AuxXxilium/linux_dsm_epyc7002
1
0
Fork 0
mirror of https://github.com/AuxXxilium/linux_dsm_epyc7002.git synced 2024-12-28 11:18:45 +07:00
Code Issues Actions Packages Projects Releases Wiki Activity
933,426 Commits 1 Branch 0 Tags 2 GiB
C 97.7%
Assembly 1.2%
Shell 0.3%
Makefile 0.3%
Python 0.2%
Other 0.1%
1ca0fafd73
Go to file
Eric Dumazet 1ca0fafd73 tcp: md5: allow changing MD5 keys in all socket states 
This essentially reverts commit 7212303268 ("tcp: md5: reject TCP_MD5SIG
or TCP_MD5SIG_EXT on established sockets")

Mathieu reported that many vendors BGP implementations can
actually switch TCP MD5 on established flows.

Quoting Mathieu :
   Here is a list of a few network vendors along with their behavior
   with respect to TCP MD5:

   - Cisco: Allows for password to be changed, but within the hold-down
     timer (~180 seconds).
   - Juniper: When password is initially set on active connection it will
     reset, but after that any subsequent password changes no network
     resets.
   - Nokia: No notes on if they flap the tcp connection or not.
   - Ericsson/RedBack: Allows for 2 password (old/new) to co-exist until
     both sides are ok with new passwords.
   - Meta-Switch: Expects the password to be set before a connection is
     attempted, but no further info on whether they reset the TCP
     connection on a change.
   - Avaya: Disable the neighbor, then set password, then re-enable.
   - Zebos: Would normally allow the change when socket connected.

We can revert my prior change because commit 9424e2e7ad ("tcp: md5: fix potential
overestimation of TCP option space") removed the leak of 4 kernel bytes to
the wire that was the main reason for my patch.

While doing my investigations, I found a bug when a MD5 key is changed, leading
to these commits that stable teams want to consider before backporting this revert :

 Commit 6a2febec33 ("tcp: md5: add missing memory barriers in tcp_md5_do_add()/tcp_md5_hash_key()")
 Commit e6ced831ef ("tcp: md5: refine tcp_md5_do_add()/tcp_md5_hash_key() barriers")

Fixes: 7212303268 "tcp: md5: reject TCP_MD5SIG or TCP_MD5SIG_EXT on established sockets"
Signed-off-by: Eric Dumazet <edumazet@google.com>
Reported-by: Mathieu Desnoyers <mathieu.desnoyers@efficios.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
2020-07-02 14:07:49 -07:00
arch s390 fixes for 5.8-rc3 2020-06-25 09:24:28 -07:00
block block-5.8-2020-06-19 2020-06-19 13:11:26 -07:00
certs
crypto crypto: drbg - always try to free Jitter RNG instance 2020-06-15 17:38:54 +10:00
Documentation Merge git://git.kernel.org/pub/scm/linux/kernel/git/bpf/bpf 2020-06-30 14:20:45 -07:00
drivers net: dsa: microchip: enable ksz9893 via i2c in the ksz9477 driver 2020-07-01 17:48:47 -07:00
fs \n 2020-06-25 13:02:58 -07:00
include genetlink: remove genl_bind 2020-07-01 15:49:11 -07:00
init Kbuild updates for v5.8 (2nd) 2020-06-13 13:29:16 -07:00
ipc mmap locking API: use coccinelle to convert mmap_sem rwsem call sites 2020-06-09 09:39:14 -07:00
kernel Merge git://git.kernel.org/pub/scm/linux/kernel/git/bpf/bpf 2020-06-30 14:20:45 -07:00
lib lib: packing: add documentation for pbuflen argument 2020-06-28 20:45:27 -07:00
LICENSES
mm powerpc fixes for 5.8 #3 2020-06-21 10:02:53 -07:00
net tcp: md5: allow changing MD5 keys in all socket states 2020-07-02 14:07:49 -07:00
samples Merge git://git.kernel.org/pub/scm/linux/kernel/git/netdev/net 2020-06-25 18:27:40 -07:00
scripts Kbuild fixes for v5.8 2020-06-21 12:44:52 -07:00
security selinux/stable-5.8 PR 20200621 2020-06-21 15:41:24 -07:00
sound sound fixes for 5.8-rc3 2020-06-25 09:15:24 -07:00
tools Merge git://git.kernel.org/pub/scm/linux/kernel/git/bpf/bpf 2020-06-30 14:20:45 -07:00
usr
virt MIPS: 2020-06-12 11:05:52 -07:00
.clang-format
.cocciconfig
.get_maintainer.ignore
.gitattributes
.gitignore modpost: generate vmlinux.symvers and reuse it for the second modpost 2020-06-06 23:38:12 +09:00
.mailmap
COPYING
CREDITS
Kbuild
Kconfig
MAINTAINERS Merge git://git.kernel.org/pub/scm/linux/kernel/git/netdev/net 2020-06-25 18:27:40 -07:00
Makefile Linux 5.8-rc2 2020-06-21 15:45:29 -07:00
README

README 

Linux kernel
============

There are several guides for kernel developers and users. These guides can
be rendered in a number of formats, like HTML and PDF. Please read
Documentation/admin-guide/README.rst first.

In order to build the documentation, use ``make htmldocs`` or
``make pdfdocs``.  The formatted documentation can also be read online at:

    https://www.kernel.org/doc/html/latest/

There are various text files in the Documentation/ subdirectory,
several of them using the Restructured Text markup notation.

Please read the Documentation/process/changes.rst file, as it contains the
requirements for building and running the kernel, and information about
the problems which may result by upgrading your kernel.