lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Message-Id: <20080512.221513.178144312.davem@davemloft.net>
Date:	Mon, 12 May 2008 22:15:13 -0700 (PDT)
From:	David Miller <davem@...emloft.net>
To:	johannes@...solutions.net
Cc:	netdev@...r.kernel.org, herbert@...dor.apana.org.au
Subject: Re: [RFC/T] [NET] make pskb_expand_head warn when called with
 invalid state

From: Johannes Berg <johannes@...solutions.net>
Date: Mon, 05 May 2008 18:01:14 +0200

> On Mon, 2008-05-05 at 17:41 +0200, Johannes Berg wrote:
> > [23194.608077] [ccf9bba0] [c02735a0] pskb_expand_head+0x58/0x1f8 (unreliable)
> > [23194.608082] [ccf9bbc0] [c02737a4] __pskb_pull_tail+0x64/0x374
> 
> It's actually not really a false positive. What is happening is that
> __pskb_pull_tail does (follow 'eat'):
 ...
> which of course changes the true size of the skb without accounting it
> to the socket. Now, the reason this hasn't been known before is that the
> data size doesn't change because the stuff that is copied into the
> header is removed from the data_len... or something like that, I think.

FWIW, the only practical case where this can occur is for an SG+CSUM
device which cannot handle DMA'ing highmem pages, and we get such a
page via sendfile() or similar.

All other cases are extremely rare, such as the route changing
mid-connection from a device that can, to a device which cannot do
SG+CSUM.

I think we need to do some more fixups and auditing before we can
enable this pskb_expand_head() assertion, and the same goes for
your more-accurate skb_truesize_check().
--
To unsubscribe from this list: send the line "unsubscribe netdev" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ