lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
Open Source and information security mailing list archives
| ||
|
Date: Wed, 28 May 2008 16:59:45 +0600 From: "Dmitry Petukhov" <dmgenp@...il.com> To: "Wei Yongjun" <yjwei@...fujitsu.com> Cc: davem@...emloft.net, netdev@...r.kernel.org, acme@...stprotocols.net Subject: Re: [PATCH 2.6.26-rc4] fix double call of kfree_skb in net/llc/llc_sap.c 2008/5/27 Dmitry Petukhov <dmgenp@...il.com>: > 2008/5/27 Wei Yongjun <yjwei@...fujitsu.com>: > >> Normally, >> >> skb_get() (**return ) >> kfree_skb() >> >> will do nothing. If you return with no kfree_skb(), it will let that skb can >> not be free. >> >> skb_get() >> kfree_skb() >> kfree_skb() >> >> do the real free. > > Yeah, you're right. Looks like we mislocated the root of our problem > (llc socket hangs on receive). Will debug further . > Thanks for explanation. > Looks like we found the real root of our problem. file net/llc/llc_sap.c: skb_set_owner_r is called before llc_sap_rcv in two places (lines 363, 384) skb_set_owner_r do this: atomic_add(skb->truesize, &sk->sk_rmem_alloc); and in llc_sap_state_process, on line 223 sock_queue_rcv_skb is called, which also calls set_owner_r, which in turn adds skb->truesize to sk->sk_rmem_alloc once more. This double-addition results in sk_mem_alloc growth to exceed sk_rcvbuf. We can observe this in /proc/net/llc/socket, rx_queue field. after this value exceeds sk_rcvbuf, sock_queue_rcv_skb always return -ENOMEM, and socket stops receiving. //note: please CC me on reply, i'm not subscribed to the list. -- To unsubscribe from this list: send the line "unsubscribe netdev" in the body of a message to majordomo@...r.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html
Powered by blists - more mailing lists