From: YeXingchen <[email protected]>
The CVE-1999-0524 became a medium risk vulnerability in May of this year.
In some embedded systems, firewalls such as iptables maybe cannot to use.
For embedded systems where firewalls can't be used and devices that don't
require icmp timestamp, provide the icmp_timestamp_ignore_all interface,
which ignores all icmp timestamp messages to circumvent the vulnerability.
Signed-off-by: YeXingchen <[email protected]>
---
Documentation/networking/ip-sysctl.rst | 6 ++++++
.../networking/net_cachelines/netns_ipv4_sysctl.rst | 1 +
include/net/netns/ipv4.h | 1 +
include/uapi/linux/sysctl.h | 1 +
net/ipv4/icmp.c | 8 ++++++++
net/ipv4/sysctl_net_ipv4.c | 9 +++++++++
6 files changed, 26 insertions(+)
diff --git a/Documentation/networking/ip-sysctl.rst b/Documentation/networking/ip-sysctl.rst
index bd50df6a5a42..41eb3de61659 100644
--- a/Documentation/networking/ip-sysctl.rst
+++ b/Documentation/networking/ip-sysctl.rst
@@ -1441,6 +1441,12 @@ icmp_ratelimit - INTEGER
Default: 1000
+icmp_timestamp_ignore_all - BOOLEAN
+ If set non-zero, then the kernel will ignore all ICMP TIMESTAMP
+ requests sent to it.
+
+ Default: 0
+
icmp_msgs_per_sec - INTEGER
Limit maximal number of ICMP packets sent per second from this host.
Only messages whose type matches icmp_ratemask (see below) are
diff --git a/Documentation/networking/net_cachelines/netns_ipv4_sysctl.rst b/Documentation/networking/net_cachelines/netns_ipv4_sysctl.rst
index 9b87089a84c6..ed72f67c8f72 100644
--- a/Documentation/networking/net_cachelines/netns_ipv4_sysctl.rst
+++ b/Documentation/networking/net_cachelines/netns_ipv4_sysctl.rst
@@ -38,6 +38,7 @@ u8 sysctl_icmp_ignore_bogus_error_responses
u8 sysctl_icmp_errors_use_inbound_ifaddr
int sysctl_icmp_ratelimit
int sysctl_icmp_ratemask
+u8 sysctl_icmp_timestamp_ignore_all
u32 ip_rt_min_pmtu - -
int ip_rt_mtu_expires - -
int ip_rt_min_advmss - -
diff --git a/include/net/netns/ipv4.h b/include/net/netns/ipv4.h
index c356c458b340..7364c469e7eb 100644
--- a/include/net/netns/ipv4.h
+++ b/include/net/netns/ipv4.h
@@ -113,6 +113,7 @@ struct netns_ipv4 {
u8 sysctl_icmp_echo_ignore_broadcasts;
u8 sysctl_icmp_ignore_bogus_error_responses;
u8 sysctl_icmp_errors_use_inbound_ifaddr;
+ u8 sysctl_icmp_timestamp_ignore_all;
int sysctl_icmp_ratelimit;
int sysctl_icmp_ratemask;
diff --git a/include/uapi/linux/sysctl.h b/include/uapi/linux/sysctl.h
index 8981f00204db..ef8640947f4e 100644
--- a/include/uapi/linux/sysctl.h
+++ b/include/uapi/linux/sysctl.h
@@ -426,6 +426,7 @@ enum
NET_TCP_ALLOWED_CONG_CONTROL=123,
NET_TCP_MAX_SSTHRESH=124,
NET_TCP_FRTO_RESPONSE=125,
+ NET_IPV4_ICMP_TIMESTAMP_IGNORE_ALL = 126,
};
enum {
diff --git a/net/ipv4/icmp.c b/net/ipv4/icmp.c
index ab6d0d98dbc3..6fa5c26cf402 100644
--- a/net/ipv4/icmp.c
+++ b/net/ipv4/icmp.c
@@ -1152,6 +1152,11 @@ EXPORT_SYMBOL_GPL(icmp_build_probe);
static enum skb_drop_reason icmp_timestamp(struct sk_buff *skb)
{
struct icmp_bxm icmp_param;
+ struct net *net;
+
+ if (READ_ONCE(net->ipv4.sysctl_icmp_timestamp_ignore_all))
+ return SKB_NOT_DROPPED_YET;
+
/*
* Too short.
*/
@@ -1469,6 +1474,9 @@ static int __net_init icmp_sk_init(struct net *net)
net->ipv4.sysctl_icmp_echo_enable_probe = 0;
net->ipv4.sysctl_icmp_echo_ignore_broadcasts = 1;
+ /* Control parameters for TIMESTAMP replies. */
+ net->ipv4.sysctl_icmp_timestamp_ignore_all = 0;
+
/* Control parameter - ignore bogus broadcast responses? */
net->ipv4.sysctl_icmp_ignore_bogus_error_responses = 1;
diff --git a/net/ipv4/sysctl_net_ipv4.c b/net/ipv4/sysctl_net_ipv4.c
index 162a0a3b6ba5..b002426c3d9c 100644
--- a/net/ipv4/sysctl_net_ipv4.c
+++ b/net/ipv4/sysctl_net_ipv4.c
@@ -651,6 +651,15 @@ static struct ctl_table ipv4_net_table[] = {
.mode = 0644,
.proc_handler = ipv4_ping_group_range,
},
+ {
+ .procname = "icmp_timestamp_ignore_all",
+ .data = &init_net.ipv4.sysctl_icmp_timestamp_ignore_all,
+ .maxlen = sizeof(u8),
+ .mode = 0644,
+ .proc_handler = proc_dou8vec_minmax,
+ .extra1 = SYSCTL_ZERO,
+ .extra2 = SYSCTL_ONE
+ },
#ifdef CONFIG_NET_L3_MASTER_DEV
{
.procname = "raw_l3mdev_accept",
--
2.25.1
Hi,
kernel test robot noticed the following build warnings:
[auto build test WARNING on net-next/main]
url: https://github.com/intel-lab-lkp/linux/commits/ye-xingchen-zte-com-cn/icmp-Add-icmp_timestamp_ignore_all-to-control-ICMP_TIMESTAMP/20240517-172903
base: net-next/main
patch link: https://lore.kernel.org/r/20240517172639229ec5bN7VBV7SGEHkSK5K6f%40zte.com.cn
patch subject: [PATCH net-next] icmp: Add icmp_timestamp_ignore_all to control ICMP_TIMESTAMP
config: arm-clps711x_defconfig (https://download.01.org/0day-ci/archive/20240518/[email protected]/config)
compiler: clang version 19.0.0git (https://github.com/llvm/llvm-project fa9b1be45088dce1e4b602d451f118128b94237b)
reproduce (this is a W=1 build): (https://download.01.org/0day-ci/archive/20240518/[email protected]/reproduce)
If you fix the issue in a separate patch/commit (i.e. not just a new version of
the same patch/commit), kindly add following tags
| Reported-by: kernel test robot <[email protected]>
| Closes: https://lore.kernel.org/oe-kbuild-all/[email protected]/
All warnings (new ones prefixed by >>):
In file included from net/ipv4/icmp.c:69:
In file included from include/linux/inet.h:42:
In file included from include/net/net_namespace.h:43:
In file included from include/linux/skbuff.h:17:
In file included from include/linux/bvec.h:10:
In file included from include/linux/highmem.h:8:
In file included from include/linux/cacheflush.h:5:
In file included from arch/arm/include/asm/cacheflush.h:10:
In file included from include/linux/mm.h:2210:
include/linux/vmstat.h:522:36: warning: arithmetic between different enumeration types ('enum node_stat_item' and 'enum lru_list') [-Wenum-enum-conversion]
522 | return node_stat_name(NR_LRU_BASE + lru) + 3; // skip "nr_"
| ~~~~~~~~~~~ ^ ~~~
>> net/ipv4/icmp.c:1157:16: warning: variable 'net' is uninitialized when used here [-Wuninitialized]
1157 | if (READ_ONCE(net->ipv4.sysctl_icmp_timestamp_ignore_all))
| ^~~
include/asm-generic/rwonce.h:50:14: note: expanded from macro 'READ_ONCE'
50 | __READ_ONCE(x); \
| ^
include/asm-generic/rwonce.h:44:72: note: expanded from macro '__READ_ONCE'
44 | #define __READ_ONCE(x) (*(const volatile __unqual_scalar_typeof(x) *)&(x))
| ^
net/ipv4/icmp.c:1155:17: note: initialize the variable 'net' to silence this warning
1155 | struct net *net;
| ^
| = NULL
2 warnings generated.
vim +/net +1157 net/ipv4/icmp.c
1144
1145 /*
1146 * Handle ICMP Timestamp requests.
1147 * RFC 1122: 3.2.2.8 MAY implement ICMP timestamp requests.
1148 * SHOULD be in the kernel for minimum random latency.
1149 * MUST be accurate to a few minutes.
1150 * MUST be updated at least at 15Hz.
1151 */
1152 static enum skb_drop_reason icmp_timestamp(struct sk_buff *skb)
1153 {
1154 struct icmp_bxm icmp_param;
1155 struct net *net;
1156
> 1157 if (READ_ONCE(net->ipv4.sysctl_icmp_timestamp_ignore_all))
1158 return SKB_NOT_DROPPED_YET;
1159
1160 /*
1161 * Too short.
1162 */
1163 if (skb->len < 4)
1164 goto out_err;
1165
1166 /*
1167 * Fill in the current time as ms since midnight UT:
1168 */
1169 icmp_param.data.times[1] = inet_current_timestamp();
1170 icmp_param.data.times[2] = icmp_param.data.times[1];
1171
1172 BUG_ON(skb_copy_bits(skb, 0, &icmp_param.data.times[0], 4));
1173
1174 icmp_param.data.icmph = *icmp_hdr(skb);
1175 icmp_param.data.icmph.type = ICMP_TIMESTAMPREPLY;
1176 icmp_param.data.icmph.code = 0;
1177 icmp_param.skb = skb;
1178 icmp_param.offset = 0;
1179 icmp_param.data_len = 0;
1180 icmp_param.head_len = sizeof(struct icmphdr) + 12;
1181 icmp_reply(&icmp_param, skb);
1182 return SKB_NOT_DROPPED_YET;
1183
1184 out_err:
1185 __ICMP_INC_STATS(dev_net(skb_dst(skb)->dev), ICMP_MIB_INERRORS);
1186 return SKB_DROP_REASON_PKT_TOO_SMALL;
1187 }
1188
--
0-DAY CI Kernel Test Service
https://github.com/intel/lkp-tests/wiki
Hi,
kernel test robot noticed the following build warnings:
[auto build test WARNING on net-next/main]
url: https://github.com/intel-lab-lkp/linux/commits/ye-xingchen-zte-com-cn/icmp-Add-icmp_timestamp_ignore_all-to-control-ICMP_TIMESTAMP/20240517-172903
base: net-next/main
patch link: https://lore.kernel.org/r/20240517172639229ec5bN7VBV7SGEHkSK5K6f%40zte.com.cn
patch subject: [PATCH net-next] icmp: Add icmp_timestamp_ignore_all to control ICMP_TIMESTAMP
config: arc-vdk_hs38_defconfig (https://download.01.org/0day-ci/archive/20240518/[email protected]/config)
compiler: arc-elf-gcc (GCC) 13.2.0
reproduce (this is a W=1 build): (https://download.01.org/0day-ci/archive/20240518/[email protected]/reproduce)
If you fix the issue in a separate patch/commit (i.e. not just a new version of
the same patch/commit), kindly add following tags
| Reported-by: kernel test robot <[email protected]>
| Closes: https://lore.kernel.org/oe-kbuild-all/[email protected]/
All warnings (new ones prefixed by >>):
In file included from ./arch/arc/include/generated/asm/rwonce.h:1,
from include/linux/compiler.h:299,
from include/linux/build_bug.h:5,
from include/linux/container_of.h:5,
from include/linux/list.h:5,
from include/linux/module.h:12,
from net/ipv4/icmp.c:62:
net/ipv4/icmp.c: In function 'icmp_timestamp':
>> include/asm-generic/rwonce.h:44:71: warning: 'net' is used uninitialized [-Wuninitialized]
44 | #define __READ_ONCE(x) (*(const volatile __unqual_scalar_typeof(x) *)&(x))
| ^~~~
include/asm-generic/rwonce.h:50:9: note: in expansion of macro '__READ_ONCE'
50 | __READ_ONCE(x); \
| ^~~~~~~~~~~
net/ipv4/icmp.c:1157:13: note: in expansion of macro 'READ_ONCE'
1157 | if (READ_ONCE(net->ipv4.sysctl_icmp_timestamp_ignore_all))
| ^~~~~~~~~
net/ipv4/icmp.c:1155:21: note: 'net' was declared here
1155 | struct net *net;
| ^~~
vim +/net +44 include/asm-generic/rwonce.h
e506ea451254ab1 Will Deacon 2019-10-15 28
e506ea451254ab1 Will Deacon 2019-10-15 29 /*
e506ea451254ab1 Will Deacon 2019-10-15 30 * Yes, this permits 64-bit accesses on 32-bit architectures. These will
e506ea451254ab1 Will Deacon 2019-10-15 31 * actually be atomic in some cases (namely Armv7 + LPAE), but for others we
e506ea451254ab1 Will Deacon 2019-10-15 32 * rely on the access being split into 2x32-bit accesses for a 32-bit quantity
e506ea451254ab1 Will Deacon 2019-10-15 33 * (e.g. a virtual address) and a strong prevailing wind.
e506ea451254ab1 Will Deacon 2019-10-15 34 */
e506ea451254ab1 Will Deacon 2019-10-15 35 #define compiletime_assert_rwonce_type(t) \
e506ea451254ab1 Will Deacon 2019-10-15 36 compiletime_assert(__native_word(t) || sizeof(t) == sizeof(long long), \
e506ea451254ab1 Will Deacon 2019-10-15 37 "Unsupported access size for {READ,WRITE}_ONCE().")
e506ea451254ab1 Will Deacon 2019-10-15 38
e506ea451254ab1 Will Deacon 2019-10-15 39 /*
e506ea451254ab1 Will Deacon 2019-10-15 40 * Use __READ_ONCE() instead of READ_ONCE() if you do not require any
3c9184109e78ea2 Will Deacon 2019-10-30 41 * atomicity. Note that this may result in tears!
e506ea451254ab1 Will Deacon 2019-10-15 42 */
b78b331a3f5c077 Will Deacon 2019-10-15 43 #ifndef __READ_ONCE
e506ea451254ab1 Will Deacon 2019-10-15 @44 #define __READ_ONCE(x) (*(const volatile __unqual_scalar_typeof(x) *)&(x))
b78b331a3f5c077 Will Deacon 2019-10-15 45 #endif
e506ea451254ab1 Will Deacon 2019-10-15 46
--
0-DAY CI Kernel Test Service
https://github.com/intel/lkp-tests/wiki