lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [day] [month] [year] [list] 
Date:	Mon, 10 Mar 2008 18:57:55 +0100
From:	Patrick McHardy <kaber@...sh.net>
To:	Pekka Enberg <penberg@...helsinki.fi>
CC:	Netfilter Development Mailinglist 
	<netfilter-devel@...r.kernel.org>, clameter@....com,
	joe@...ches.com, linux-kernel@...r.kernel.org,
	netdev@...r.kernel.org
Subject: Re: [PATCH] netfilter: replace horrible hack with ksize()

Pekka Enberg wrote:
> Hi Patrick,
> 
> Patrick McHardy wrote:
>> > I think you are misunderstanding ksize() (see mm/slub.c::ksize() for 
>> > example).
>>
>> The ksize() description in mm/slab.c matches exactly what netfilter
>> wants to do:
> 
> Agreed.
> 
> Patrick McHardy wrote:
>> The initial allocation size is calculated as max(size, min slab size)
>> and is stored as ext->alloc_size. When adding the first extension,
> 
> Yes, this part is correct, however...
> 
>> it allocates ext->alloc_size of memory and stores both the real amount
>> of space used (ext->len) and the actual size (ext->real_len).
>> When adding further extensions, it calculates the new total amount of
>> space needed (newlen). If that is larger than the real amount of
>> memory allocated (real_len), it reallocates.
> 
> ...looking at nf_ct_ext_create() you do:
> 
>         *ext = kzalloc(real_len, gfp);
>                        ^^^^^^^^
>         if (!*ext)
>                 return NULL;
> 
>         (*ext)->offset[id] = off;
>         (*ext)->len = len;
>         (*ext)->real_len = real_len;
>                            ^^^^^^^^
> 
> You are storing the _object size_ (total amount of memory requested) and 
> not the _buffer size_ (total amount of memory allocated). Keep in mind 
> that object size < buffer size and that ksize() returns the latter.


For all length <= minimum slab size alloc_size (and thus
real_len) is equal to the buffer size. You are correct
however that your patch is fine, I somehow misread the

+       if (newlen >= ksize(ct->ext)) {

part and thought you would always compare against the
minimum slab size.

I've queued your patch and will pass it upstream after
some testing, thanks.
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ