| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <0835B3720019904CB8F7AA43166CEEB2F18A049D@RTITMBSVM03.realtek.com.tw>
Date: Fri, 21 Jun 2019 07:37:52 +0000
From: Hayes Wang <hayeswang@...ltek.com>
To: "netdev@...r.kernel.org" <netdev@...r.kernel.org>
CC: "linux-kernel@...r.kernel.org" <linux-kernel@...r.kernel.org>,
nic_swsd <nic_swsd@...ltek.com>
Subject: RE: skb_to_sgvec() causes sg_pcopy_to_buffer() wrong
> Use skb_to_sgvec() to set scatter list, and sometime we would get a
> sg->offset which is more than PAGE_SIZE. Call sg_pcopy_to_buffer()
> with this scatter list would get wrong data.
>
> In sg_miter_get_next_page(), you would get wrong miter->__remaining,
> when the sg->offset is more than PAGE_SIZE.
>
> static bool sg_miter_get_next_page(struct sg_mapping_iter *miter)
> {
> if (!miter->__remaining) {
> struct scatterlist *sg;
> unsigned long pgoffset;
>
> if (!__sg_page_iter_next(&miter->piter))
> return false;
>
> sg = miter->piter.sg;
> pgoffset = miter->piter.sg_pgoffset;
>
> miter->__offset = pgoffset ? 0 : sg->offset;
> miter->__remaining = sg->offset + sg->length -
> (pgoffset << PAGE_SHIFT) - miter->__offset;
> miter->__remaining = min_t(unsigned long, miter->__remaining,
> PAGE_SIZE - miter->__offset);
> }
>
> return true;
> }
Excuse me. The following patch could solve my problem.
https://patchwork.kernel.org/patch/11000549/
Best Regards,
Hayes
Powered by blists - more mailing lists