diff for duplicates of <1512064629.19682.21.camel@gmail.com> diff --git a/a/1.txt b/N1/1.txt index babada5..fbb5681 100644 --- a/a/1.txt +++ b/N1/1.txt @@ -2,14 +2,14 @@ On Thu, 2017-11-30 at 10:30 -0700, David Ahern wrote: > On 11/30/17 8:44 AM, David Ahern wrote: > > On 11/30/17 3:50 AM, Eric Dumazet wrote: > > > @@ -1631,24 +1659,6 @@ int tcp_v4_rcv(struct sk_buff *skb) -> > > ? -> > > ? th = (const struct tcphdr *)skb->data; -> > > ? iph = ip_hdr(skb); +> > > +> > > th = (const struct tcphdr *)skb->data; +> > > iph = ip_hdr(skb); > > > - /* This is tricky : We move IPCB at its correct location > > > into TCP_SKB_CB() -> > > - ?* barrier() makes sure compiler wont play +> > > - * barrier() makes sure compiler wont play > > > fool^Waliasing games. -> > > - ?*/ +> > > - */ > > > - memmove(&TCP_SKB_CB(skb)->header.h4, IPCB(skb), > > > - sizeof(struct inet_skb_parm)); > > > - barrier(); @@ -17,20 +17,20 @@ On Thu, 2017-11-30 at 10:30 -0700, David Ahern wrote: > > > - TCP_SKB_CB(skb)->seq = ntohl(th->seq); > > > - TCP_SKB_CB(skb)->end_seq = (TCP_SKB_CB(skb)->seq + th- > > > >syn + th->fin + -> > > - ????skb->len - th->doff * 4); +> > > - skb->len - th->doff * 4); > > > - TCP_SKB_CB(skb)->ack_seq = ntohl(th->ack_seq); > > > - TCP_SKB_CB(skb)->tcp_flags = tcp_flag_byte(th); > > > - TCP_SKB_CB(skb)->tcp_tw_isn = 0; > > > - TCP_SKB_CB(skb)->ip_dsfield = ipv4_get_dsfield(iph); -> > > - TCP_SKB_CB(skb)->sacked ?= 0; +> > > - TCP_SKB_CB(skb)->sacked = 0; > > > - TCP_SKB_CB(skb)->has_rxtstamp = > > > - skb->tstamp || skb_hwtstamps(skb)- > > > >hwtstamp; > > > - -> > > ?lookup: -> > > ? sk = __inet_lookup_skb(&tcp_hashinfo, skb, +> > > lookup: +> > > sk = __inet_lookup_skb(&tcp_hashinfo, skb, > > > __tcp_hdrlen(th), th->source, -> > > ? ???????th->dest, sdif, &refcounted); +> > > th->dest, sdif, &refcounted); > > > > I believe moving the above is going to affect lookups with VRF. Let > > me @@ -51,14 +51,14 @@ On Thu, 2017-11-30 at 10:30 -0700, David Ahern wrote: > @@ -849,7 +849,7 @@ static inline bool inet_exact_dif_match(struct > net > *net, struct sk_buff *skb) -> ?{ -> ?#if IS_ENABLED(CONFIG_NET_L3_MASTER_DEV) -> ????????if (!net->ipv4.sysctl_tcp_l3mdev_accept && -> -???????????skb && ipv4_l3mdev_skb(TCP_SKB_CB(skb)->header.h4.flags)) -> +???????????skb && ipv4_l3mdev_skb(IPCB(skb)->flags)) -> ????????????????return true; -> ?#endif -> ????????return false; +> { +> #if IS_ENABLED(CONFIG_NET_L3_MASTER_DEV) +> if (!net->ipv4.sysctl_tcp_l3mdev_accept && +> - skb && ipv4_l3mdev_skb(TCP_SKB_CB(skb)->header.h4.flags)) +> + skb && ipv4_l3mdev_skb(IPCB(skb)->flags)) +> return true; +> #endif +> return false; I wonder if this should not be in a separate patch ? @@ -73,8 +73,3 @@ so that David can decide which path needs to be backported into each stable version. Thanks. - --- -To unsubscribe from this list: send the line "unsubscribe linux-security-module" in -the body of a message to majordomo at vger.kernel.org -More majordomo info at http://vger.kernel.org/majordomo-info.html diff --git a/a/content_digest b/N1/content_digest index 347178f..7494bc6 100644 --- a/a/content_digest +++ b/N1/content_digest @@ -5,24 +5,31 @@ "ref\01512039044.19682.12.camel@gmail.com\0" "ref\0b92c6b3d-5c7e-9859-4bb2-b1a0aa64d86b@gmail.com\0" "ref\0d29937fd-dd04-8568-f89c-505ff725761a@gmail.com\0" - "From\0eric.dumazet@gmail.com (Eric Dumazet)\0" - "Subject\0[BUG] kernel stack corruption during/after Netlabel error\0" + "From\0Eric Dumazet <eric.dumazet@gmail.com>\0" + "Subject\0Re: [BUG] kernel stack corruption during/after Netlabel error\0" "Date\0Thu, 30 Nov 2017 09:57:09 -0800\0" - "To\0linux-security-module@vger.kernel.org\0" + "To\0David Ahern <dsahern@gmail.com>" + Casey Schaufler <casey@schaufler-ca.com> + " James Morris <james.l.morris@oracle.com>\0" + "Cc\0Paul Moore <paul@paul-moore.com>" + netdev@vger.kernel.org + Stephen Smalley <sds@tycho.nsa.gov> + selinux@tycho.nsa.gov + " LSM <linux-security-module@vger.kernel.org>\0" "\00:1\0" "b\0" "On Thu, 2017-11-30 at 10:30 -0700, David Ahern wrote:\n" "> On 11/30/17 8:44 AM, David Ahern wrote:\n" "> > On 11/30/17 3:50 AM, Eric Dumazet wrote:\n" "> > > @@ -1631,24 +1659,6 @@ int tcp_v4_rcv(struct sk_buff *skb)\n" - "> > > ?\n" - "> > > ?\tth = (const struct tcphdr *)skb->data;\n" - "> > > ?\tiph = ip_hdr(skb);\n" + "> > > \302\240\n" + "> > > \302\240\tth = (const struct tcphdr *)skb->data;\n" + "> > > \302\240\tiph = ip_hdr(skb);\n" "> > > -\t/* This is tricky : We move IPCB at its correct location\n" "> > > into TCP_SKB_CB()\n" - "> > > -\t?* barrier() makes sure compiler wont play\n" + "> > > -\t\302\240* barrier() makes sure compiler wont play\n" "> > > fool^Waliasing games.\n" - "> > > -\t?*/\n" + "> > > -\t\302\240*/\n" "> > > -\tmemmove(&TCP_SKB_CB(skb)->header.h4, IPCB(skb),\n" "> > > -\t\tsizeof(struct inet_skb_parm));\n" "> > > -\tbarrier();\n" @@ -30,20 +37,20 @@ "> > > -\tTCP_SKB_CB(skb)->seq = ntohl(th->seq);\n" "> > > -\tTCP_SKB_CB(skb)->end_seq = (TCP_SKB_CB(skb)->seq + th-\n" "> > > >syn + th->fin +\n" - "> > > -\t\t\t\t????skb->len - th->doff * 4);\n" + "> > > -\t\t\t\t\302\240\302\240\302\240\302\240skb->len - th->doff * 4);\n" "> > > -\tTCP_SKB_CB(skb)->ack_seq = ntohl(th->ack_seq);\n" "> > > -\tTCP_SKB_CB(skb)->tcp_flags = tcp_flag_byte(th);\n" "> > > -\tTCP_SKB_CB(skb)->tcp_tw_isn = 0;\n" "> > > -\tTCP_SKB_CB(skb)->ip_dsfield = ipv4_get_dsfield(iph);\n" - "> > > -\tTCP_SKB_CB(skb)->sacked\t?= 0;\n" + "> > > -\tTCP_SKB_CB(skb)->sacked\t\302\240= 0;\n" "> > > -\tTCP_SKB_CB(skb)->has_rxtstamp =\n" "> > > -\t\t\tskb->tstamp || skb_hwtstamps(skb)-\n" "> > > >hwtstamp;\n" "> > > -\n" - "> > > ?lookup:\n" - "> > > ?\tsk = __inet_lookup_skb(&tcp_hashinfo, skb,\n" + "> > > \302\240lookup:\n" + "> > > \302\240\tsk = __inet_lookup_skb(&tcp_hashinfo, skb,\n" "> > > __tcp_hdrlen(th), th->source,\n" - "> > > ?\t\t\t???????th->dest, sdif, &refcounted);\n" + "> > > \302\240\t\t\t\302\240\302\240\302\240\302\240\302\240\302\240\302\240th->dest, sdif, &refcounted);\n" "> > \n" "> > I believe moving the above is going to affect lookups with VRF. Let\n" "> > me\n" @@ -64,14 +71,14 @@ "> @@ -849,7 +849,7 @@ static inline bool inet_exact_dif_match(struct\n" "> net\n" "> *net, struct sk_buff *skb)\n" - "> ?{\n" - "> ?#if IS_ENABLED(CONFIG_NET_L3_MASTER_DEV)\n" - "> ????????if (!net->ipv4.sysctl_tcp_l3mdev_accept &&\n" - "> -???????????skb && ipv4_l3mdev_skb(TCP_SKB_CB(skb)->header.h4.flags))\n" - "> +???????????skb && ipv4_l3mdev_skb(IPCB(skb)->flags))\n" - "> ????????????????return true;\n" - "> ?#endif\n" - "> ????????return false;\n" + "> \302\240{\n" + "> \302\240#if IS_ENABLED(CONFIG_NET_L3_MASTER_DEV)\n" + "> \302\240\302\240\302\240\302\240\302\240\302\240\302\240\302\240if (!net->ipv4.sysctl_tcp_l3mdev_accept &&\n" + "> -\302\240\302\240\302\240\302\240\302\240\302\240\302\240\302\240\302\240\302\240\302\240skb && ipv4_l3mdev_skb(TCP_SKB_CB(skb)->header.h4.flags))\n" + "> +\302\240\302\240\302\240\302\240\302\240\302\240\302\240\302\240\302\240\302\240\302\240skb && ipv4_l3mdev_skb(IPCB(skb)->flags))\n" + "> \302\240\302\240\302\240\302\240\302\240\302\240\302\240\302\240\302\240\302\240\302\240\302\240\302\240\302\240\302\240\302\240return true;\n" + "> \302\240#endif\n" + "> \302\240\302\240\302\240\302\240\302\240\302\240\302\240\302\240return false;\n" "\n" "\n" "I wonder if this should not be in a separate patch ?\n" @@ -85,11 +92,6 @@ "so that David can decide which path needs to be backported into each\n" "stable version.\n" "\n" - "Thanks.\n" - "\n" - "--\n" - "To unsubscribe from this list: send the line \"unsubscribe linux-security-module\" in\n" - "the body of a message to majordomo at vger.kernel.org\n" - More majordomo info at http://vger.kernel.org/majordomo-info.html + Thanks. -d6963b2c838442443b79ef252e3ed465a7c10051e68f92d5b58d36036ecf35a0 +a00d79a3d229d82c4ff819291ab886472aa495d5bfabaa64b49cddb3e49b54ae
This is an external index of several public inboxes, see mirroring instructions on how to clone and mirror all data and code used by this external index.