lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite for Android: free password hash cracker in your pocket
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Message-Id: <1209638713.4008.32.camel@johannes.berg>
Date:	Thu, 01 May 2008 12:45:13 +0200
From:	Johannes Berg <johannes@...solutions.net>
To:	David Miller <davem@...emloft.net>
Cc:	mb@...sch.de, netdev@...r.kernel.org,
	linux-wireless@...r.kernel.org
Subject: Re: mac80211 truesize bugs

On Thu, 2008-05-01 at 03:32 -0700, David Miller wrote:

> Right you are.
> 
> So, I wonder what's causing the problem...  Could you "remember" the
> length and truesize at the skb_orphan() point in mac80211, right
> after the skb_push(), then in the truesize warning, print those
> "remembered" values as well as the current ones.

I was just playing with af_packet and added some debugging there that
prints out the len of all packets it gets (for a certain ifidx)

That's confusing me even more now. I get

[ 7650.792004] packet_recv eda9e8c0 (len=137)
[ 7650.792015] snaplen(eda9e8c0)=137
[ 7650.792027] free eda9e8c0, len = 137
[ 7650.792031] new skb: eda9e540
[ 7650.792039] packet_recv eda9e8c0 (len=137)
[ 7650.792044] snaplen(eda9e8c0)=137
[ 7650.792048] new skb: eda9e8c0
[ 7650.819464] packet_recv d1f4e9a0 (len=124)
[ 7650.819478] snaplen(d1f4e9a0)=124
[ 7650.819489] free d1f4e9a0, len = 124
[ 7650.819493] new skb: d1f4e8c0
[ 7650.819502] packet_recv d1f4e9a0 (len=124)
[ 7650.819507] snaplen(d1f4e9a0)=124
[ 7650.819511] new skb: d1f4e9a0
[ 7651.215631] packet_recv e9ecc2a0 (len=376)
[ 7651.215645] snaplen(e9ecc2a0)=376
[ 7651.215657] free e9ecc2a0, len = 376
[ 7651.215662] new skb: ede04b60
[ 7651.215671] packet_recv e9ecc2a0 (len=376)
[ 7651.215675] snaplen(e9ecc2a0)=376
[ 7651.215680] new skb: e9ecc2a0

[ 7651.760751] SKB BUG: Invalid truesize (528) len=357, sizeof(sk_buff)=176


528-176 is 352 which doesn't occur in that list... Maybe I should print
it in mac80211.


johannes

Download attachment "signature.asc" of type "application/pgp-signature" (829 bytes)

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ