All of lore.kernel.org
 help / color / mirror / Atom feed
* [PATCH net 0/2] Netfilter/IPVS fixes for net
@ 2021-11-01 22:15 Pablo Neira Ayuso
  2021-11-01 22:15 ` [PATCH net 1/2] netfilter: nfnetlink_queue: fix OOB when mac header was cleared Pablo Neira Ayuso
  2021-11-01 22:15 ` [PATCH net 2/2] ipvs: autoload ipvs on genl access Pablo Neira Ayuso
  0 siblings, 2 replies; 4+ messages in thread
From: Pablo Neira Ayuso @ 2021-11-01 22:15 UTC (permalink / raw)
  To: netfilter-devel; +Cc: davem, netdev, kuba

Hi,

The following patchset contains Netfilter/IPVS fixes for net:

1) Fix mac address UAF reported by KASAN in nfnetlink_queue,
   from Florian Westphal.

2) Autoload genetlink IPVS on demand, from Thomas Weissschuh.

Please, pull these changes from:

  git://git.kernel.org/pub/scm/linux/kernel/git/pablo/nf.git

Thanks.

----------------------------------------------------------------

The following changes since commit 64222515138e43da1fcf288f0289ef1020427b87:

  Merge tag 'drm-fixes-2021-10-22' of git://anongit.freedesktop.org/drm/drm (2021-10-21 19:06:08 -1000)

are available in the Git repository at:

  git://git.kernel.org/pub/scm/linux/kernel/git/pablo/nf.git HEAD

for you to fetch changes up to 2199f562730dd1382946e0a2532afc38cd444129:

  ipvs: autoload ipvs on genl access (2021-10-22 14:10:17 +0200)

----------------------------------------------------------------
Florian Westphal (1):
      netfilter: nfnetlink_queue: fix OOB when mac header was cleared

Thomas Weißschuh (1):
      ipvs: autoload ipvs on genl access

 net/netfilter/ipvs/ip_vs_ctl.c  | 2 ++
 net/netfilter/nfnetlink_queue.c | 2 +-
 2 files changed, 3 insertions(+), 1 deletion(-)

^ permalink raw reply	[flat|nested] 4+ messages in thread
* [PATCH net 1/2] netfilter: nfnetlink_queue: fix OOB when mac header was cleared
  2021-11-01 22:15 [PATCH net 0/2] Netfilter/IPVS fixes for net Pablo Neira Ayuso
@ 2021-11-01 22:15 ` Pablo Neira Ayuso
  2021-11-03  1:20   ` patchwork-bot+netdevbpf
  2021-11-01 22:15 ` [PATCH net 2/2] ipvs: autoload ipvs on genl access Pablo Neira Ayuso
  1 sibling, 1 reply; 4+ messages in thread
From: Pablo Neira Ayuso @ 2021-11-01 22:15 UTC (permalink / raw)
  To: netfilter-devel; +Cc: davem, netdev, kuba

From: Florian Westphal <fw@strlen.de>

On 64bit platforms the MAC header is set to 0xffff on allocation and
also when a helper like skb_unset_mac_header() is called.

dev_parse_header may call skb_mac_header() which assumes valid mac offset:

 BUG: KASAN: use-after-free in eth_header_parse+0x75/0x90
 Read of size 6 at addr ffff8881075a5c05 by task nf-queue/1364
 Call Trace:
  memcpy+0x20/0x60
  eth_header_parse+0x75/0x90
  __nfqnl_enqueue_packet+0x1a61/0x3380
  __nf_queue+0x597/0x1300
  nf_queue+0xf/0x40
  nf_hook_slow+0xed/0x190
  nf_hook+0x184/0x440
  ip_output+0x1c0/0x2a0
  nf_reinject+0x26f/0x700
  nfqnl_recv_verdict+0xa16/0x18b0
  nfnetlink_rcv_msg+0x506/0xe70

The existing code only works if the skb has a mac header.

Fixes: 2c38de4c1f8da7 ("netfilter: fix looped (broad|multi)cast's MAC handling")
Signed-off-by: Florian Westphal <fw@strlen.de>
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
---
 net/netfilter/nfnetlink_queue.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/net/netfilter/nfnetlink_queue.c b/net/netfilter/nfnetlink_queue.c
index 4c3fbaaeb103..4acc4b8e9fe5 100644
--- a/net/netfilter/nfnetlink_queue.c
+++ b/net/netfilter/nfnetlink_queue.c
@@ -560,7 +560,7 @@ nfqnl_build_packet_message(struct net *net, struct nfqnl_instance *queue,
 		goto nla_put_failure;
 
 	if (indev && entskb->dev &&
-	    entskb->mac_header != entskb->network_header) {
+	    skb_mac_header_was_set(entskb)) {
 		struct nfqnl_msg_packet_hw phw;
 		int len;
 
-- 
2.30.2


^ permalink raw reply related	[flat|nested] 4+ messages in thread
* [PATCH net 2/2] ipvs: autoload ipvs on genl access
  2021-11-01 22:15 [PATCH net 0/2] Netfilter/IPVS fixes for net Pablo Neira Ayuso
  2021-11-01 22:15 ` [PATCH net 1/2] netfilter: nfnetlink_queue: fix OOB when mac header was cleared Pablo Neira Ayuso
@ 2021-11-01 22:15 ` Pablo Neira Ayuso
  1 sibling, 0 replies; 4+ messages in thread
From: Pablo Neira Ayuso @ 2021-11-01 22:15 UTC (permalink / raw)
  To: netfilter-devel; +Cc: davem, netdev, kuba

From: Thomas Weißschuh <linux@weissschuh.net>

The kernel provides the functionality to automatically load modules
providing genl families. Use this to remove the need for users to
manually load the module.

Signed-off-by: Thomas Weißschuh <linux@weissschuh.net>
Acked-by: Julian Anastasov <ja@ssi.bg>
Acked-by: Simon Horman <horms@verge.net.au>
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
---
 net/netfilter/ipvs/ip_vs_ctl.c | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/net/netfilter/ipvs/ip_vs_ctl.c b/net/netfilter/ipvs/ip_vs_ctl.c
index 29ec3ef63edc..0ff94c66641f 100644
--- a/net/netfilter/ipvs/ip_vs_ctl.c
+++ b/net/netfilter/ipvs/ip_vs_ctl.c
@@ -48,6 +48,8 @@
 
 #include <net/ip_vs.h>
 
+MODULE_ALIAS_GENL_FAMILY(IPVS_GENL_NAME);
+
 /* semaphore for IPVS sockopts. And, [gs]etsockopt may sleep. */
 static DEFINE_MUTEX(__ip_vs_mutex);
 
-- 
2.30.2


^ permalink raw reply related	[flat|nested] 4+ messages in thread
* Re: [PATCH net 1/2] netfilter: nfnetlink_queue: fix OOB when mac header was cleared
  2021-11-01 22:15 ` [PATCH net 1/2] netfilter: nfnetlink_queue: fix OOB when mac header was cleared Pablo Neira Ayuso
@ 2021-11-03  1:20   ` patchwork-bot+netdevbpf
  0 siblings, 0 replies; 4+ messages in thread
From: patchwork-bot+netdevbpf @ 2021-11-03  1:20 UTC (permalink / raw)
  To: Pablo Neira Ayuso; +Cc: netfilter-devel, davem, netdev, kuba

Hello:

This series was applied to netdev/net.git (master)
by Pablo Neira Ayuso <pablo@netfilter.org>:

On Mon,  1 Nov 2021 23:15:27 +0100 you wrote:
> From: Florian Westphal <fw@strlen.de>
> 
> On 64bit platforms the MAC header is set to 0xffff on allocation and
> also when a helper like skb_unset_mac_header() is called.
> 
> dev_parse_header may call skb_mac_header() which assumes valid mac offset:
> 
> [...]

Here is the summary with links:
  - [net,1/2] netfilter: nfnetlink_queue: fix OOB when mac header was cleared
    https://git.kernel.org/netdev/net/c/5648b5e1169f
  - [net,2/2] ipvs: autoload ipvs on genl access
    https://git.kernel.org/netdev/net/c/2199f562730d

You are awesome, thank you!
-- 
Deet-doot-dot, I am a bot.
https://korg.docs.kernel.org/patchwork/pwbot.html



^ permalink raw reply	[flat|nested] 4+ messages in thread
end of thread, other threads:[~2021-11-03  1:20 UTC | newest]

Thread overview: 4+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2021-11-01 22:15 [PATCH net 0/2] Netfilter/IPVS fixes for net Pablo Neira Ayuso
2021-11-01 22:15 ` [PATCH net 1/2] netfilter: nfnetlink_queue: fix OOB when mac header was cleared Pablo Neira Ayuso
2021-11-03  1:20   ` patchwork-bot+netdevbpf
2021-11-01 22:15 ` [PATCH net 2/2] ipvs: autoload ipvs on genl access Pablo Neira Ayuso

This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.