RE: [PATCH net] net: fix use-after-free when UDP GRO with shared fraglist

2021-04-18 Thread Dongseok Yi
On Sat, Apr 17, 2021 at 11:44:35AM +0800, Yunsheng Lin wrote: > > On 2021/1/6 11:32, Dongseok Yi wrote: > > On 2021-01-06 12:07, Willem de Bruijn wrote: > >> > >> On Tue, Jan 5, 2021 at 8:29 PM Dongseok Yi wrote: > >>> > >>> On 2021-01-05 06

RE: [RESEND PATCH net v4] udp: ipv4: manipulate network header of NATed UDP GRO fraglist

2021-02-01 Thread Dongseok Yi
On 1/31/21 12:55 AM, Alexander Lobakin wrote: > From: Dongseok Yi > Date: Sat, 30 Jan 2021 08:13:27 +0900 > > > +static struct sk_buff *__udpv4_gso_segment_list_csum(struct sk_buff *segs) > > +{ > > + struct sk_buff *seg; > > + struct udphdr *uh, *uh2;

[RESEND PATCH net v4] udp: ipv4: manipulate network header of NATed UDP GRO fraglist

2021-01-29 Thread Dongseok Yi
RO/GSO.) Signed-off-by: Dongseok Yi Acked-by: Steffen Klassert --- v1: Steffen Klassert said, there could be 2 options. https://lore.kernel.org/patchwork/patch/1362257/ I was trying to write a quick fix, but it was not easy to forward segmented list. Currently, assuming DNAT only. v2: Per Steffen K

RE: [PATCH net v3] udp: ipv4: manipulate network header of NATed UDP GRO fraglist

2021-01-26 Thread Dongseok Yi
On 1/25/21 9:45 PM, Steffen Klassert wrote: > On Thu, Jan 21, 2021 at 10:24:39PM +0900, Dongseok Yi wrote: > > UDP/IP header of UDP GROed frag_skbs are not updated even after NAT > > forwarding. Only the header of head_skb from ip_finish_output_gso -> > > skb_gso_segment

[PATCH net v3] udp: ipv4: manipulate network header of NATed UDP GRO fraglist

2021-01-21 Thread Dongseok Yi
RO/GSO.) Signed-off-by: Dongseok Yi --- v1: Steffen Klassert said, there could be 2 options. https://lore.kernel.org/patchwork/patch/1362257/ I was trying to write a quick fix, but it was not easy to forward segmented list. Currently, assuming DNAT only. v2: Per Steffen Klassert request, moved the

RE: [PATCH net v2] udp: ipv4: manipulate network header of NATed UDP GRO fraglist

2021-01-21 Thread Dongseok Yi
On 2021-01-21 21:28, Steffen Klassert wrote: > On Wed, Jan 20, 2021 at 03:55:42PM +0900, Dongseok Yi wrote: > > On 2021-01-18 22:27, Steffen Klassert wrote: > > > On Fri, Jan 15, 2021 at 10:20:35PM +0900, Dongseok Yi wrote: > > > > UDP/IP header of UDP GROed frag_s

RE: [PATCH net v2] udp: ipv4: manipulate network header of NATed UDP GRO fraglist

2021-01-21 Thread Dongseok Yi
On 2021-01-20 15:56, Dongseok Yi wrote: > On 2021-01-18 22:27, Steffen Klassert wrote: > > On Fri, Jan 15, 2021 at 10:20:35PM +0900, Dongseok Yi wrote: > > > UDP/IP header of UDP GROed frag_skbs are not updated even after NAT > > > forwarding. Only the header of head_sk

RE: [PATCH net v2] udp: ipv4: manipulate network header of NATed UDP GRO fraglist

2021-01-19 Thread Dongseok Yi
On 2021-01-18 22:27, Steffen Klassert wrote: > On Fri, Jan 15, 2021 at 10:20:35PM +0900, Dongseok Yi wrote: > > UDP/IP header of UDP GROed frag_skbs are not updated even after NAT > > forwarding. Only the header of head_skb from ip_finish_output_gso -> > > skb_gso_segment

RE: [PATCH net v2] udp: ipv4: manipulate network header of NATed UDP GRO fraglist

2021-01-17 Thread Dongseok Yi
On 2021-01-18 15:37, Steffen Klassert wrote: > On Fri, Jan 15, 2021 at 05:12:33PM +, Alexander Lobakin wrote: > > From: Dongseok Yi > > Date: Fri, 15 Jan 2021 22:20:35 +0900 > > > > > UDP/IP header of UDP GROed frag_skbs are not updated even after NAT >

RE: [PATCH net v2] udp: ipv4: manipulate network header of NATed UDP GRO fraglist

2021-01-17 Thread Dongseok Yi
On 2021-01-16 02:12, Alexander Lobakin wrote: > From: Dongseok Yi > Date: Fri, 15 Jan 2021 22:20:35 +0900 > > > UDP/IP header of UDP GROed frag_skbs are not updated even after NAT > > forwarding. Only the header of head_skb from ip_finish_output_gso -> > &

[PATCH net v2] udp: ipv4: manipulate network header of NATed UDP GRO fraglist

2021-01-15 Thread Dongseok Yi
raglist GRO/GSO.) Signed-off-by: Dongseok Yi --- v1: Steffen Klassert said, there could be 2 options. https://lore.kernel.org/patchwork/patch/1362257/ I was trying to write a quick fix, but it was not easy to forward segmented list. Currently, assuming DNAT only. v2: Per Steffen Klassert request, mov

RE: [PATCH net] udp: ipv4: manipulate network header of NATed UDP GRO fraglist

2021-01-15 Thread Dongseok Yi
On 2021-01-15 19:51, Alexander Lobakin wrote: > From: Steffen Klassert > Date: Fri, 15 Jan 2021 10:27:52 +0100 > > > On Fri, Jan 15, 2021 at 05:55:22PM +0900, Dongseok Yi wrote: > >> On 2021-01-15 17:12, Steffen Klassert wrote: > >>> On Fri, Jan 15, 2021 at

RE: [PATCH net] udp: ipv4: manipulate network header of NATed UDP GRO fraglist

2021-01-15 Thread Dongseok Yi
On 2021-01-15 17:12, Steffen Klassert wrote: > On Fri, Jan 15, 2021 at 02:58:24PM +0900, Dongseok Yi wrote: > > UDP/IP header of UDP GROed frag_skbs are not updated even after NAT > > forwarding. Only the header of head_skb from ip_finish_output_gso -> > > skb_gso_segment

[PATCH net] udp: ipv4: manipulate network header of NATed UDP GRO fraglist

2021-01-14 Thread Dongseok Yi
_fragment -> __udp_gso_segment -> __udp_gso_segment_list does not try to update UDP/IP header of the segment list. Update dport, daddr and checksums of each skb of the segment list after __udp_gso_segment. Fixes: 9fd1ff5d2ac7 (udp: Support UDP fraglist GRO/GSO.) Signed-off-by: Dongseok Yi --- Steffe

RE: [PATCH net-next] udp: allow forwarding of plain (non-fraglisted) UDP GRO packets

2021-01-12 Thread Dongseok Yi
On 2021-01-13 12:10, Alexander Duyck wrote: > On 1/12/21 1:16 PM, Alexander Lobakin wrote: > > Commit 9fd1ff5d2ac7 ("udp: Support UDP fraglist GRO/GSO.") actually > > not only added a support for fraglisted UDP GRO, but also tweaked > > some logics the way that non-fraglisted UDP GRO started to

RE: [RFC PATCH net] udp: check sk for UDP GRO fraglist

2021-01-10 Thread Dongseok Yi
On 2021-01-08 22:35, Steffen Klassert wrote: > On Fri, Jan 08, 2021 at 09:52:28PM +0900, Dongseok Yi wrote: > > It is a workaround patch. > > > > UDP/IP header of UDP GROed frag_skbs are not updated even after NAT > > forwarding. Only the header of head_sk

[RFC PATCH net] udp: check sk for UDP GRO fraglist

2021-01-08 Thread Dongseok Yi
is really designed for local session only. Can kernel support NAT forward for UDP GRO frag_list? What am I missing? Fixes: 9fd1ff5d2ac7 (udp: Support UDP fraglist GRO/GSO.) Signed-off-by: Dongseok Yi --- net/ipv4/udp_offload.c | 5 ++--- 1 file changed, 2 insertions(+), 3 deletions(-) dif

[PATCH net v3] net: fix use-after-free when UDP GRO with shared fraglist

2021-01-07 Thread Dongseok Yi
/0x1d0 [ 4443.426873] el0_svc_handler+0x74/0x98 [ 4443.426880] el0_svc+0x8/0xc Fixes: 3a1296a38d0c (net: Support GRO/GSO fraglist chaining.) Signed-off-by: Dongseok Yi Acked-by: Willem de Bruijn --- net/core/skbuff.c | 20 +++- 1 file changed, 19 insertions(+), 1 deletion(-) v

RE: [PATCH net v2] net: fix use-after-free when UDP GRO with shared fraglist

2021-01-07 Thread Dongseok Yi
On 2021-01-07 20:05, Daniel Borkmann wrote: > > On 1/7/21 1:39 AM, Dongseok Yi wrote: > > skbs in fraglist could be shared by a BPF filter loaded at TC. It > > triggers skb_ensure_writable -> pskb_expand_head -> > > skb_clone_fraglist -> skb_get on each skb in th

[PATCH net v2] net: fix use-after-free when UDP GRO with shared fraglist

2021-01-06 Thread Dongseok Yi
igned-off-by: Dongseok Yi Acked-by: Willem de Bruijn --- net/core/skbuff.c | 20 +++- 1 file changed, 19 insertions(+), 1 deletion(-) v2: Expand the commit message to clarify a BPF filter loaded diff --git a/net/core/skbuff.c b/net/core/skbuff.c index f62cae3..1dcbda8 100644 --- a

RE: [PATCH net] net: fix use-after-free when UDP GRO with shared fraglist

2021-01-05 Thread Dongseok Yi
On 2021-01-06 12:07, Willem de Bruijn wrote: > > On Tue, Jan 5, 2021 at 8:29 PM Dongseok Yi wrote: > > > > On 2021-01-05 06:03, Willem de Bruijn wrote: > > > > > > On Mon, Jan 4, 2021 at 4:00 AM Dongseok Yi wrote: > > > > > > > > skbs

RE: [PATCH net] net: fix use-after-free when UDP GRO with shared fraglist

2021-01-05 Thread Dongseok Yi
On 2021-01-05 06:03, Willem de Bruijn wrote: > > On Mon, Jan 4, 2021 at 4:00 AM Dongseok Yi wrote: > > > > skbs in frag_list could be shared by pskb_expand_head() from BPF. > > Can you elaborate on the BPF connection? With the following registered ptypes, /proc/net

[PATCH net] net: fix use-after-free when UDP GRO with shared fraglist

2021-01-04 Thread Dongseok Yi
[ 4443.426869] el0_svc_common+0xf0/0x1d0 [ 4443.426873] el0_svc_handler+0x74/0x98 [ 4443.426880] el0_svc+0x8/0xc Fixes: 3a1296a38d0c (net: Support GRO/GSO fraglist chaining.) Signed-off-by: Dongseok Yi --- net/core/skbuff.c | 20 +++- 1 file changed, 19 insertions(+), 1 deletion