| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Wed, 1 Jul 2015 17:05:21 -0700
From: Alex Gartrell <alexgartrell@...il.com>
To: Eric Dumazet <edumazet@...gle.com>
Cc: David Miller <davem@...emloft.net>,
"agartrell@...com" <agartrell@...com>,
netdev <netdev@...r.kernel.org>, kernel-team <kernel-team@...com>
Subject: Re: [PATCH net-next] net: bail on sock_wfree, sock_rfree when we have
a TCP_TIMEWAIT sk
On Wed, Jul 1, 2015 at 4:26 PM, Eric Dumazet <edumazet@...gle.com> wrote:
> I think you are mistaken Alex.
Indeed, I was! Should be unsurpising.
>
> socket early demux cannot possibly set skb->destructor to sock_rfree()
Yeah I will admit adding the code to sock_rfree reflexively out of paranoia.
> If skb->destructor is set by early demux, it correctly points to sock_edemux()
>
> And this one correctly handles all socket variants.
Yes, the problem appears to be in ip_vs_prepare_tunneled_skb
(ip_vs_xmit.c:859 in 4.0)
if (skb_headroom(skb) < max_headroom || skb_cloned(skb)) {
new_skb = skb_realloc_headroom(skb, max_headroom);
if (!new_skb)
goto error;
if (skb->sk)
skb_set_owner_w(new_skb, skb->sk);
consume_skb(skb);
skb = new_skb;
}
skb_set_owner_w sets sock_wfree.
I'll figure out how to ensure that we're using an appropriate destructor here.
Appreciate the patience!
--
Alex Gartrell <agartrell@...com>
--
To unsubscribe from this list: send the line "unsubscribe netdev" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at http://vger.kernel.org/majordomo-info.html
Powered by blists - more mailing lists