| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <20071204033414.GA13616@lixom.net> Date: Mon, 3 Dec 2007 21:34:14 -0600 From: Olof Johansson <olof@...om.net> To: jgarzik@...ox.com Cc: netdev@...r.kernel.org, linuxppc-dev@...abs.org, dwmw2@...radead.org, ranger@...too.org Subject: [PATCH 2.6.24] pasemi_mac: Fix reuse of free'd skb Turns out we're freeing the skb when we detect CRC error, but we're not clearing out info->skb. We could either clear it and have the stack reallocate it, or just leave it and the rx ring refill code will reuse the one that was allocated. Reusing a freed skb obviously caused some nasty crashes of various kind, as reported by Brent Baude and David Woodhouse. Signed-off-by: Olof Johansson <olof@...om.net> --- Jeff, I'd like to see this in 2.6.24, it's causing some real problems out there. It's not needed in the 2.6.25 queue since the other changes there have already covered these cases. My test network at home is quiet enough to not cause CRC errors, we mainly get those during interface bringup before speed is configured. diff --git a/drivers/net/pasemi_mac.c b/drivers/net/pasemi_mac.c index 09b4fde..6617e24 100644 --- a/drivers/net/pasemi_mac.c +++ b/drivers/net/pasemi_mac.c @@ -586,7 +586,7 @@ static int pasemi_mac_clean_rx(struct pasemi_mac *mac, int limit) /* CRC error flagged */ mac->netdev->stats.rx_errors++; mac->netdev->stats.rx_crc_errors++; - dev_kfree_skb_irq(skb); + /* No need to free skb, it'll be reused */ goto next; } -- To unsubscribe from this list: send the line "unsubscribe netdev" in the body of a message to majordomo@...r.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html
Powered by blists - more mailing lists