| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Wed, 2 May 2018 16:50:28 +0300 From: Tariq Toukan <tariqt@...lanox.com> To: David Miller <davem@...emloft.net>, srn@...mr.com Cc: yishaih@...lanox.com, netdev@...r.kernel.org Subject: Re: [PATCH v2] net/mlx4_en: fix potential use-after-free with dma_unmap_page On 28/04/2018 2:48 AM, David Miller wrote: > From: Sarah Newman <srn@...mr.com> > Date: Wed, 25 Apr 2018 21:00:34 -0700 > >> When swiotlb is in use, calling dma_unmap_page means that >> the original page mapped with dma_map_page must still be valid >> as swiotlb will copy data from its internal cache back to the >> originally requested DMA location. When GRO is enabled, >> all references to the original frag may be put before >> mlx4_en_free_frag is called, meaning the page has been freed >> before the call to dma_unmap_page in mlx4_en_free_frag. >> >> To fix, unmap the page as soon as possible. >> >> This can be trivially detected by doing the following: >> >> Compile the kernel with DEBUG_PAGEALLOC >> Run the kernel as a Xen Dom0 >> Leave GRO enabled on the interface >> Run a 10 second or more test with iperf over the interface. >> >> Signed-off-by: Sarah Newman <srn@...mr.com> > > Tariq, I assume I will get this from you in the next set of > changes you submit to me. > > Thanks. > This patch fixes an issue existing in old kernels. It is not relevant per latest code. So I'm not sure about the process. After I review it, do I just submit it again for -stable? Thanks.
Powered by blists - more mailing lists