lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Message-ID: <20071015121829.15521102@inria.fr>
Date:	Mon, 15 Oct 2007 12:18:29 +0200
From:	Guillaume Chazarain <guichaz@...oo.fr>
To:	"Ilpo Järvinen" <ilpo.jarvinen@...sinki.fi>
Cc:	Netdev <netdev@...r.kernel.org>
Subject: Re: kernel BUG at net/core/dev.c:1383 skb_checksum_help:
 BUG_ON(offset > (int)skb->len)

Le Mon, 15 Oct 2007 13:15:05 +0300 (EEST),
"Ilpo Järvinen" <ilpo.jarvinen@...sinki.fi> a écrit :
 
> ...Never mind, noticed the fix later on.

Yes, but here is it anyway, in case you see something fishy.

(gdb) p *(struct tcp_sock *)skb->sk
$4 = {inet_conn = {icsk_inet = {sk = {__sk_common = {skc_family = 2, 
          skc_state = 1 '\001', skc_reuse = 1 '\001', skc_bound_dev_if = 0, 
          skc_node = {next = 0x0, pprev = 0xc6179450}, skc_bind_node = {
            next = 0xf5227550, pprev = 0xeebd3110}, skc_refcnt = {
            counter = 4}, skc_hash = 710603402, skc_prot = 0xc03f8720, 
          skc_net = 0xc048ad60}, sk_shutdown = 0 '\0', sk_no_check = 0 '\0', 
        sk_userlocks = 0 '\0', sk_protocol = 6 '\006', sk_type = 1, 
        sk_rcvbuf = 87380, sk_lock = {slock = {raw_lock = {<No data fields>}}, 
          owned = 0, wq = {lock = {raw_lock = {<No data fields>}}, 
            task_list = {next = 0xf5180474, prev = 0xf5180474}}}, 
        sk_backlog = {head = 0x0, tail = 0x0}, sk_sleep = 0xf5770918, 
        sk_dst_cache = 0xed3db300, sk_policy = {0x0, 0x0}, sk_dst_lock = {
          raw_lock = {<No data fields>}}, sk_rmem_alloc = {counter = 63680}, 
        sk_wmem_alloc = {counter = 488}, sk_omem_alloc = {counter = 0}, 
        sk_sndbuf = 76188, sk_receive_queue = {next = 0xf51804a4, 
          prev = 0xf51804a4, qlen = 0, lock = {
            raw_lock = {<No data fields>}}}, sk_write_queue = {
          next = 0xe218dc00, prev = 0xf0fdba80, qlen = 25, lock = {
            raw_lock = {<No data fields>}}}, sk_async_wait_queue = {
          next = 0x0, prev = 0x0, qlen = 0, lock = {
            raw_lock = {<No data fields>}}}, sk_wmem_queued = 33896, 
        sk_forward_alloc = 4824, sk_allocation = 208, sk_route_caps = 0, 
        sk_gso_type = 1, sk_rcvlowat = 1, sk_flags = 17152, sk_lingertime = 0, 
        sk_error_queue = {next = 0xf51804e8, prev = 0xf51804e8, qlen = 0, 
          lock = {raw_lock = {<No data fields>}}}, 
        sk_prot_creator = 0xc03f8720, sk_callback_lock = {
          raw_lock = {<No data fields>}}, sk_err = 0, sk_err_soft = 0, 
        sk_ack_backlog = 0, sk_max_ack_backlog = 50, sk_priority = 2, 
        sk_peercred = {pid = 0, uid = 4294967295, gid = 4294967295}, 
        sk_rcvtimeo = 2147483647, sk_sndtimeo = 2147483647, sk_filter = 0x0, 
        sk_protinfo = 0x0, sk_timer = {entry = {next = 0x0, 
            prev = 0xc04768e8}, expires = 2104092, 
          function = 0xc02fa3b8 <tcp_keepalive_timer>, data = 4111991872, 
          base = 0xc0476800}, sk_stamp = {tv64 = 3294967295}, 
        sk_socket = 0xf5770900, sk_user_data = 0x0, sk_sndmsg_page = 0x0, 
        sk_send_head = 0xcc26cc00, sk_sndmsg_off = 0, sk_write_pending = 0, 
        sk_security = 0x0, sk_state_change = 0xc02c2737 <sock_def_wakeup>, 
        sk_data_ready = 0xc02c2f8c <sock_def_readable>, 
        sk_write_space = 0xc02c6dc7 <sk_stream_write_space>, 
        sk_error_report = 0xc02c2f22 <sock_def_error_report>, 
        sk_backlog_rcv = 0xc02fbc3a <tcp_v4_do_rcv>, 
        sk_destruct = 0xc0308062 <inet_sock_destruct>}, pinet6 = 0x0, 
      daddr = 1743516497, rcv_saddr = 50374848, dport = 11768, num = 6881, 
      saddr = 50374848, uc_ttl = -1, cmsg_flags = 0, opt = 0x0, sport = 57626, 
      id = 19592, tos = 8 '\b', mc_ttl = 47 '/', pmtudisc = 1 '\001', 
      recverr = 0 '\0', is_icsk = 1 '\001', freebind = 0 '\0', 
      hdrincl = 0 '\0', mc_loop = 1 '\001', mc_index = 3, mc_addr = 0, 
      mc_list = 0x0, cork = {flags = 0, fragsize = 0, opt = 0x0, rt = 0x0, 
        length = 0, addr = 0, fl = {oif = 0, iif = 0, mark = 0, nl_u = {
            ip4_u = {daddr = 0, saddr = 0, tos = 0 '\0', scope = 0 '\0'}, 
            ip6_u = {daddr = {in6_u = {u6_addr8 = {0 '\0' <repeats 16 times>}, 
                  u6_addr16 = {0, 0, 0, 0, 0, 0, 0, 0}, u6_addr32 = {0, 0, 0, 
                    0}}}, saddr = {in6_u = {u6_addr8 = {
                    0 '\0' <repeats 16 times>}, u6_addr16 = {0, 0, 0, 0, 0, 0, 
                    0, 0}, u6_addr32 = {0, 0, 0, 0}}}, flowlabel = 0}, dn_u = {
              daddr = 0, saddr = 0, scope = 0 '\0'}}, proto = 0 '\0', 
          flags = 0 '\0', uli_u = {ports = {sport = 0, dport = 0}, icmpt = {
              type = 0 '\0', code = 0 '\0'}, dnports = {sport = 0, dport = 0}, 
            spi = 0, mht = {type = 0 '\0'}}, secid = 0}}}, 
    icsk_accept_queue = {rskq_accept_head = 0x0, rskq_accept_tail = 0x0, 
      syn_wait_lock = {raw_lock = {<No data fields>}}, 
      rskq_defer_accept = 0 '\0', listen_opt = 0x0}, 
    icsk_bind_hash = 0xc639e820, icsk_timeout = 4955116, 
    icsk_retransmit_timer = {entry = {next = 0xc04770e0, prev = 0xc03e3e50}, 
      expires = 4955116, function = 0xc02fa6fc <tcp_write_timer>, 
      data = 4111991872, base = 0xc0476800}, icsk_delack_timer = {entry = {
        next = 0x0, prev = 0x200200}, expires = 4944512, 
      function = 0xc02fa57a <tcp_delack_timer>, data = 4111991872, 
      base = 0xc0476800}, icsk_rto = 5009, icsk_pmtu_cookie = 1500, 
    icsk_ca_ops = 0xc03fa3e0, icsk_af_ops = 0xc03f86e0, 
    icsk_sync_mss = 0xc02f6efd <tcp_sync_mss>, icsk_ca_state = 3 '\003', 
    icsk_retransmits = 0 '\0', icsk_pending = 1 '\001', icsk_backoff = 0 '\0', 
    icsk_syn_retries = 0 '\0', icsk_probes_out = 0 '\0', icsk_ext_hdr_len = 0, 
    icsk_ack = {pending = 0 '\0', quick = 0 '\0', pingpong = 0 '\0', 
      blocked = 0 '\0', ato = 40, timeout = 4944512, lrcvtime = 4944507, 
      last_seg_size = 0, rcv_mss = 1402}, icsk_mtup = {enabled = 0, 
      search_high = 1454, search_low = 564, probe_size = 0}, icsk_ca_priv = {
      6, 13, 13, 12, 4946610, 8, 0, 992, 0, 17, 13, 31, 0, 0, 0, 0}}, 
  tcp_header_len = 32, xmit_size_goal = 1374, pred_flags = 0, 
  rcv_nxt = 3213349733, copied_seq = 3213349733, rcv_wup = 3213349733, 
  snd_nxt = 4014280275, snd_una = 4014269059, snd_sml = 4014278893, 
  rcv_tstamp = 4950107, lsndtime = 4950107, ucopy = {prequeue = {
      next = 0xf51806ec, prev = 0xf51806ec, qlen = 0, lock = {
        raw_lock = {<No data fields>}}}, task = 0x0, iov = 0x0, memory = 0, 
    len = 0}, snd_wl1 = 3213368850, snd_wnd = 64512, max_window = 65535, 
  mss_cache = 1402, window_clamp = 64087, rcv_ssthresh = 64087, 
  frto_highmark = 0, reordering = 3 '\003', frto_counter = 0 '\0', 
  nonagle = 0 '\0', keepalive_probes = 0 '\0', srtt = 15439, mdev = 3080, 
  mdev_max = 3080, rttvar = 3080, rtt_seq = 4014273285, packets_out = 16, 
  retrans_out = 0, rx_opt = {ts_recent_stamp = 1192377268, 
    ts_recent = 1289741881, rcv_tsval = 1289741893, rcv_tsecr = 4946974, 
    saw_tstamp = 1, tstamp_ok = 1, dsack = 0, wscale_ok = 1, sack_ok = 3, 
    snd_wscale = 0, rcv_wscale = 7, eff_sacks = 3 '\003', 
    num_sacks = 4 '\004', user_mss = 0, mss_clamp = 1414}, snd_ssthresh = 10, 
  snd_cwnd = 1, snd_cwnd_cnt = 1, snd_cwnd_clamp = 4294967295, 
  snd_cwnd_used = 0, snd_cwnd_stamp = 4950107, out_of_order_queue = {
    next = 0xf7d18480, prev = 0xf68436c0, qlen = 20, lock = {
      raw_lock = {<No data fields>}}}, rcv_wnd = 63232, 
  write_seq = 4014290666, pushed_seq = 4014290666, duplicate_sack = {{
      start_seq = 3213316897, end_seq = 3213317373}}, selective_acks = {{
      start_seq = 3213363849, end_seq = 3213368850}, {start_seq = 3213361222, 
      end_seq = 3213362459}, {start_seq = 3213357313, end_seq = 3213359832}, {
      start_seq = 3213351135, end_seq = 3213357073}}, recv_sack_cache = {{
      start_seq = 1945650415, end_seq = 1393444335}, {start_seq = 0, 
      end_seq = 0}, {start_seq = 0, end_seq = 0}, {start_seq = 0, 
      end_seq = 0}}, highest_sack = 4014278893, lost_skb_hint = 0xf56d8480, 
  scoreboard_skb_hint = 0x0, retransmit_skb_hint = 0xe218dc00, 
  forward_skb_hint = 0x0, fastpath_skb_hint = 0x0, fastpath_cnt_hint = 15, 
  lost_cnt_hint = 13, retransmit_cnt_hint = 0, lost_retrans_low = 0, 
  advmss = 1448, prior_ssthresh = 9, lost_out = 8, sacked_out = 8, 
  fackets_out = 16, high_seq = 4014280275, retrans_stamp = 4946974, 
  undo_marker = 4014267677, undo_retrans = 17, urg_seq = 0, urg_data = 0, 
  urg_mode = 0 '\0', ecn_flags = 0 '\0', snd_up = 0, total_retrans = 224, 
  bytes_acked = 0, keepalive_time = 0, keepalive_intvl = 0, linger2 = 0, 
  last_synq_overflow = 0, tso_deferred = 0, rcv_rtt_est = {rtt = 11331, 
    seq = 3213382083, time = 4920502}, rcvq_space = {space = 31540, 
    seq = 3213346721, time = 4943716}, mtu_probe = {probe_seq_start = 0, 
    probe_seq_end = 0}}

Thanks.

-- 
Guillaume
-
To unsubscribe from this list: send the line "unsubscribe netdev" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ