lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [day] [month] [year] [list] 
Message-ID: <0e8a23d0-a16b-20f1-f465-31bc306ee24b@virtuozzo.com>
Date:   Tue, 13 Jul 2021 15:31:12 +0300
From:   Vasily Averin <vvs@...tuozzo.com>
To:     "David S. Miller" <davem@...emloft.net>,
        Hideaki YOSHIFUJI <yoshfuji@...ux-ipv6.org>,
        David Ahern <dsahern@...nel.org>,
        Jakub Kicinski <kuba@...nel.org>,
        Eric Dumazet <eric.dumazet@...il.com>
Cc:     netdev@...r.kernel.org, linux-kernel@...r.kernel.org
Subject: Re: [PATCH IPV6 v3 1/1] ipv6: allocate enough headroom in
 ip6_finish_output2()

On 7/13/21 10:46 AM, Vasily Averin wrote:
>> +			if (likely(nskb)) {
>> +				if (skb->sk)
>> +					skb_set_owner_w(skb, skb->sk);
> 
> need to assign sk not to skb but to nskb 
> 
>> +				consume_skb(skb);
>> +			} else {
>> +				kfree_skb(skb);

Please disread, I was wrong here.
> It is quite strange to call consume_skb() on one case and kfree_skb() in another one.
> We know that original skb was shared so we should not call kfree_skb here.
> 
> Btw I've noticed similar problem in few other cases:
> in pptp_xmit, pvc_xmit, ip_vs_prepare_tunneled_skb
> they call consume_skb() in case of success and kfree_skb on error path.
> It looks like potential bug for me.

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ