Received: by 2002:a25:683:0:0:0:0:0 with SMTP id 125csp283724ybg; Mon, 8 Jun 2020 23:58:54 -0700 (PDT) X-Google-Smtp-Source: ABdhPJxu21DuUDiciS3Nqof8z8yNvbL3UFzLW0E5Xomtk6vvMzZ6Md+7Ww95U9FjKkhrhHyEbtC/ X-Received: by 2002:aa7:cd42:: with SMTP id v2mr24545489edw.360.1591685933983; Mon, 08 Jun 2020 23:58:53 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1591685933; cv=none; d=google.com; s=arc-20160816; b=TF360mDmZ1jH5TOEMuuQuQVKqpUyfvePhFT6UoikwdjEGogtTe+t4kusSDVDtcLE/w TUewVIiSgicbbvCP+bLJRPM9fAkiX2BOvRgWAf5rSSAu7eHoWfqoX3M6eHGmGjeWyupq M11oNw++tDI3q0DfroCIFjUIEsBm+IAqTne/6QSdd0BcUmP2r6xfAVRtbZFnVJ65b8dW YXyPlWtSa1a9p9Nw77jU4oO+gPS6I2/4A7zNU2vG6ru8A3uOhUQBrXxS54NCsqPdPpd/ i2+cfFbqaZej6xcO4j96SHc8OkMHMC0hyu+8ywdujEQPRC6JV4GdUKlifjGX8DUiVeti F49Q== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:in-reply-to:content-disposition :mime-version:references:message-id:subject:cc:to:from:date :dkim-signature; bh=K8ADmmX7v+hv/X8ogy48EiWtb/0gZSHGu5XCN38uzLo=; b=hWK5lFd62QoGGDy9xv14KFBdZjJU5z7m4IWcIPUKaM+2+xgrCN7x33TGHptsZafteW Evj4aSzmYfSBp/RQZw+DJJIf8OeRahQOZgKws7lGF4PqUT2fjCVp+SI9FOXkr3YMIbJ8 FEWnk2zrJ4fmOnO6HS8OuyVlGrM5hlZfl0R3FCucaOM2mXFWnFPV6KO/8DMlal9dj9L6 ndJRYStWHVgrn3GTB4WGX3vEfVaogvEE7W5MUbulkRJhUb+04G9lODtqEMZ1j/z+ATXH 0kpkhjUe8uirj0yAHFykhb0KiNNl6OX9q9ZPKoYS/8YVjXA6oYhGBK4kt1uo43VIP9n/ pdxg== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@messagingengine.com header.s=fm3 header.b=iianZOFy; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Return-Path: Received: from vger.kernel.org (vger.kernel.org. [23.128.96.18]) by mx.google.com with ESMTP id e1si10356348ejr.737.2020.06.08.23.58.30; Mon, 08 Jun 2020 23:58:53 -0700 (PDT) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) client-ip=23.128.96.18; Authentication-Results: mx.google.com; dkim=pass header.i=@messagingengine.com header.s=fm3 header.b=iianZOFy; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1728041AbgFIGzy (ORCPT + 99 others); Tue, 9 Jun 2020 02:55:54 -0400 Received: from out3-smtp.messagingengine.com ([66.111.4.27]:45221 "EHLO out3-smtp.messagingengine.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1726886AbgFIGzx (ORCPT ); Tue, 9 Jun 2020 02:55:53 -0400 Received: from compute4.internal (compute4.nyi.internal [10.202.2.44]) by mailout.nyi.internal (Postfix) with ESMTP id B00815C0057; Tue, 9 Jun 2020 02:55:51 -0400 (EDT) Received: from mailfrontend1 ([10.202.2.162]) by compute4.internal (MEProxy); Tue, 09 Jun 2020 02:55:51 -0400 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d= messagingengine.com; h=cc:content-type:date:from:in-reply-to :message-id:mime-version:references:subject:to:x-me-proxy :x-me-proxy:x-me-sender:x-me-sender:x-sasl-enc; s=fm3; bh=K8ADmm X7v+hv/X8ogy48EiWtb/0gZSHGu5XCN38uzLo=; b=iianZOFy5NXWR1Q3QRxzAs TYGq2I78ucdzlzojnu3c1HIKqiWWb9EE1y1X0PIZ7QnBWShyUFgeQGdIJ44V0oZR thmfmqrlGRFWH61BP4mSxFih5Riimag7FTm4RYCMWWEdqCkDGagO6JrfJyeBiBso EVx7VdEZ0KlnQtEsq5W3DFOw2V+mnO02fyLcxoSYiwZO1BSviqR0guK2JKMkn0mo CQsnNHP+n/6AlCrpqPMMMwFwnA4D8gKVPowjHGud6nnzSmHLf2cIVKqGBZF5yrnT fG/gMeVRepjXAEXgkO9i1s+s3sVPAup0l5pbaST9Y+Nb67J+Ryzj5Un03wz9XaLQ == X-ME-Sender: X-ME-Proxy-Cause: gggruggvucftvghtrhhoucdtuddrgeduhedrudehfedgudduiecutefuodetggdotefrod ftvfcurfhrohhfihhlvgemucfhrghsthforghilhdpqfgfvfdpuffrtefokffrpgfnqfgh necuuegrihhlohhuthemuceftddtnecusecvtfgvtghiphhivghnthhsucdlqddutddtmd enucfjughrpeffhffvuffkfhggtggujgesthdtredttddtvdenucfhrhhomhepkfguohcu ufgthhhimhhmvghluceoihguohhstghhsehiughoshgthhdrohhrgheqnecuggftrfgrth htvghrnhephefgueetjedtgfelffelhfehleelteeiuddtvefhfedvgfdvteejuedvgfdu veefnecuffhomhgrihhnpehkvghrnhgvlhdrohhrghdpihgvthhfrdhorhhgnecukfhppe ejledrudejkedrgeehrddvvdefnecuvehluhhsthgvrhfuihiivgeptdenucfrrghrrghm pehmrghilhhfrhhomhepihguohhstghhsehiughoshgthhdrohhrgh X-ME-Proxy: Received: from localhost (bzq-79-178-45-223.red.bezeqint.net [79.178.45.223]) by mail.messagingengine.com (Postfix) with ESMTPA id 13EEF328005D; Tue, 9 Jun 2020 02:55:50 -0400 (EDT) Date: Tue, 9 Jun 2020 09:55:48 +0300 From: Ido Schimmel To: Sasha Levin Cc: linux-kernel@vger.kernel.org, stable@vger.kernel.org, Ido Schimmel , Nikolay Aleksandrov , "David S . Miller" , netdev@vger.kernel.org Subject: Re: [PATCH AUTOSEL 5.7 264/274] vxlan: Avoid infinite loop when suppressing NS messages with invalid options Message-ID: <20200609065548.GA2113611@splinter> References: <20200608230607.3361041-1-sashal@kernel.org> <20200608230607.3361041-264-sashal@kernel.org> MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <20200608230607.3361041-264-sashal@kernel.org> Sender: linux-kernel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org On Mon, Jun 08, 2020 at 07:05:57PM -0400, Sasha Levin wrote: > From: Ido Schimmel > > [ Upstream commit 8066e6b449e050675df48e7c4b16c29f00507ff0 ] Hi, In the same patch set I also included a similar fix for the bridge module: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=53fc685243bd6fb90d90305cea54598b78d3cbfc But I don't see it in the patch sets you sent. Don't see it here as well: https://git.kernel.org/pub/scm/linux/kernel/git/stable/stable-queue.git/tree/queue-5.7 https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/log/?h=linux-5.7.y Did it get lost or it's just pending somewhere else? Thanks > > When proxy mode is enabled the vxlan device might reply to Neighbor > Solicitation (NS) messages on behalf of remote hosts. > > In case the NS message includes the "Source link-layer address" option > [1], the vxlan device will use the specified address as the link-layer > destination address in its reply. > > To avoid an infinite loop, break out of the options parsing loop when > encountering an option with length zero and disregard the NS message. > > This is consistent with the IPv6 ndisc code and RFC 4886 which states > that "Nodes MUST silently discard an ND packet that contains an option > with length zero" [2]. > > [1] https://tools.ietf.org/html/rfc4861#section-4.3 > [2] https://tools.ietf.org/html/rfc4861#section-4.6 > > Fixes: 4b29dba9c085 ("vxlan: fix nonfunctional neigh_reduce()") > Signed-off-by: Ido Schimmel > Acked-by: Nikolay Aleksandrov > Signed-off-by: David S. Miller > Signed-off-by: Sasha Levin > --- > drivers/net/vxlan.c | 4 ++++ > 1 file changed, 4 insertions(+) > > diff --git a/drivers/net/vxlan.c b/drivers/net/vxlan.c > index a5b415fed11e..779e56c43d27 100644 > --- a/drivers/net/vxlan.c > +++ b/drivers/net/vxlan.c > @@ -1924,6 +1924,10 @@ static struct sk_buff *vxlan_na_create(struct sk_buff *request, > ns_olen = request->len - skb_network_offset(request) - > sizeof(struct ipv6hdr) - sizeof(*ns); > for (i = 0; i < ns_olen-1; i += (ns->opt[i+1]<<3)) { > + if (!ns->opt[i + 1]) { > + kfree_skb(reply); > + return NULL; > + } > if (ns->opt[i] == ND_OPT_SOURCE_LL_ADDR) { > daddr = ns->opt + i + sizeof(struct nd_opt_hdr); > break; > -- > 2.25.1 >