lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening PHC | |
Open Source and information security mailing list archives
| ||
|
Date: Mon, 26 Nov 2007 15:50:22 +0900 (JST) From: Yasuyuki KOZAKAI <yasuyuki.kozakai@...hiba.co.jp> To: herbert@...dor.apana.org.au Cc: kaber@...sh.net, davem@...emloft.net, hadi@...erus.ca, netdev@...r.kernel.org, kuznet@....inr.ac.ru Subject: Re: [PATCH 2/10] [SKBUFF]: Add skb_morph Hello, From: Herbert Xu <herbert@...dor.apana.org.au> Date: Sun, 14 Oct 2007 12:27:40 +0800 > [SKBUFF]: Add skb_morph > > This patch creates a new function skb_morph that's just like skb_clone > except that it lets user provide the spare skb that will be overwritten > by the one that's to be cloned. > > This will be used by IP fragment reassembly so that we get back the same > skb that went in last (rather than the head skb that we get now which > requires us to carry around double pointers all over the place). > > Signed-off-by: Herbert Xu <herbert@...dor.apana.org.au> > +struct sk_buff *skb_morph(struct sk_buff *dst, struct sk_buff *src) > +{ > + skb_release_data(dst); > + return __skb_clone(dst, src); > +} > +EXPORT_SYMBOL_GPL(skb_morph); The refcount of nfct is leaked by this function. As a result, nf_conntrack_ipv6.ko cannot be unloaded after doing "ping6 -s 2000 ..." . dst->dst and dst->secpath are also needed to be released, I think. Please consider to apply this patch. Regards, -- Yasuyuki Kozakai >From a876e48dfed87dd564a352509c74e572b09bed7d Mon Sep 17 00:00:00 2001 From: Yasuyuki Kozakai <yasuyuki.kozakai@...hiba.co.jp> Date: Sun, 25 Nov 2007 01:02:29 +0900 Subject: [SKBUFF]: Fixes refcount leaks by skb_morph skb_morph can take a dirty skb as destination skb, so it should release dst, nfct, and secpath before overriding them by members in source skb. Signed-off-by: Yasuyuki Kozakai <yasuyuki.kozakai@...hiba.co.jp> --- net/core/skbuff.c | 5 +++++ 1 files changed, 5 insertions(+), 0 deletions(-) diff --git a/net/core/skbuff.c b/net/core/skbuff.c index 32d5826..72f720b 100644 --- a/net/core/skbuff.c +++ b/net/core/skbuff.c @@ -442,6 +442,11 @@ static struct sk_buff *__skb_clone(struct sk_buff *n, struct sk_buff *skb) struct sk_buff *skb_morph(struct sk_buff *dst, struct sk_buff *src) { skb_release_data(dst); + dst_release(dst->dst); +#ifdef CONFIG_INET + secpath_put(dst->sp); +#endif + nf_reset(dst); return __skb_clone(dst, src); } EXPORT_SYMBOL_GPL(skb_morph); -- 1.5.2.2 - To unsubscribe from this list: send the line "unsubscribe netdev" in the body of a message to majordomo@...r.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html
Powered by blists - more mailing lists