lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  PHC 
Open Source and information security mailing list archives
 
Hash Suite for Android: free password hash cracker in your pocket
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Date:	Thu, 17 May 2007 23:55:30 +1000
From:	Herbert Xu <herbert@...dor.apana.org.au>
To:	Hirokazu Takahashi <taka@...inux.co.jp>
Cc:	shemminger@...ux-foundation.org, netdev@...r.kernel.org,
	kaber@...sh.net, davem@...emloft.net, linux-net@...r.kernel.org
Subject: Re: [PATCH 2/2] tbf scheduler: TSO support (update 2)

On Tue, May 15, 2007 at 08:41:48PM +0900, Hirokazu Takahashi wrote:
>  
> @@ -924,7 +926,9 @@ cbq_dequeue_prio(struct Qdisc *sch, int 
>  				cl->xstats.borrows += skb->len;
>  #endif
>  			}
> -			q->tx_len = skb->len;
> +			q->tx_segs = skb_shinfo(skb)->gso_segs ? :
> +			  skb_shinfo(skb)->gso_size ? skb->len/skb_shinfo(skb)->gso_size + 1 : 1;
> +			q->tx_len = (skb->len - 1)/q->tx_segs + 1;

This isn't safe for Xen (and potentially other virtualisation
environments) since qdisc code runs before dev_hard_start_xmit
which is where we verify the sanity of gso_segs.  So you could
be using some arbitrary value from an untrusted source.

If you really want to use it, you should test for SKB_GSO_DODGY
on the packet which will be set if gso_segs can't be trusted.

Cheers,
-- 
Visit Openswan at http://www.openswan.org/
Email: Herbert Xu ~{PmV>HI~} <herbert@...dor.apana.org.au>
Home Page: http://gondor.apana.org.au/~herbert/
PGP Key: http://gondor.apana.org.au/~herbert/pubkey.txt
-
To unsubscribe from this list: send the line "unsubscribe netdev" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html

Powered by blists - more mailing lists