is updated, it overwrites the previous destination
>> address in this shared buffer. As a result, due to the special handing
>> of the first valid destination, all of the skbs will eventually be
>> sent to that first destination.
> 
> Did you actually observe this happen in practice? ieee80211_change_da()
> does an skb_ensure_writable() check on the Ethernet header before
> writing it, so AFAICT it does not, in fact, overwrite the data of the
> original frame.

I'm proxying this change for our internal team, and they have observed that
unicast frames are not being sent to the separate STAs.

In response to your reply I went through the code again and it seems the
manner in which this functionality fails isn't as it was described to me.

Instead this functionality fails because we'd fail on the first
ieee80211_change_da() call and hence goto multicast and where only the
original skb would be queued and transmitted as a multicast frame

So the original logic is still faulty, only the actual faulty behavior is not
being described correctly: instead of sending multiple unicast frames to the
same STA we'd send a single multicast frame.

>> Fix this issue by using skb_copy() instead of skb_clone(). This will
>> result in a duplicate data buffer being allocated for each
>> destination, and hence each skb will be transmitted to the proper
>> destination.
> 
> Cf the above, it seems this change will just lead to more needless
> copying.

What other way is there to implement this multicast to unicast functionality?
https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=ebceec860fc370b2f4c23e95c51daa932e047913

All of this logic exists to support that feature.

Also note MLO multicast uses the skb_copy() methodology as well.

/jeff

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ