lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [thread-next>] [day] [month] [year] [list]
Date:	Sat, 21 Jul 2007 04:48:29 +0100
From:	Al Viro <>
Subject: NET_DMA: where do we ever call dma_skb_copy_datagram_iovec() with NULL pinned_list?

	AFAICS, all callers of dma_skb_copy_datagram_iovec()
are either
	* recursive for fragments, pass pinned_list unchanged or
	* called from tcp, with pinned_list coming from
tp->ucopy.pinned_list and only when tp->ucopy.dma_chan is non-NULL.

Now, all non-NULL assignments to ->dma_chan have the same form:
	if (!tp->ucopy.dma_chan && tp->ucopy.pinned_list)
		tp->ucopy.dma_chan = get_softnet_dma();
IOW, if ->ucopy.pinned_list stays NULL, ->ucopy.dma_chan will do the same.

Moreover, any place that resets ->ucopy.pinned_list will also reset

IOW, we can't ever get non-NULL tp->ucopy.dma_chan while tp->ucopy.pinned_list
is NULL.  So how can we ever get to the dma_memcpy_to_kernel_iovec()?
To unsubscribe from this list: send the line "unsubscribe netdev" in
the body of a message to
More majordomo info at

Powered by blists - more mailing lists