| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Fri, 30 Jul 2010 09:54:15 +0800
From: Xin Xiaohui <xiaohui.xin@...el.com>
To: netdev@...r.kernel.org, herbert@...dor.apana.org.au,
davem@...emloft.net
Cc: Xin Xiaohui <xiaohui.xin@...el.com>
Subject: Is it a possible bug in dev_gro_receive()?
I looked into the code dev_gro_receive(), found the code here:
if the frags[0] is pulled to 0, then the page will be released,
and memmove() frags left.
Is that right? I'm not sure if memmove do right or not, but
frags[0].size is never set after memove at least. what I think
a simple way is not to do anything if we found frags[0].size == 0.
The patch is as followed.
Or am I missing something here?
---
net/core/dev.c | 7 -------
1 files changed, 0 insertions(+), 7 deletions(-)
diff --git a/net/core/dev.c b/net/core/dev.c
index 264137f..28cdbbf 100644
--- a/net/core/dev.c
+++ b/net/core/dev.c
@@ -2730,13 +2730,6 @@ pull:
skb_shinfo(skb)->frags[0].page_offset += grow;
skb_shinfo(skb)->frags[0].size -= grow;
-
- if (unlikely(!skb_shinfo(skb)->frags[0].size)) {
- put_page(skb_shinfo(skb)->frags[0].page);
- memmove(skb_shinfo(skb)->frags,
- skb_shinfo(skb)->frags + 1,
- --skb_shinfo(skb)->nr_frags);
- }
}
ok:
--
1.5.4.4
--
To unsubscribe from this list: send the line "unsubscribe netdev" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at http://vger.kernel.org/majordomo-info.html
Powered by blists - more mailing lists