All of lore.kernel.org
 help / color / mirror / Atom feed
* Please merge IPv6 fix for drop fragment smaller than MTU
@ 2019-04-01 21:34 Captain Wiggum
  2019-04-01 21:48 ` Florian Westphal
  2019-04-02  6:38 ` Greg Kroah-Hartman
  0 siblings, 2 replies; 4+ messages in thread
From: Captain Wiggum @ 2019-04-01 21:34 UTC (permalink / raw)
  To: Greg Kroah-Hartman; +Cc: Florian Westphal, Eric Dumazet, Peter Oskolkov, netdev

Hi Greg,

An error was introduced in 4.9.134 (and the other LTS branches also).
This causes 18 test cases from the TAHI IPv6 test suite to fail.
I added you to the mail thread about this subject a month back.
It has been fixed in upstream for some time now, but not in the LTS branches.
Please merge this undo-patch into the LTS branches.

$ git diff a8444b1ccb20339774af58e40ad42296074fb484
a8444b1ccb20339774af58e40ad42296074fb484~

diff --git a/net/ipv6/netfilter/nf_conntrack_reasm.c
b/net/ipv6/netfilter/nf_conntrack_reasm.c
index b815417..ff49d1f 100644
--- a/net/ipv6/netfilter/nf_conntrack_reasm.c
+++ b/net/ipv6/netfilter/nf_conntrack_reasm.c
@@ -564,10 +564,6 @@ int nf_ct_frag6_gather(struct net *net, struct
sk_buff *skb, u32 user)
        hdr = ipv6_hdr(skb);
        fhdr = (struct frag_hdr *)skb_transport_header(skb);

-       if (skb->len - skb_network_offset(skb) < IPV6_MIN_MTU &&
-           fhdr->frag_off & htons(IP6_MF))
-               return -EINVAL;
-
        skb_orphan(skb);
        fq = fq_find(net, fhdr->identification, user, hdr,
                     skb->dev ? skb->dev->ifindex : 0);
diff --git a/net/ipv6/reassembly.c b/net/ipv6/reassembly.c
index 78656bb..dbe726c 100644
--- a/net/ipv6/reassembly.c
+++ b/net/ipv6/reassembly.c
@@ -516,10 +516,6 @@ static int ipv6_frag_rcv(struct sk_buff *skb)
                return 1;
        }

-       if (skb->len - skb_network_offset(skb) < IPV6_MIN_MTU &&
-           fhdr->frag_off & htons(IP6_MF))
-               goto fail_hdr;
-
        iif = skb->dev ? skb->dev->ifindex : 0;
        fq = fq_find(net, fhdr->identification, hdr, iif);
        if (fq) {

^ permalink raw reply related	[flat|nested] 4+ messages in thread
* Re: Please merge IPv6 fix for drop fragment smaller than MTU
  2019-04-01 21:34 Please merge IPv6 fix for drop fragment smaller than MTU Captain Wiggum
@ 2019-04-01 21:48 ` Florian Westphal
  2019-04-01 21:53   ` Captain Wiggum
  2019-04-02  6:38 ` Greg Kroah-Hartman
  1 sibling, 1 reply; 4+ messages in thread
From: Florian Westphal @ 2019-04-01 21:48 UTC (permalink / raw)
  To: Captain Wiggum
  Cc: Greg Kroah-Hartman, Florian Westphal, Eric Dumazet,
	Peter Oskolkov, netdev

Captain Wiggum <captwiggum@gmail.com> wrote:
> An error was introduced in 4.9.134 (and the other LTS branches also).
> This causes 18 test cases from the TAHI IPv6 test suite to fail.
> I added you to the mail thread about this subject a month back.
> It has been fixed in upstream for some time now, but not in the LTS branches.
> Please merge this undo-patch into the LTS branches.

This is only safe after backporting Peters work to convert
IPv6 to use RB Trees for the reassembly queues,
otherwise a revert adds back the DoS vector.

commit d4289fcc9b16b89619ee1c54f829e05e56de8b9a
net: IP6 defrag: use rbtrees for IPv6 defrag

commit 997dd96471641e147cb2c33ad54284000d0f5e35
net: IP6 defrag: use rbtrees in nf_conntrack_reasm.c


^ permalink raw reply	[flat|nested] 4+ messages in thread
* Re: Please merge IPv6 fix for drop fragment smaller than MTU
  2019-04-01 21:48 ` Florian Westphal
@ 2019-04-01 21:53   ` Captain Wiggum
  0 siblings, 0 replies; 4+ messages in thread
From: Captain Wiggum @ 2019-04-01 21:53 UTC (permalink / raw)
  To: Florian Westphal; +Cc: Greg Kroah-Hartman, Eric Dumazet, Peter Oskolkov, netdev

Thank you for the feedback and the specific commits needed!

On Mon, Apr 1, 2019 at 3:48 PM Florian Westphal <fw@strlen.de> wrote:
>
> Captain Wiggum <captwiggum@gmail.com> wrote:
> > An error was introduced in 4.9.134 (and the other LTS branches also).
> > This causes 18 test cases from the TAHI IPv6 test suite to fail.
> > I added you to the mail thread about this subject a month back.
> > It has been fixed in upstream for some time now, but not in the LTS branches.
> > Please merge this undo-patch into the LTS branches.
>
> This is only safe after backporting Peters work to convert
> IPv6 to use RB Trees for the reassembly queues,
> otherwise a revert adds back the DoS vector.
>
> commit d4289fcc9b16b89619ee1c54f829e05e56de8b9a
> net: IP6 defrag: use rbtrees for IPv6 defrag
>
> commit 997dd96471641e147cb2c33ad54284000d0f5e35
> net: IP6 defrag: use rbtrees in nf_conntrack_reasm.c
>

^ permalink raw reply	[flat|nested] 4+ messages in thread
* Re: Please merge IPv6 fix for drop fragment smaller than MTU
  2019-04-01 21:34 Please merge IPv6 fix for drop fragment smaller than MTU Captain Wiggum
  2019-04-01 21:48 ` Florian Westphal
@ 2019-04-02  6:38 ` Greg Kroah-Hartman
  1 sibling, 0 replies; 4+ messages in thread
From: Greg Kroah-Hartman @ 2019-04-02  6:38 UTC (permalink / raw)
  To: Captain Wiggum
  Cc: Florian Westphal, Eric Dumazet, Peter Oskolkov, netdev, stable

On Mon, Apr 01, 2019 at 03:34:52PM -0600, Captain Wiggum wrote:
> Hi Greg,
> 
> An error was introduced in 4.9.134 (and the other LTS branches also).
> This causes 18 test cases from the TAHI IPv6 test suite to fail.
> I added you to the mail thread about this subject a month back.
> It has been fixed in upstream for some time now, but not in the LTS branches.
> Please merge this undo-patch into the LTS branches.
> 
> $ git diff a8444b1ccb20339774af58e40ad42296074fb484
> a8444b1ccb20339774af58e40ad42296074fb484~
> 
> diff --git a/net/ipv6/netfilter/nf_conntrack_reasm.c
> b/net/ipv6/netfilter/nf_conntrack_reasm.c
> index b815417..ff49d1f 100644
> --- a/net/ipv6/netfilter/nf_conntrack_reasm.c
> +++ b/net/ipv6/netfilter/nf_conntrack_reasm.c
> @@ -564,10 +564,6 @@ int nf_ct_frag6_gather(struct net *net, struct
> sk_buff *skb, u32 user)
>         hdr = ipv6_hdr(skb);
>         fhdr = (struct frag_hdr *)skb_transport_header(skb);
> 
> -       if (skb->len - skb_network_offset(skb) < IPV6_MIN_MTU &&
> -           fhdr->frag_off & htons(IP6_MF))
> -               return -EINVAL;
> -
>         skb_orphan(skb);
>         fq = fq_find(net, fhdr->identification, user, hdr,
>                      skb->dev ? skb->dev->ifindex : 0);
> diff --git a/net/ipv6/reassembly.c b/net/ipv6/reassembly.c
> index 78656bb..dbe726c 100644
> --- a/net/ipv6/reassembly.c
> +++ b/net/ipv6/reassembly.c
> @@ -516,10 +516,6 @@ static int ipv6_frag_rcv(struct sk_buff *skb)
>                 return 1;
>         }
> 
> -       if (skb->len - skb_network_offset(skb) < IPV6_MIN_MTU &&
> -           fhdr->frag_off & htons(IP6_MF))
> -               goto fail_hdr;
> -
>         iif = skb->dev ? skb->dev->ifindex : 0;
>         fq = fq_find(net, fhdr->identification, hdr, iif);
>         if (fq) {

I can't take a random, white-space damaged patch to a stable kernel tree
without it being submitted in a format that I can apply it in at the
very least :(

Also, please always cc: stable@vger.kernel.org for stable kernel things,
the documentation:
    https://www.kernel.org/doc/html/latest/process/stable-kernel-rules.html
should have explained all of this, and if not, please let us know what
needs to be improved there.

If you can resend this there, and mention the needed follow-on patches,
I will be glad to queue it up.

thanks,

greg k-h

^ permalink raw reply	[flat|nested] 4+ messages in thread
end of thread, other threads:[~2019-04-02  6:39 UTC | newest]

Thread overview: 4+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2019-04-01 21:34 Please merge IPv6 fix for drop fragment smaller than MTU Captain Wiggum
2019-04-01 21:48 ` Florian Westphal
2019-04-01 21:53   ` Captain Wiggum
2019-04-02  6:38 ` Greg Kroah-Hartman

This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.