lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Date:	Wed, 29 Apr 2015 03:51:44 +0000
From:	Dexuan Cui <decui@...rosoft.com>
To:	KY Srinivasan <kys@...rosoft.com>,
	"davem@...emloft.net" <davem@...emloft.net>,
	"netdev@...r.kernel.org" <netdev@...r.kernel.org>,
	"linux-kernel@...r.kernel.org" <linux-kernel@...r.kernel.org>,
	"devel@...uxdriverproject.org" <devel@...uxdriverproject.org>,
	"olaf@...fle.de" <olaf@...fle.de>,
	"apw@...onical.com" <apw@...onical.com>,
	"jasowang@...hat.com" <jasowang@...hat.com>
Subject: RE: [PATCH V2 net 1/1] hv_netvsc: Fix a bug in netvsc_start_xmit()

> -----Original Message-----
> From: devel [mailto:driverdev-devel-bounces@...uxdriverproject.org] On
> Behalf Of K. Y. Srinivasan
> Sent: Wednesday, April 29, 2015 9:00
> To: davem@...emloft.net; netdev@...r.kernel.org; linux-
> kernel@...r.kernel.org; devel@...uxdriverproject.org; olaf@...fle.de;
> apw@...onical.com; jasowang@...hat.com
> Subject: [PATCH V2 net 1/1] hv_netvsc: Fix a bug in netvsc_start_xmit()
> 
> Commit b08cc79155fc26d0d112b1470d1ece5034651a4b eliminated
> memory
> allocation in the packet send path:
> 
>     "hv_netvsc: Eliminate memory allocation in the packet send path
> 
>     The network protocol used to communicate with the host is the remote
> ndis (rndis)
>     protocol. We need to decorate each outgoing packet with a rndis header
> and
>     additional rndis state (rndis per-packet state). To manage this state, we
>     currently allocate memory in the transmit path. Eliminate this allocation
> by
>     requesting additional head room in the skb."
> 
> This commit introduced a bug since it did not account for the case if the skb
> was cloned. Fix this bug.
> 
> 
> Signed-off-by: K. Y. Srinivasan <kys@...rosoft.com>
> ---
> 	V2: Used skb_cow_head() based on Dave Miller's feedback
> 	V2: Fixed up the commit log based on feedback from Sergei
> Shtylyov
> 
>  drivers/net/hyperv/hyperv_net.h |    1 -
>  drivers/net/hyperv/netvsc.c     |    5 -----
>  drivers/net/hyperv/netvsc_drv.c |   27 +++++++--------------------
>  3 files changed, 7 insertions(+), 26 deletions(-)

Without the patch, the guest can panic due to memory corruption.

I confirm the patch can fix the panic I saw.

Tested-by: Dexuan Cui <decui@...rosoft.com>

-- Dexuan
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/

Powered by blists - more mailing lists