From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-1.0 required=3.0 tests=HEADER_FROM_DIFFERENT_DOMAINS, MAILING_LIST_MULTI,SPF_PASS,URIBL_BLOCKED autolearn=ham autolearn_force=no version=3.4.0 Received: from mail.kernel.org (mail.kernel.org [198.145.29.99]) by smtp.lore.kernel.org (Postfix) with ESMTP id 26319C282CB for ; Tue, 5 Feb 2019 19:41:23 +0000 (UTC) Received: from vger.kernel.org (vger.kernel.org [209.132.180.67]) by mail.kernel.org (Postfix) with ESMTP id 074BD217D6 for ; Tue, 5 Feb 2019 19:41:23 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1729107AbfBETlW (ORCPT ); Tue, 5 Feb 2019 14:41:22 -0500 Received: from imap1.codethink.co.uk ([176.9.8.82]:46294 "EHLO imap1.codethink.co.uk" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1729387AbfBETlW (ORCPT ); Tue, 5 Feb 2019 14:41:22 -0500 Received: from [167.98.27.226] (helo=xylophone) by imap1.codethink.co.uk with esmtpsa (Exim 4.84_2 #1 (Debian)) id 1gr6as-0003Vg-Uz; Tue, 05 Feb 2019 19:41:19 +0000 Message-ID: <1549395678.2925.236.camel@codethink.co.uk> Subject: Re: [4.4] FragmentSmack security fixes From: Ben Hutchings To: Greg Kroah-Hartman Cc: Sasha Levin , stable , Eric Dumazet , Peter Oskolkov , Mao Wenan Date: Tue, 05 Feb 2019 19:41:18 +0000 In-Reply-To: <20190205184105.GA22198@kroah.com> References: <1549391183.2925.179.camel@codethink.co.uk> <20190205184105.GA22198@kroah.com> Organization: Codethink Ltd. Content-Type: text/plain; charset="UTF-8" X-Mailer: Evolution 3.22.6-1+deb9u1 Mime-Version: 1.0 Content-Transfer-Encoding: 8bit Sender: stable-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: stable@vger.kernel.org On Tue, 2019-02-05 at 19:41 +0100, Greg Kroah-Hartman wrote: > On Tue, Feb 05, 2019 at 06:26:23PM +0000, Ben Hutchings wrote: > > This is a backport of upstream changes to fix the FragmentSmack (CVE- > > 2018-5391) vulnerability. > > > > Peter Oskolkov checked an earlier version of this backport, but I have > > since rebased and added another 3 commits to it.  I tested with the > > ip_defrag.sh self-test that he added upstream, and it passed.  I have > > included the fix that is currently queued for the 4.9, 4.14 and 4.19 > > branches. > > That's a lot of patches, some of which I have already queued up in the > next 4.4 release which will happen in a day or so.  Are they all still > needed after the changes there are merged? Ah, yes, a lot of the changes are already in your queue and I'm not certain that all of mine are needed. However I can say that the changes currently in the queue are not correct: * The ip_defrag.sh self-test fails: in the ipv4 non-overlap case, after a few seconds, recv() returns an EAGAIN error. If I modify the script to continue running the other cases, however, they pass. * There is a reference leak which prevents the new network namespaces being torn down ("unregister_netdevice: waiting for lo to become free. Usage count = 61"). (I see similar warnings with my backport, but the number gradually decreases and they stop after * Shutdown hangs. Ben. -- Ben Hutchings, Software Developer   Codethink Ltd https://www.codethink.co.uk/ Dale House, 35 Dale Street Manchester, M1 2HF, United Kingdom On Tue, 2019-02-05 at 19:41 +0100, Greg Kroah-Hartman wrote: > On Tue, Feb 05, 2019 at 06:26:23PM +0000, Ben Hutchings wrote: > > This is a backport of upstream changes to fix the FragmentSmack (CVE- > > 2018-5391) vulnerability. > > > > Peter Oskolkov checked an earlier version of this backport, but I have > > since rebased and added another 3 commits to it.  I tested with the > > ip_defrag.sh self-test that he added upstream, and it passed.  I have > > included the fix that is currently queued for the 4.9, 4.14 and 4.19 > > branches. > > That's a lot of patches, some of which I have already queued up in the > next 4.4 release which will happen in a day or so.  Are they all still > needed after the changes there are merged? Ah, yes, a lot of the fragment-handling changes are already in your queue and I'm not certain that all of mine are needed. However I don't think the changes in your queue are complete and correct. When I run the ip_defrag.sh self-test: 1. The ipv4 non-overlap case fails after a few seconds, with recv() returning an EAGAIN error. If I modify the script to continue after an error, the other cases do pass, however. This is not a regression from 4.4.172, but with my changes all cases pass. 2. There is a reference leak which prevents the new network namespaces being cleaned up ("unregister_netdevice: waiting for lo to become free. Usage count = 61"). With 4.4.172 or with my changes applied, the warnings appear, but only for about a minute with the number gradually decreasing. So this is a regression. 3. If I run the test again, it hangs. Shutting down the VM also hangs. I think this is related to the previous issue. Again, this is a regression. Ben. -- Ben Hutchings, Software Developer   Codethink Ltd https://www.codethink.co.uk/ Dale House, 35 Dale Street Manchester, M1 2HF, United Kingdom