lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [day] [month] [year] [list] 
Message-ID: <20240827175907.ih2jjmmm6iyf5gsm@altlinux.org>
Date: Tue, 27 Aug 2024 20:59:07 +0300
From: Vitaly Chikunov <vt@...linux.org>
To: Greg KH <gregkh@...uxfoundation.org>
Cc: Salvatore Bonaccorso <carnil@...ian.org>,
	Willem de Bruijn <willemdebruijn.kernel@...il.com>,
	Christian Heusel <christian@...sel.eu>,
	Adrian Vladu <avladu@...udbasesolutions.com>,
	"Michael S. Tsirkin" <mst@...hat.com>,
	"alexander.duyck@...il.com" <alexander.duyck@...il.com>,
	"arefev@...mel.ru" <arefev@...mel.ru>,
	"davem@...emloft.net" <davem@...emloft.net>,
	"edumazet@...gle.com" <edumazet@...gle.com>,
	"jasowang@...hat.com" <jasowang@...hat.com>,
	"kuba@...nel.org" <kuba@...nel.org>,
	"netdev@...r.kernel.org" <netdev@...r.kernel.org>,
	"pabeni@...hat.com" <pabeni@...hat.com>,
	"stable@...r.kernel.org" <stable@...r.kernel.org>,
	"willemb@...gle.com" <willemb@...gle.com>,
	"regressions@...ts.linux.dev" <regressions@...ts.linux.dev>,
	David Prévot <taffit@...ian.org>
Subject: Re: [PATCH net] net: drop bad gso csum_start and offset in
 virtio_net_hdr

On Tue, Aug 27, 2024 at 03:16:50PM +0200, Greg KH wrote:
> On Mon, Aug 26, 2024 at 10:07:50PM +0200, Salvatore Bonaccorso wrote:
> > Hi,
> > 
> > On Mon, Aug 26, 2024 at 04:10:21PM +0200, Salvatore Bonaccorso wrote:
> > > Hi,
> > > 
> > > On Wed, Aug 21, 2024 at 10:05:12AM -0400, Willem de Bruijn wrote:
> > > > Vitaly Chikunov wrote:
> > > > > Willem,
> > > > > 
> > > > > On Wed, Aug 14, 2024 at 09:53:58AM GMT, Willem de Bruijn wrote:
> > > > > > Christian Heusel wrote:
> > > > > > > On 24/08/14 10:10AM, Adrian Vladu wrote:
> > > > > > > > Hello,
> > > > > > > > 
> > > > > > > > The 6.6.y branch has the patch already in the stable queue -> https://git.kernel.org/pub/scm/linux/kernel/git/stable/stable-queue.git/commit/?id=3e713b73c01fac163a5c8cb0953d1e300407a773, and it should be available in the 6.6.46 upcoming minor.
> > > > > > > > 
> > > > > > > > Thanks, Adrian.
> > > > > > > 
> > > > > > > Yeah it's also queued up for 6.10, which I both missed (sorry for that!).
> > > > > > > If I'm able to properly backport the patch for 6.1 I'll send that one,
> > > > > > > but my hopes are not too high that this will work ..
> > > > > > 
> > > > > > There are two conflicts.
> > > > > > 
> > > > > > The one in include/linux/virtio_net.h is resolved by first backporting
> > > > > > commit fc8b2a6194693 ("net: more strict VIRTIO_NET_HDR_GSO_UDP_L4
> > > > > > validation")
> > > > > > 
> > > > > > We did not backport that to stable because there was some slight risk
> > > > > > that applications might be affected. This has not surfaced.
> > > > > > 
> > > > > > The conflict in net/ipv4/udp_offload.c is not so easy to address.
> > > > > > There were lots of patches between v6.1 and linus/master, with far
> > > > > > fewer of these betwee v6.1 and linux-stable/linux-6.1.y.
> > > > > 
> > > > > BTW, we successfully cherry-picked 3 suggested[1] commits over v6.1.105 in
> > > > > ALT, and there is no reported problems as of yet.
> > > > > 
> > > > >   89add40066f9 ("net: drop bad gso csum_start and offset in virtio_net_hdr")
> > > > >   fc8b2a619469 ("net: more strict VIRTIO_NET_HDR_GSO_UDP_L4 validation")
> > > > >   9840036786d9 ("gso: fix dodgy bit handling for GSO_UDP_L4")
> > > > > 
> > > > > [1] https://lore.kernel.org/all/2024081147-altitude-luminous-19d1@gregkh/
> > > > 
> > > > That's good to hear.
> > > > 
> > > > These are all fine to go to 6.1 stable.
> > > 
> > > FWIW, as we are hit by this issue for Debian bookworm, we have testing
> > > as well from David Prévot <taffit@...ian.org>, cf. the report in
> > > https://bugs.debian.org/1079684 .
> > > 
> > > He mentions that the 9840036786d9 ("gso: fix dodgy bit handling for
> > > GSO_UDP_L4") patch does not apply cleanly, looks to be because of
> > > 1fd54773c267 ("udp: allow header check for dodgy GSO_UDP_L4 packets.")
> > > from 6.2-rc1, which are reverted in the commit.
> > 
> > Just to give an additional confirmation: Applying
> > 
> > 1fd54773c267 ("udp: allow header check for dodgy GSO_UDP_L4 packets.")

Interestingly, I don't need this commit cherry-picked when applying
above patchset over v6.1.106 (with my git 2.42.2). It applies cleanly
with two "Auto-merging" messages, then 2nd and 3rd hunks are not
applied. It seems that 1fd54773c267 only adds the changes that
following 9840036786d9 removes (in the 2nd and 3rd hunks). And the git
is smart enough to figure that out and just don't apply them when
cherry-picking. That explains why some commits that I say is apply
cleanly some other people cannot apply.

Thanks,

> > 9840036786d9 ("gso: fix dodgy bit handling for GSO_UDP_L4")
> > fc8b2a619469 ("net: more strict VIRTIO_NET_HDR_GSO_UDP_L4 validation")
> > 89add40066f9 ("net: drop bad gso csum_start and offset in virtio_net_hdr")
> 
> Ah, that works, thanks!
> 
> greg k-h

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ