lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
Open Source and information security mailing list archives
| ||
|
Date: Thu, 24 Feb 2022 10:33:19 -0800 From: Jakub Kicinski <kuba@...nel.org> To: "lena.wang" <lena.wang@...iatek.com> Cc: Eric Dumazet <edumazet@...gle.com>, <davem@...emloft.net>, <matthias.bgg@...il.com>, <netdev@...r.kernel.org>, <linux-kernel@...r.kernel.org>, <wsd_upstream@...iatek.com>, <hao.lin@...iatek.com> Subject: Re: [PATCH] net:fix up skbs delta_truesize in UDP GRO frag_list On Thu, 24 Feb 2022 09:08:35 -0800 Jakub Kicinski wrote: > On Wed, 23 Feb 2022 18:08:47 +0800 lena.wang wrote: > > The truesize for a UDP GRO packet is added by main skb and skbs in main > > skb's frag_list: > > skb_gro_receive_list > > p->truesize += skb->truesize; > > > > When uncloning skb, it will call pskb_expand_head and trusesize for > > frag_list skbs may increase. This can occur when allocators uses > > __netdev_alloc_skb and not jump into __alloc_skb. This flow does not > > use ksize(len) to calculate truesize while pskb_expand_head uses. > > skb_segment_list > > err = skb_unclone(nskb, GFP_ATOMIC); > > pskb_expand_head > > if (!skb->sk || skb->destructor == sock_edemux) > > skb->truesize += size - osize; > > > > If we uses increased truesize adding as delta_truesize, it will be > > larger than before and even larger than previous total truesize value > > if skbs in frag_list are abundant. The main skb truesize will become > > smaller and even a minus value or a huge value for an unsigned int > > parameter. Then the following memory check will drop this abnormal skb. > > > > To avoid this error we should use the original truesize to segment the > > main skb. > > > > Signed-off-by: lena wang <lena.wang@...iatek.com> Eric pointed out this patch did not make it to the mailing list. It was also whitespace damaged and line wrapped. Could you resend with git send-email?
Powered by blists - more mailing lists