lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening PHC | |
Open Source and information security mailing list archives
| ||
|
Date: Thu, 17 May 2007 23:55:30 +1000 From: Herbert Xu <herbert@...dor.apana.org.au> To: Hirokazu Takahashi <taka@...inux.co.jp> Cc: shemminger@...ux-foundation.org, netdev@...r.kernel.org, kaber@...sh.net, davem@...emloft.net, linux-net@...r.kernel.org Subject: Re: [PATCH 2/2] tbf scheduler: TSO support (update 2) On Tue, May 15, 2007 at 08:41:48PM +0900, Hirokazu Takahashi wrote: > > @@ -924,7 +926,9 @@ cbq_dequeue_prio(struct Qdisc *sch, int > cl->xstats.borrows += skb->len; > #endif > } > - q->tx_len = skb->len; > + q->tx_segs = skb_shinfo(skb)->gso_segs ? : > + skb_shinfo(skb)->gso_size ? skb->len/skb_shinfo(skb)->gso_size + 1 : 1; > + q->tx_len = (skb->len - 1)/q->tx_segs + 1; This isn't safe for Xen (and potentially other virtualisation environments) since qdisc code runs before dev_hard_start_xmit which is where we verify the sanity of gso_segs. So you could be using some arbitrary value from an untrusted source. If you really want to use it, you should test for SKB_GSO_DODGY on the packet which will be set if gso_segs can't be trusted. Cheers, -- Visit Openswan at http://www.openswan.org/ Email: Herbert Xu ~{PmV>HI~} <herbert@...dor.apana.org.au> Home Page: http://gondor.apana.org.au/~herbert/ PGP Key: http://gondor.apana.org.au/~herbert/pubkey.txt - To unsubscribe from this list: send the line "unsubscribe netdev" in the body of a message to majordomo@...r.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html
Powered by blists - more mailing lists