lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [thread-next>] [day] [month] [year] [list] 
Message-ID: <20251127091325.7248-1-maklimek97@gmail.com>
Date: Thu, 27 Nov 2025 10:13:22 +0100
From: Mariusz Klimek <maklimek97@...il.com>
To: netdev@...r.kernel.org
Cc: Mariusz Klimek <maklimek97@...il.com>
Subject: [PATCH net-next 0/3] net: gso: fix MTU validation of BIG TCP jumbograms

This series fixes the MTU validation of BIG TCP jumbograms and removes the
existing IP6SKB_FAKEJUMBO work-around that only fixes the issue in one
location.

For GSO packets, the length that matters for MTU validation is the segment
length, not the total length of the packet. skb_gso_network_seglen is used
by skb_gso_validate_network_len to calculate the segment length including
the network and transport headers and to then verify that the segment
length is below the MTU.

skb_gso_network_seglen assumes that the headers of the segments are
identical to those of the unsegmented packet, but that assumption is
incorrect for BIG TCP jumbograms which have an added HBH header that is
removed upon segmentation. The calculated segment length ends up being 8
bytes more than the actual segment length.

The actual segment length is set according to the MSS, so the segment
length calculated by skb_gso_network_seglen is greater than the MTU,
causing the skb_gso_validate_network_len check to fail despite the fact
that the actual segment length is lower than the MTU.

There is currently a work-around that fixes this bug in some cases:
ip6_xmit sets the IP6SKB_FAKEJUMBO flag for BIG TCP jumbograms, which
causes the MTU validation in ip6_finish_output_gso to be skipped
(intentionally). However, this work-around doesn't apply to MTU validations
performed in other places such as in ip6_forward. BIG TCP jumbograms don't
pass the MTU validation when forwarded locally and are therefore dropped,
unless the MTU of the originating interface is lower than the MTUs of the
rest of the interfaces the packets are forwarded through.

Mariusz Klimek (3):
  net: gso: do not include jumbogram HBH header in seglen calculation
  ipv6: remove IP6SKB_FAKEJUMBO flag
  selftests/net: remove unnecessary MTU config in big_tcp.sh

 include/linux/ipv6.h                   | 1 -
 net/core/gso.c                         | 4 ++++
 net/ipv6/ip6_output.c                  | 4 +---
 tools/testing/selftests/net/big_tcp.sh | 1 -
 4 files changed, 5 insertions(+), 5 deletions(-)

-- 
2.47.3

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ