lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
Open Source and information security mailing list archives
| ||
|
Date: Sat, 21 Apr 2012 16:23:56 +0800 From: Huajun Li <huajun.li.lee@...il.com> To: Ming Lei <tom.leiming@...il.com> Cc: Oliver Neukum <oneukum@...e.de>, Alan Stern <stern@...land.harvard.edu>, Dave Jones <davej@...hat.com>, netdev@...r.kernel.org, linux-usb@...r.kernel.org, Fedora Kernel Team <kernel-team@...oraproject.org> Subject: Re: use-after-free in usbnet On Sat, Apr 21, 2012 at 3:56 PM, Ming Lei <tom.leiming@...il.com> wrote: > Hi Huajun, > > On Sat, Apr 21, 2012 at 3:50 PM, Huajun Li <huajun.li.lee@...il.com> wrote: > >> Did we on the same page, could you please review my patch again? >> >> My draft patch was based on current mainline( 3.4.0-rc3) which had >> already integrated your previous patch. And in my patch, it replaced >> skb_queue_walk_safe() with skb_queue_walk(), so you will not see 'tmp >> = skb->next' any more. > > Replace skb_queue_walk_safe with skb_queue_walk doesn't improve > the problem, since 'skb = skb->next' in skb_queue_walk still may trigger > the oops, does it? > No. In each loop, my patch traverse the queue from its head, and it always holds q->lock when it need refer "skb->next", this can make sure the right skb is not moved out of rxq/txq. Can this fix what you concern? If so, IMO, there is no need to revert your previous patch. -- To unsubscribe from this list: send the line "unsubscribe netdev" in the body of a message to majordomo@...r.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html
Powered by blists - more mailing lists