| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Mon, 27 Sep 2010 21:12:37 +0200 From: Eric Dumazet <eric.dumazet@...il.com> To: Tom Herbert <therbert@...gle.com> Cc: "Michael S. Tsirkin" <mst@...hat.com>, netdev@...r.kernel.org, davem@...emloft.net, sridharr@...gle.com Subject: Re: [PATCH v3] xmit_compl_seq: information to reclaim vmsplice buffers Le lundi 27 septembre 2010 à 11:38 -0700, Tom Herbert a écrit : > > > > Can not packets referencing this memory > > still be outstanding at the NIC device, if retransmit happens > > before the ack but after the packet was passed to a device? > > > > It's true that the reftransmit will likely get discarded > > by the remote end, but this might be a security issue > > if an application puts sensitive data in the buffer > > and that gets inadvertently sent on the wire, can it not? > > > Yes, this hole probably does exist. I don't know how to fix it other > than more API that specifically reports when all references to a > buffer are released. In the case of TCP that probably means we'd need > a destructor. Hmm, thats a serious problem IMHO. This would need destructor on data, not on skb (see previous discussion about early skb_orphan and af_packet) Then, it needs to handle an ordered list of packets in flight, to be able to return the sequence of the first packet. Alternative would be to copy data on retransmits, for tcp sockets using SOCK_XMIT_COMPL_SEQ. (ie not using skb_clone but skb_copy()) -- To unsubscribe from this list: send the line "unsubscribe netdev" in the body of a message to majordomo@...r.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html
Powered by blists - more mailing lists