Re: [PATCH] tcp: md5: Fix overlap between vrf and non-vrf keys

From: David Ahern
Date: Thu Oct 07 2021 - 14:27:48 EST

Next message: Yang Shi: "Re: [v3 PATCH 2/5] mm: filemap: check if THP has hwpoisoned subpage for PMD page fault"
Previous message: Alexey Dobriyan: "[PATCH] proc: test that /proc/*/task doesn't contain "0""
In reply to: Leonard Crestez: "Re: [PATCH] tcp: md5: Fix overlap between vrf and non-vrf keys"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On 10/7/21 12:41 AM, Leonard Crestez wrote:
>
>
> On 07.10.2021 04:14, David Ahern wrote:
>> On 10/6/21 11:48 AM, Leonard Crestez wrote:
>>> @@ -1103,11 +1116,11 @@ static struct tcp_md5sig_key
>>> *tcp_md5_do_lookup_exact(const struct sock *sk,
>>> #endif
>>>       hlist_for_each_entry_rcu(key, &md5sig->head, node,
>>>                    lockdep_sock_is_held(sk)) {
>>>           if (key->family != family)
>>>               continue;
>>> -        if (key->l3index && key->l3index != l3index)
>>> +        if (key->l3index != l3index)
>>
>> That seems like the bug fix there. The L3 reference needs to match for
>> new key and existing key. I think the same change is needed in
>> __tcp_md5_do_lookup.
>
> Current behavior is that keys added without tcpm_ifindex will match
> connections both inside and outside VRFs. Changing this might break real
> applications, is it really OK to claim that this behavior was a bug all
> along?

no.

It's been a few years. I need to refresh on the logic and that is not
going to happen before this weekend.

Next message: Yang Shi: "Re: [v3 PATCH 2/5] mm: filemap: check if THP has hwpoisoned subpage for PMD page fault"
Previous message: Alexey Dobriyan: "[PATCH] proc: test that /proc/*/task doesn't contain "0""
In reply to: Leonard Crestez: "Re: [PATCH] tcp: md5: Fix overlap between vrf and non-vrf keys"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]