| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Mon, 13 Aug 2012 11:26:04 +0100 From: Mel Gorman <mgorman@...e.de> To: David Miller <davem@...emloft.net> Cc: linux-mm@...ck.org, linux-kernel@...r.kernel.org, netdev@...r.kernel.org, xen-devel@...ts.xensource.com, konrad@...nok.org, Ian.Campbell@...citrix.com, Jeremy Fitzhardinge <jeremy@...source.com>, akpm@...ux-foundation.org Subject: Re: [PATCH] netvm: check for page == NULL when propogating the skb->pfmemalloc flag On Wed, Aug 08, 2012 at 03:50:46PM -0700, David Miller wrote: > From: Mel Gorman <mgorman@...e.de> > Date: Tue, 7 Aug 2012 09:55:55 +0100 > > > Commit [c48a11c7: netvm: propagate page->pfmemalloc to skb] is responsible > > for the following bug triggered by a xen network driver > ... > > The problem is that the xenfront driver is passing a NULL page to > > __skb_fill_page_desc() which was unexpected. This patch checks that > > there is a page before dereferencing. > > > > Reported-and-Tested-by: Konrad Rzeszutek Wilk <konrad.wilk@...cle.com> > > Signed-off-by: Mel Gorman <mgorman@...e.de> > > That call to __skb_fill_page_desc() in xen-netfront.c looks completely bogus. > It's the only driver passing NULL here. > > That whole song and dance figuring out what to do with the head > fragment page, depending upon whether the length is greater than the > RX_COPY_THRESHOLD, is completely unnecessary. > > Just use something like a call to __pskb_pull_tail(skb, len) and all > that other crap around that area can simply be deleted. I looked at this for a while but I did not see how __pskb_pull_tail() could be used sensibly but I'm simily not familiar with writing network device drivers or Xen. This messing with RX_COPY_THRESHOLD seems to be related to how the frontend and backend communicate (maybe some fixed limitation of the xenbus). The existing code looks like it is trying to take the fragments received and pass them straight to the backend without copying by passing the fragments to the backend without copying. I worry that if I try converting this to __pskb_pull_tail() that it would either hit the limitation of xenbus or introduce copying where it is not wanted. I'm going to have to punt this to Jeremy and the other Xen folk as I'm not sure what the original intention was and I don't have a Xen setup anywhere to test any patch. Jeremy, xen folk? -- Mel Gorman SUSE Labs -- To unsubscribe from this list: send the line "unsubscribe netdev" in the body of a message to majordomo@...r.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html
Powered by blists - more mailing lists