| Message ID | CAB=W+ok36bXgj7Dmkid1bM8h_Hq-D=4mnfFrreQBxGy=2_k1Rw@mail.gmail.com |
|---|---|
| State | Not Applicable |
| Delegated to: | David Miller |
| Headers | show |
| Series | Please merge IPv6 fix for drop fragment smaller than MTU | expand |
Captain Wiggum <captwiggum@gmail.com> wrote: > An error was introduced in 4.9.134 (and the other LTS branches also). > This causes 18 test cases from the TAHI IPv6 test suite to fail. > I added you to the mail thread about this subject a month back. > It has been fixed in upstream for some time now, but not in the LTS branches. > Please merge this undo-patch into the LTS branches. This is only safe after backporting Peters work to convert IPv6 to use RB Trees for the reassembly queues, otherwise a revert adds back the DoS vector. commit d4289fcc9b16b89619ee1c54f829e05e56de8b9a net: IP6 defrag: use rbtrees for IPv6 defrag commit 997dd96471641e147cb2c33ad54284000d0f5e35 net: IP6 defrag: use rbtrees in nf_conntrack_reasm.c
Thank you for the feedback and the specific commits needed! On Mon, Apr 1, 2019 at 3:48 PM Florian Westphal <fw@strlen.de> wrote: > > Captain Wiggum <captwiggum@gmail.com> wrote: > > An error was introduced in 4.9.134 (and the other LTS branches also). > > This causes 18 test cases from the TAHI IPv6 test suite to fail. > > I added you to the mail thread about this subject a month back. > > It has been fixed in upstream for some time now, but not in the LTS branches. > > Please merge this undo-patch into the LTS branches. > > This is only safe after backporting Peters work to convert > IPv6 to use RB Trees for the reassembly queues, > otherwise a revert adds back the DoS vector. > > commit d4289fcc9b16b89619ee1c54f829e05e56de8b9a > net: IP6 defrag: use rbtrees for IPv6 defrag > > commit 997dd96471641e147cb2c33ad54284000d0f5e35 > net: IP6 defrag: use rbtrees in nf_conntrack_reasm.c >
On Mon, Apr 01, 2019 at 03:34:52PM -0600, Captain Wiggum wrote: > Hi Greg, > > An error was introduced in 4.9.134 (and the other LTS branches also). > This causes 18 test cases from the TAHI IPv6 test suite to fail. > I added you to the mail thread about this subject a month back. > It has been fixed in upstream for some time now, but not in the LTS branches. > Please merge this undo-patch into the LTS branches. > > $ git diff a8444b1ccb20339774af58e40ad42296074fb484 > a8444b1ccb20339774af58e40ad42296074fb484~ > > diff --git a/net/ipv6/netfilter/nf_conntrack_reasm.c > b/net/ipv6/netfilter/nf_conntrack_reasm.c > index b815417..ff49d1f 100644 > --- a/net/ipv6/netfilter/nf_conntrack_reasm.c > +++ b/net/ipv6/netfilter/nf_conntrack_reasm.c > @@ -564,10 +564,6 @@ int nf_ct_frag6_gather(struct net *net, struct > sk_buff *skb, u32 user) > hdr = ipv6_hdr(skb); > fhdr = (struct frag_hdr *)skb_transport_header(skb); > > - if (skb->len - skb_network_offset(skb) < IPV6_MIN_MTU && > - fhdr->frag_off & htons(IP6_MF)) > - return -EINVAL; > - > skb_orphan(skb); > fq = fq_find(net, fhdr->identification, user, hdr, > skb->dev ? skb->dev->ifindex : 0); > diff --git a/net/ipv6/reassembly.c b/net/ipv6/reassembly.c > index 78656bb..dbe726c 100644 > --- a/net/ipv6/reassembly.c > +++ b/net/ipv6/reassembly.c > @@ -516,10 +516,6 @@ static int ipv6_frag_rcv(struct sk_buff *skb) > return 1; > } > > - if (skb->len - skb_network_offset(skb) < IPV6_MIN_MTU && > - fhdr->frag_off & htons(IP6_MF)) > - goto fail_hdr; > - > iif = skb->dev ? skb->dev->ifindex : 0; > fq = fq_find(net, fhdr->identification, hdr, iif); > if (fq) { I can't take a random, white-space damaged patch to a stable kernel tree without it being submitted in a format that I can apply it in at the very least :( Also, please always cc: stable@vger.kernel.org for stable kernel things, the documentation: https://www.kernel.org/doc/html/latest/process/stable-kernel-rules.html should have explained all of this, and if not, please let us know what needs to be improved there. If you can resend this there, and mention the needed follow-on patches, I will be glad to queue it up. thanks, greg k-h
diff --git a/net/ipv6/netfilter/nf_conntrack_reasm.c b/net/ipv6/netfilter/nf_conntrack_reasm.c index b815417..ff49d1f 100644 --- a/net/ipv6/netfilter/nf_conntrack_reasm.c +++ b/net/ipv6/netfilter/nf_conntrack_reasm.c @@ -564,10 +564,6 @@ int nf_ct_frag6_gather(struct net *net, struct sk_buff *skb, u32 user) hdr = ipv6_hdr(skb); fhdr = (struct frag_hdr *)skb_transport_header(skb); - if (skb->len - skb_network_offset(skb) < IPV6_MIN_MTU && - fhdr->frag_off & htons(IP6_MF)) - return -EINVAL; - skb_orphan(skb); fq = fq_find(net, fhdr->identification, user, hdr, skb->dev ? skb->dev->ifindex : 0); diff --git a/net/ipv6/reassembly.c b/net/ipv6/reassembly.c index 78656bb..dbe726c 100644 --- a/net/ipv6/reassembly.c +++ b/net/ipv6/reassembly.c @@ -516,10 +516,6 @@ static int ipv6_frag_rcv(struct sk_buff *skb) return 1; } - if (skb->len - skb_network_offset(skb) < IPV6_MIN_MTU && - fhdr->frag_off & htons(IP6_MF)) - goto fail_hdr; - iif = skb->dev ? skb->dev->ifindex : 0; fq = fq_find(net, fhdr->identification, hdr, iif); if (fq) {