| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <20240305190427.757b92b8@kernel.org> Date: Tue, 5 Mar 2024 19:04:27 -0800 From: Jakub Kicinski <kuba@...nel.org> To: Dragos Tatulea <dtatulea@...dia.com> Cc: Steffen Klassert <steffen.klassert@...unet.com>, Herbert Xu <herbert@...dor.apana.org.au>, "David S. Miller" <davem@...emloft.net>, "David Ahern" <dsahern@...nel.org>, Eric Dumazet <edumazet@...gle.com>, Paolo Abeni <pabeni@...hat.com>, <leonro@...dia.com>, <gal@...dia.com>, "Anatoli N . Chechelnickiy" <Anatoli.Chechelnickiy@...nterpipe.biz>, Ian Kumlien <ian.kumlien@...il.com>, <netdev@...r.kernel.org>, <linux-kernel@...r.kernel.org>, Mina Almasry <almasrymina@...gle.com> Subject: Re: [RFC] net: esp: fix bad handling of pages from page_pool On Mon, 4 Mar 2024 11:48:52 +0200 Dragos Tatulea wrote: > When the skb is reorganized during esp_output (!esp->inline), the pages > coming from the original skb fragments are supposed to be released back > to the system through put_page. But if the skb fragment pages are > originating from a page_pool, calling put_page on them will trigger a > page_pool leak which will eventually result in a crash. So it just does: skb_shinfo(skb)->nr_frags = 1; and assumes that's equivalent to owning a page ref on all the frags? Fix looks more or less good, we would need a new wrapper to avoid build issues without PAGE_POOL, but I wonder if we wouldn't be better off changing the other side. Instead of "cutting off" the frags - walking them and dealing with various page types. Because Mina and co. will step onto this landmine as well.
Powered by blists - more mailing lists