| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-Id: <20250314120048.12569-1-justin.iurman@uliege.be> Date: Fri, 14 Mar 2025 13:00:45 +0100 From: Justin Iurman <justin.iurman@...ege.be> To: netdev@...r.kernel.org Cc: davem@...emloft.net, dsahern@...nel.org, edumazet@...gle.com, kuba@...nel.org, pabeni@...hat.com, horms@...nel.org, justin.iurman@...ege.be Subject: [PATCH net v2 0/3] net: fix lwtunnel reentry loops v2: - removed some patches from the -v1 series - added a patch that was initially sent separately - code style for the selftest (thanks Paolo) v1: - https://lore.kernel.org/all/20250311141238.19862-1-justin.iurman@uliege.be/ When the destination is the same after the transformation, we enter a lwtunnel loop. This is true for most of lwt users: ioam6, rpl, seg6, seg6_local, ila_lwt, and lwt_bpf. It can happen in their input() and output() handlers respectively, where either dst_input() or dst_output() is called at the end. It can also happen in xmit() handlers. Here is an example for rpl_input(): dump_stack_lvl+0x60/0x80 rpl_input+0x9d/0x320 lwtunnel_input+0x64/0xa0 lwtunnel_input+0x64/0xa0 lwtunnel_input+0x64/0xa0 lwtunnel_input+0x64/0xa0 lwtunnel_input+0x64/0xa0 [...] lwtunnel_input+0x64/0xa0 lwtunnel_input+0x64/0xa0 lwtunnel_input+0x64/0xa0 lwtunnel_input+0x64/0xa0 lwtunnel_input+0x64/0xa0 ip6_sublist_rcv_finish+0x85/0x90 ip6_sublist_rcv+0x236/0x2f0 ... until rpl_do_srh() fails, which means skb_cow_head() failed. This series provides a fix at the core level of lwtunnel to catch such loops when they're not caught by the respective lwtunnel users, and handle the loop case in ioam6 which is one of the users. This series also comes with a new selftest to detect some dst cache reference loops in lwtunnel users. Justin Iurman (3): net: lwtunnel: fix recursion loops net: ipv6: ioam6: fix lwtunnel_output() loop selftests: net: test for lwtunnel dst ref loops net/core/lwtunnel.c | 65 ++++- net/ipv6/ioam6_iptunnel.c | 8 +- tools/testing/selftests/net/Makefile | 1 + tools/testing/selftests/net/config | 2 + .../selftests/net/lwt_dst_cache_ref_loop.sh | 246 ++++++++++++++++++ 5 files changed, 306 insertions(+), 16 deletions(-) create mode 100755 tools/testing/selftests/net/lwt_dst_cache_ref_loop.sh -- 2.34.1
Powered by blists - more mailing lists