lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Date:	Thu, 01 May 2008 11:48:19 +0200
From:	Johannes Berg <johannes@...solutions.net>
To:	David Miller <davem@...emloft.net>
Cc:	mb@...sch.de, netdev@...r.kernel.org,
	linux-wireless@...r.kernel.org
Subject: Re: mac80211 truesize bugs


> I looked at the mac80211 code, the problem is the skb_push() you
> guys do in this situation.

Thanks.

> Things like loopback, which also orphan then reinject, don't trigger
> this problem because the re-input path trims things, never adds.
> 
> The good news is that this is easy to fix.
> 
> Since you've orphaned the SKB, simply adjust skb->truesize as you
> do pushes.  Like this:
> 
> mac80211: Adjust truesize in ieee80211_tx_status() when reinjecting.
> 
> Signed-off-by: David S. Miller <davem@...emloft.net>
 
> +	/* This is safe because the buffer has been orphaned.  */
> +	skb->truesize += sizeof(*rthdr);

Hmm. The disconnect between truesize and skb->len+sizeof(*skb) was
usually 17 or 19 bytes and sizeof(*rthdr) is only 11. On the other hand,
I don't see where the other bytes should be coming from. I'll give this
a try, thanks.

johannes

Download attachment "signature.asc" of type "application/pgp-signature" (829 bytes)

Powered by blists - more mailing lists