Page MenuHomeFreeBSD
Differential D49347

pf: Further initialize the inner TCP header in pf_test_state_icmp()
AcceptedPublic
Actions

Authored by markj on Fri, Mar 14, 12:39 AM.
Tags
None
Referenced Files
F112521075: D49347.diff
Wed, Mar 19, 6:43 AM
Unknown Object (File)
Mon, Mar 17, 10:20 AM
Unknown Object (File)
Fri, Mar 14, 9:36 AM
Unknown Object (File)
Fri, Mar 14, 4:32 AM
Unknown Object (File)
Fri, Mar 14, 3:02 AM
Subscribers
farrokhi
glebius
imp
melifaro
vegeta_tuxpowered.net

Details

Reviewers
kp
Summary

Otherwise the pointer &th.th_sum passed to pf_change_ap() points to
uninitialized memory, since the portion of the TCP header that we copy
from the packet doesn't include the initial checksum. This triggers a
KMSAN violation.

I believe the checksum value doesn't actually matter here, so it's safe
to initialize it to zero. That is, I don't think this is a real bug.

Diff Detail

Repository
rG FreeBSD src repository
Lint
Lint Skipped
Unit
Tests Skipped
Build Status
Buildable 62908
Build 59792: arc lint + arc unit

Event Timeline

markj created this revision.Fri, Mar 14, 12:39 AM
Herald added subscribers: vegeta_tuxpowered.net, glebius, melifaro and 2 others. · View Herald TranscriptFri, Mar 14, 12:39 AM
markj requested review of this revision.Fri, Mar 14, 12:39 AM
Harbormaster completed remote builds in B62908: Diff 152238.Fri, Mar 14, 12:39 AM
kp accepted this revision.Fri, Mar 14, 7:19 AM

I see why KMSAN complains, and I agree that'd work to fix it, but I wonder if it wouldn't be better to pass a uint32_t dummy_pc to pf_change_ap() to make it more obvious that we're not manipulating the actual TCP checksum (which may or may not be there in the packet anyway).

This revision is now accepted and ready to land.Fri, Mar 14, 7:19 AM
markj added a comment.Fri, Mar 14, 11:13 AM
In D49347#1125439, @kp wrote:

I see why KMSAN complains, and I agree that'd work to fix it, but I wonder if it wouldn't be better to pass a uint32_t dummy_pc to pf_change_ap() to make it more obvious that we're not manipulating the actual TCP checksum (which may or may not be there in the packet anyway).

That's certainly cleaner than what I did, will update.

markj updated this revision to Diff 152259.Fri, Mar 14, 12:44 PM

Apply the suggestion of using a dummy checksum value instead.

This revision now requires review to proceed.Fri, Mar 14, 12:44 PM
Harbormaster completed remote builds in B62917: Diff 152259.Fri, Mar 14, 12:44 PM
kp accepted this revision.Sat, Mar 15, 1:50 AM

The commit message needs tweaking to reflect this version.
That may already be in your local tree, because I believe git-arc doesn’t update the commit message.

This revision is now accepted and ready to land.Sat, Mar 15, 1:50 AM
glebius added a comment.Sat, Mar 15, 2:03 AM
In D49347#1125790, @kp wrote:

The commit message needs tweaking to reflect this version.
That may already be in your local tree, because I believe git-arc doesn’t update the commit message.

Pro-tip: if you change the header of the commit message in git and do exactly same change in the phabricator Web UI to revision title, git-arc would find it.

Revision Contents
Changeset List

PathSize
sys/
netpfil/
pf/
6 lines

Diff 152238

View Options

sys/netpfil/pf/pf.c

Loading...