lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
Open Source and information security mailing list archives
| ||
|
Date: Wed, 14 May 2008 12:15:02 +0100 From: James Chapman <jchapman@...alix.com> To: David Miller <davem@...emloft.net> CC: netdev@...r.kernel.org Subject: Re: L2TP: skb truesize bug in recent kernels David Miller wrote: > From: James Chapman <jchapman@...alix.com> > Date: Wed, 14 May 2008 11:07:16 +0100 > >> The pppol2tp driver uses skb_cow_head() to make headroom for IP, UDP, >> L2TP and PPP headers. As GRE is being used, it is more likely that there >> will be insufficient headroom. Does the pppol2tp driver need to adjust >> truesize if pskb_expand_head() is called? >> >> I tried the following hack which stopped the skb truesize bug but caused >> a kernel assert when the socket was closed: >> >> KERN: assertion (!atomic_read(&sk->sk_wmem_alloc)) failed at >> net/ipv4/af_inet.c (155) > > You can't adjust the truesize when there is a socket associated > with the SKB. > > We just had a weeklong thread on this list about these issues > wrt. the wireless stack :-) Yeah, I saw that thread but thought it was a different problem. :) > skb->truesize records how much memory was charged to the assosicated > socket, so when the socket is freed, the destructor goes > > atomic_dec(&sk->sk_{r,w}mem_alloc, skb->truesize); > > so if you increase truesize, the counter will be decremented > more than it was initially incremented. > > You cannot change the size of the packet substantially when there is a > socket associated with it, because this makes the truesize inaccurate, > and thus provides a vector for a user's socket to use up more memory > than we were originally going to let it use based upon it's send and > receive buffer limits. I see. Thanks for the explanation. Presumably kernels 2.6.24.4 and earlier aren't checking truesize for UDP sockets. I'll change pppol2tp to allow some slack in its sock_wmalloc() call. -- James Chapman Katalix Systems Ltd http://www.katalix.com Catalysts for your Embedded Linux software development -- To unsubscribe from this list: send the line "unsubscribe netdev" in the body of a message to majordomo@...r.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html
Powered by blists - more mailing lists