lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Message-ID: <7omoigy5336yecxrm3mqiavs6ptrbmcmdxzxraj34646td3bln@zystzgpdkslr>
Date: Tue, 14 Oct 2025 15:18:10 +0200
From: Michal Kubecek <mkubecek@...e.cz>
To: Eric Dumazet <edumazet@...gle.com>
Cc: Paolo Abeni <pabeni@...hat.com>, Sabrina Dubroca <sd@...asysnail.net>, 
	"David S . Miller" <davem@...emloft.net>, Jakub Kicinski <kuba@...nel.org>, 
	Simon Horman <horms@...nel.org>, Willem de Bruijn <willemb@...gle.com>, netdev@...r.kernel.org, 
	eric.dumazet@...il.com
Subject: Re: [PATCH net] udp: drop secpath before storing an skb in a receive
 queue

On Tue, Oct 14, 2025 at 04:34:52AM GMT, Eric Dumazet wrote:
> On Tue, Oct 14, 2025 at 4:20 AM Michal Kubecek <mkubecek@...e.cz> wrote:
> >
> > On Tue, Oct 14, 2025 at 01:27:13AM GMT, Eric Dumazet wrote:
> > > diff --git a/net/ipv4/udp.c b/net/ipv4/udp.c
> > > index 95241093b7f0..932c21838b9b 100644
> > > --- a/net/ipv4/udp.c
> > > +++ b/net/ipv4/udp.c
> > > @@ -1851,8 +1851,13 @@ void skb_consume_udp(struct sock *sk, struct
> > > sk_buff *skb, int len)
> > >                 sk_peek_offset_bwd(sk, len);
> > >
> > >         if (!skb_shared(skb)) {
> > > -               if (unlikely(udp_skb_has_head_state(skb)))
> > > -                       skb_release_head_state(skb);
> > > +               if (unlikely(udp_skb_has_head_state(skb))) {
> > > +                       /* Make sure that skb_release_head_state()
> > > will have nothing to do. */
> > > +                       DEBUG_NET_WARN_ON_ONCE(skb_dst(skb));
> > > +                       DEBUG_NET_WARN_ON_ONCE(skb->destructor);
> > > +                       DEBUG_NET_WARN_ON_ONCE(skb_nfct(skb));
> > > +                       skb_ext_reset(skb);
> > > +               }
> > >                 skb_attempt_defer_free(skb);
> > >                 return;
> > >         }
> >
> > Tested this version on my system (with DEBUG_NET enabled) and everything
> > seems to work fine so far.
> >
> > Tested-by: Michal Kubecek <mkubecek@...e.cz>
> 
> Thanks for testing. I will follow Sabrina suggestion and send :
> 
> diff --git a/net/ipv4/udp.c b/net/ipv4/udp.c
> index 95241093b7f0..d66f273f9070 100644
> --- a/net/ipv4/udp.c
> +++ b/net/ipv4/udp.c
> @@ -1851,8 +1851,13 @@ void skb_consume_udp(struct sock *sk, struct
> sk_buff *skb, int len)
>                 sk_peek_offset_bwd(sk, len);
> 
>         if (!skb_shared(skb)) {
> -               if (unlikely(udp_skb_has_head_state(skb)))
> -                       skb_release_head_state(skb);
> +               /* Make sure that this skb has no dst, destructor
> +                * or conntracking parts, because it might stay
> +                * in a remote cpu list for a very long time.
> +                */
> +               DEBUG_NET_WARN_ON_ONCE(skb_dst(skb));
> +               DEBUG_NET_WARN_ON_ONCE(skb->destructor);
> +               DEBUG_NET_WARN_ON_ONCE(skb_nfct(skb));
>                 skb_attempt_defer_free(skb);
>                 return;
>         }

Running 6.18-rc1 with this patch right now, everything seems to work as
well. Thanks to everyone for quick response.

Tested-by: Michal Kubecek <mkubecek@...e.cz>

Michal

Download attachment "signature.asc" of type "application/pgp-signature" (489 bytes)

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ