| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Tue, 2 Jan 2018 13:34:12 -0800
From: John Fastabend <john.fastabend@...il.com>
To: David Miller <davem@...emloft.net>, weiyongjun1@...wei.com
Cc: jhs@...atatu.com, xiyou.wangcong@...il.com, jiri@...nulli.us,
netdev@...r.kernel.org
Subject: Re: [PATCH net-next v3] net: sched: fix skb leak in dev_requeue_skb()
On 01/02/2018 10:49 AM, David Miller wrote:
> From: Wei Yongjun <weiyongjun1@...wei.com>
> Date: Wed, 27 Dec 2017 17:05:52 +0800
>
>> When dev_requeue_skb() is called with bluked skb list, only the
> ^^^^^^
>
> "bulked"
>
>> first skb of the list will be requeued to qdisc layer, and leak
>> the others without free them.
>>
>> TCP is broken due to skb leak since no free skb will be considered
>> as still in the host queue and never be retransmitted. This happend
>> when dev_requeue_skb() called from qdisc_restart().
>> qdisc_restart
>> |-- dequeue_skb
>> |-- sch_direct_xmit()
>> |-- dev_requeue_skb() <-- skb may bluked
>>
>> Fix dev_requeue_skb() to requeue the full bluked list. Also change
>> to use __skb_queue_tail() in __dev_requeue_skb() to avoid skb out
>> of order.>>
>> Fixes: a53851e2c321 ("net: sched: explicit locking in gso_cpu fallback")
>> Signed-off-by: Wei Yongjun <weiyongjun1@...wei.com>
>> ---
>> v2 -> v3: move lock out of while loop
>
> Applied, thank you.
>
Bit late on my review but LGTM thanks!
Powered by blists - more mailing lists