From: Greg KH <gregkh@linuxfoundation.org>
To: Zubin Mithra <zsm@chromium.org>
Cc: netdev@vger.kernel.org, posk@google.com, edumazet@google.com,
willemb@google.com, davem@davemloft.net
Subject: Re: [PATCH v4.19.y] ip: fail fast on IP defrag errors
Date: Mon, 11 Feb 2019 12:44:34 +0100 [thread overview]
Message-ID: <20190211114434.GA1459@kroah.com> (raw)
In-Reply-To: <20190122174344.112456-1-zsm@chromium.org>
On Tue, Jan 22, 2019 at 09:43:44AM -0800, Zubin Mithra wrote:
> From: Peter Oskolkov <posk@google.com>
>
> commit 0ff89efb524631ac9901b81446b453c29711c376 upstream
>
> The current behavior of IP defragmentation is inconsistent:
> - some overlapping/wrong length fragments are dropped without
> affecting the queue;
> - most overlapping fragments cause the whole frag queue to be dropped.
>
> This patch brings consistency: if a bad fragment is detected,
> the whole frag queue is dropped. Two major benefits:
> - fail fast: corrupted frag queues are cleared immediately, instead of
> by timeout;
> - testing of overlapping fragments is now much easier: any kind of
> random fragment length mutation now leads to the frag queue being
> discarded (IP packet dropped); before this patch, some overlaps were
> "corrected", with tests not seeing expected packet drops.
>
> Note that in one case (see "if (end&7)" conditional) the current
> behavior is preserved as there are concerns that this could be
> legitimate padding.
>
> Signed-off-by: Peter Oskolkov <posk@google.com>
> Reviewed-by: Eric Dumazet <edumazet@google.com>
> Reviewed-by: Willem de Bruijn <willemb@google.com>
> Signed-off-by: David S. Miller <davem@davemloft.net>
> Signed-off-by: Zubin Mithra <zsm@chromium.org>
> ---
> Backport Note:
> - Syzkaller reported a UAF, as 0ff89efb5246 ("ip: fail fast on IP defrag
> errors") was not applied prior to applying d5f9565c8d5a ("net: ipv4: do
> not handle duplicate fragments as overlapping").
> Conflicts occur when 0ff89efb5246 is now applied onto 4.14.y/4.19.y,
> which this patch addresses.
> - An alternative to this patch would be to do the following :-
> - revert "net: ipv4: do not handle duplicate fragments as overlapping"
> (d5f9565c8d5ad on 4.19.y, 95b4b711444a on 4.14.y)
> - apply "ip: fail fast on IP defrag errors" (0ff89efb5246)
> - apply "net: ipv4: do not handle duplicate fragments as overlapping"
> (ade446403bfb)
This patch does not apply to the current 4.19.y tree (well, on top of my
latest patches that are queued for the next release).
Can you refresh it after the next 4.19.y release in a few days and
resend it along with a new 4.14.y patch as well?
thanks,
greg k-h
prev parent reply other threads:[~2019-02-11 11:44 UTC|newest]
Thread overview: 2+ messages / expand[flat|nested] mbox.gz Atom feed top
2019-01-22 17:43 [PATCH v4.19.y] ip: fail fast on IP defrag errors Zubin Mithra
2019-02-11 11:44 ` Greg KH [this message]
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20190211114434.GA1459@kroah.com \
--to=gregkh@linuxfoundation.org \
--cc=davem@davemloft.net \
--cc=edumazet@google.com \
--cc=netdev@vger.kernel.org \
--cc=posk@google.com \
--cc=willemb@google.com \
--cc=zsm@chromium.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).