From: Steffen Klassert <steffen.klassert@secunet.com>
To: Herbert Xu <herbert@gondor.apana.org.au>
Cc: David Miller <davem@davemloft.net>, netdev@vger.kernel.org
Subject: Re: [PATCH] xfrm: Perform a replay check after return from async codepaths
Date: Wed, 21 Sep 2011 13:57:27 +0200 [thread overview]
Message-ID: <20110921115727.GX1808@secunet.com> (raw)
In-Reply-To: <20110921112158.GB18648@gondor.apana.org.au>
On Wed, Sep 21, 2011 at 09:21:58PM +1000, Herbert Xu wrote:
> On Wed, Sep 21, 2011 at 11:38:58AM +0200, Steffen Klassert wrote:
> > When asyncronous crypto algorithms are used, there might be many
> > packets that passed the xfrm replay check, but the replay advance
> > function is not called yet for these packets. So the replay check
> > function would accept a replay of all of these packets. Also the
> > system might crash if there are more packets in async processing
> > than the size of the anti replay window, because the replay advance
> > function would try to update the replay window beyond the bounds.
> >
> > This pach adds a second replay check after resuming from the async
> > processing to fix these issues.
> >
> > Signed-off-by: Steffen Klassert <steffen.klassert@secunet.com>
>
> Actually why does this matter? For a single SA, the processing
> in xfrm_input should be completely synchronous, even when you're
> using asynchronous algorithms.
>
Well, I've got pretty reproduceable crashes when the sender of
the IPsec packets introduces reorder, that's why I noticed this.
The problem is, that the replay check function is called before
the asynchronous crypto processing and the replay advance function
is called after resume from the asynchronous processing. So
we can submit multiple packets to the crypto layer without
updating the replay window. This means that the replay check
function accepts packets that should have been dropped, because
they are reordered and more than 'replay window size' packets
to late. This leads to a crash as we try to update the replay
window beyond the allocated bounds.
next prev parent reply other threads:[~2011-09-21 11:57 UTC|newest]
Thread overview: 5+ messages / expand[flat|nested] mbox.gz Atom feed top
2011-09-21 9:38 [PATCH] xfrm: Perform a replay check after return from async codepaths Steffen Klassert
2011-09-21 11:21 ` Herbert Xu
2011-09-21 11:57 ` Steffen Klassert [this message]
2011-09-21 12:24 ` Herbert Xu
2011-09-21 19:21 ` David Miller
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20110921115727.GX1808@secunet.com \
--to=steffen.klassert@secunet.com \
--cc=davem@davemloft.net \
--cc=herbert@gondor.apana.org.au \
--cc=netdev@vger.kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.