Re: [PATCH net] ppp: ensure minimum packet size in ppp_write()

From: Guillaume Nault <gnault@redhat.com>
To: James Carlson <carlsonj@workingcode.com>
Cc: Eric Dumazet <eric.dumazet@gmail.com>,
	"David S . Miller" <davem@davemloft.net>,
	Jakub Kicinski <kuba@kernel.org>, netdev <netdev@vger.kernel.org>,
	Eric Dumazet <edumazet@google.com>,
	Paul Mackerras <paulus@samba.org>,
	linux-ppp@vger.kernel.org, syzbot <syzkaller@googlegroups.com>
Subject: Re: [PATCH net] ppp: ensure minimum packet size in ppp_write()
Date: Wed, 5 Jan 2022 18:37:05 +0100	[thread overview]
Message-ID: <20220105173705.GC17823@pc-1.home> (raw)
In-Reply-To: <f78e2051-714d-ff74-7e36-bea3b4edc682@workingcode.com>

On Wed, Jan 05, 2022 at 11:35:52AM -0500, James Carlson wrote:
> On 1/5/22 11:29, Guillaume Nault wrote:
> > On Wed, Jan 05, 2022 at 10:30:09AM -0500, James Carlson wrote:
> >> On 1/5/22 08:19, Guillaume Nault wrote:
> >>> On Wed, Jan 05, 2022 at 03:48:42AM -0800, Eric Dumazet wrote:
> >>>> From: Eric Dumazet <edumazet@google.com>
> >>>>
> >>>> It seems pretty clear ppp layer assumed user space
> >>>> would always be kind to provide enough data
> >>>> in their write() to a ppp device.
> >>>>
> >>>> This patch makes sure user provides at least
> >>>> 2 bytes.
> >>>>
> >>>> It adds PPP_PROTO_LEN macro that could replace
> >>>> in net-next many occurrences of hard-coded 2 value.
> >>>
> >>> The PPP header can be compressed to only 1 byte, but since 2 bytes is
> >>> assumed in several parts of the code, rejecting such packets in
> >>> ppp_xmit() is probably the best we can do.
> >>
> >> The only ones that can be compressed are those less than 0x0100, which
> >> are (intentionally) all network layer protocols.  We should be getting
> >> only control protocol messages though the user-space interface, not
> >> network layer, so I'd say it's not just the best we can do, but indeed
> >> the right thing to do by design.
> > 
> > Well, I know of at least one implementation that used to transmit data
> > by writing on ppp unit file descriptors. That was a hack to work around
> > some other problems. Not a beautiful one, but it worked.
> > 
> 
> So, if you do that sort of hack, then you're constrained to send
> uncompressed protocol numbers regardless of what's negotiated. That
> seems like a tiny concession. (And receivers are required to handle
> uncompressed no matter what LCP negotiation says, per 1661 6.5.)

In the case I was refering to, the program was just retransmitting PPP
frames and wasn't supposed to modify the headers. We now have kernel
support for that, but it landed only one year ago. Before that, the only
option was to write on the ppp fd (btw, that was the channel fd, not the
unit, sorry).

> And I'd still maintain that the intended design is that control
> protocols are handled by the user portion, while network layer protocols
> are connected in the kernel.

Absolutely, I was just pointing out that the kernel doesn't enforce
this design and therefore implementations sometimes ignore it.

Anyway, I don't see any problem with refusing to send packets smaller
than 2 bytes. Hence my acked-by.