lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Date:	Sun, 04 May 2008 14:28:08 +0200
From:	Johannes Berg <johannes@...solutions.net>
To:	Herbert Xu <herbert@...dor.apana.org.au>
Cc:	David Miller <davem@...emloft.net>, mb@...sch.de,
	netdev@...r.kernel.org, linux-wireless@...r.kernel.org
Subject: Re: mac80211 truesize bugs


> http://johannes.sipsolutions.net/patches/kernel/all/2008-05-04-11%3a23/027-skb-alloc-stackdump.patch

This was broken when cloning, this one works:

http://johannes.sipsolutions.net/patches/kernel/all/2008-05-04-12%3a19/027-skb-alloc-stackdump.patch

Now I see the problem. I increased the LL_MAX_HEADER constant, but all
code uses dev->hard_header_len to allocate the headroom (via
LL_RESERVED_SPACE), e.g. packet.c:

packet_sendmsg_spkt:
        skb = sock_wmalloc(sk, len + LL_RESERVED_SPACE(dev), 0, GFP_KERNEL);  
   
[...]
        /* FIXME: Save some space for broken drivers that write a
         * hard header at transmission time by themselves. PPP is the
         * notable one here. This should really be fixed at the driver level.
         */
        skb_reserve(skb, LL_RESERVED_SPACE(dev));

This one even complains about "broken drivers" (like PPP, but wireless
code behaves like this too). This is getting really really really
frustrating. All kinds of comments all over tell you how this all is
wrong but NEVER actually tell you how to do it correctly!

As far as I understand, I cannot change dev->hard_header_len because I
want/need an ethernet header and not more. But then I don't get enough
headroom.

Oddly enough, I even get a warning from tcp_connect() although that
actually does
        /* Reserve space for headers. */
        skb_reserve(buff, MAX_TCP_HEADER);

which should definitely be sufficient. Maybe the packet gets cloned
somewhere? On the other hand, IPv4 raw's raw_send_hdrinc reserves
LL_RESERVED_SPACE(rt->u.dst.dev) like af_packet....

johannes

Download attachment "signature.asc" of type "application/pgp-signature" (829 bytes)

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ