lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  PHC 
Open Source and information security mailing list archives
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Date:	Tue, 11 Mar 2014 05:56:40 +0800
From:	Herbert Xu <>
To:	"Michael S. Tsirkin" <>
	David Miller <>,
	Eric Dumazet <>,
	Daniel Borkmann <>,
	Simon Horman <>,
	Paul Durrant <>,
	Thomas Graf <>, Miklos Szeredi <>,
	=?UTF-8?q?Peter=20Pan=28=E6=BD=98=E5=8D=AB=E5=B9=B3=29?= <>,
Subject: Re: [PATCH 5/5] skbuff: skb_segment: orphan frags before copying

On Mon, Mar 10, 2014 at 11:52:36PM +0200, Michael S. Tsirkin wrote:
> The cover letter has more detail:

For some reason I didn't receive this cover letter.
> 	skb_segment ... moves frags
> 	between skbs without orphaning them.
> 	This causes userspace to assume it's safe to
> 	reuse the buffer, and receiver gets corrupted data.
> 	This further might leak information from the
> 	transmitter on the wire.
> if still unclear, pls let me know.

Why can't we deal with this by simply postponing the copy until
later? IOW if we pass along SKBTX_SHARED_FRAG will it work?

Email: Herbert Xu <>
Home Page:
PGP Key:
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to
More majordomo info at
Please read the FAQ at

Powered by blists - more mailing lists