lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
Open Source and information security mailing list archives
| ||
|
Date: Tue, 28 Apr 2015 02:57:12 +0000 From: Dexuan Cui <decui@...rosoft.com> To: KY Srinivasan <kys@...rosoft.com>, "davem@...emloft.net" <davem@...emloft.net>, "netdev@...r.kernel.org" <netdev@...r.kernel.org>, "linux-kernel@...r.kernel.org" <linux-kernel@...r.kernel.org>, "devel@...uxdriverproject.org" <devel@...uxdriverproject.org>, "olaf@...fle.de" <olaf@...fle.de>, "apw@...onical.com" <apw@...onical.com>, "jasowang@...hat.com" <jasowang@...hat.com> Subject: RE: [PATCH net 1/1] hv_netvsc: Fix a bug in netvsc_start_xmit() > -----Original Message----- > From: devel [mailto:driverdev-devel-bounces@...uxdriverproject.org] On > Behalf Of K. Y. Srinivasan > Sent: Tuesday, April 28, 2015 9:15 > To: davem@...emloft.net; netdev@...r.kernel.org; linux- > kernel@...r.kernel.org; devel@...uxdriverproject.org; olaf@...fle.de; > apw@...onical.com; jasowang@...hat.com > Subject: [PATCH net 1/1] hv_netvsc: Fix a bug in netvsc_start_xmit() > > Commit commit b08cc79155fc26d0d112b1470d1ece5034651a4b > eliminated memory > allocation in the packet send path. This commit introduced a bug since it > did not account for the case if the skb was cloned. Fix this bug by > using the pre-reserved head room only if the skb is not cloned. > > Signed-off-by: K. Y. Srinivasan <kys@...rosoft.com> > --- > drivers/net/hyperv/netvsc_drv.c | 2 +- > 1 files changed, 1 insertions(+), 1 deletions(-) > > diff --git a/drivers/net/hyperv/netvsc_drv.c > b/drivers/net/hyperv/netvsc_drv.c > index a3a9d38..7eb0251 100644 > --- a/drivers/net/hyperv/netvsc_drv.c > +++ b/drivers/net/hyperv/netvsc_drv.c > @@ -421,7 +421,7 @@ check_size: > > pkt_sz = sizeof(struct hv_netvsc_packet) + RNDIS_AND_PPI_SIZE; > > - if (head_room < pkt_sz) { > + if (skb->cloned || head_room < pkt_sz) { > packet = kmalloc(pkt_sz, GFP_ATOMIC); > if (!packet) { > /* out of memory, drop packet */ > -- Without the patch, the guest can panic due to memory corruption. I confirm the patch can fix the panic I saw. Tested-by: Dexuan Cui <decui@...rosoft.com> Thanks, -- Dexuan -- To unsubscribe from this list: send the line "unsubscribe netdev" in the body of a message to majordomo@...r.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html
Powered by blists - more mailing lists