| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Mon, 09 Jan 2012 16:12:00 +0100
From: Eric Dumazet <eric.dumazet@...il.com>
To: Manfred Rudigier <manfred.rudigier@...cron.at>
Cc: davem@...emloft.net, netdev@...r.kernel.org,
afleming@...escale.com, avorontsov@...sta.com,
richardcochran@...il.com
Subject: Re: [PATCH v2] gianfar: Fix invalid TX frames returned on error
queue when time stamping.
Le lundi 09 janvier 2012 à 15:52 +0100, Manfred Rudigier a écrit :
> When TX time stamping for PTP messages is enabled on a socket, a time
> stamp is returned on the socket error queue to the user space application
> after the frame was transmitted. The transmitted frame is also returned on
> the error queue so that an application knows to which frame the time stamp
> belongs.
...
> /* make space for additional header when fcb is needed */
> if (((skb->ip_summed == CHECKSUM_PARTIAL) ||
> vlan_tx_tag_present(skb) ||
> unlikely(do_tstamp)) &&
> - (skb_headroom(skb) < GMAC_FCB_LEN)) {
> + (skb_headroom(skb) < fcb_length)) {
> struct sk_buff *skb_new;
>
> - skb_new = skb_realloc_headroom(skb, GMAC_FCB_LEN);
> + skb_new = skb_realloc_headroom(skb, fcb_length);
> if (!skb_new) {
> dev->stats.tx_errors++;
> kfree_skb(skb);
> return NETDEV_TX_OK;
> }
> +
> + /* Hold sock reference for processing TX time stamps */
> + if (unlikely(do_tstamp)) {
> + struct sock *sk = skb->sk;
Not clear to me why sk_refcnt could be 0 here
> + if (!atomic_inc_not_zero(&sk->sk_refcnt)) {
> + dev->stats.tx_errors++;
> + kfree_skb(skb_new);
> + kfree_skb(skb);
> + return NETDEV_TX_OK;
> + }
> + skb_new->sk = skb->sk;
> + }
> +
> kfree_skb(skb);
> skb = skb_new;
Not clear to me why ->destructor access is not needed here.
This change should be isolated from your patch IMHO
I would rather do something like :
diff --git a/drivers/net/ethernet/freescale/gianfar.c b/drivers/net/ethernet/freescale/gianfar.c
index e01cdaa..8e00461 100644
--- a/drivers/net/ethernet/freescale/gianfar.c
+++ b/drivers/net/ethernet/freescale/gianfar.c
@@ -2086,6 +2086,8 @@ static int gfar_start_xmit(struct sk_buff *skb, struct net_device *dev)
kfree_skb(skb);
return NETDEV_TX_OK;
}
+ swap(skb_new->sk, skb->sk);
+ swap(skb_new->destructor, skb->destructor);
kfree_skb(skb);
skb = skb_new;
}
--
To unsubscribe from this list: send the line "unsubscribe netdev" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at http://vger.kernel.org/majordomo-info.html
Powered by blists - more mailing lists