lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Message-Id: <1231087288.3296.15.camel@johannes>
Date:	Sun, 04 Jan 2009 17:41:28 +0100
From:	Johannes Berg <johannes@...solutions.net>
To:	Andi Kleen <andi@...stfloor.org>
Cc:	linux-wireless@...r.kernel.org, netdev@...r.kernel.org,
	linville@...driver.com, davem <davem@...emloft.net>
Subject: Re: [PATCH] Fix up truesize after pskb_expand_head() in wireless
	stack

On Sun, 2009-01-04 at 17:28 +0100, Andi Kleen wrote:
> > Thanks, but I'll need to look at this in more detail, we need to make
> > sure that we orphan the skb before 
> 
> What do you mean with orphaning the skb? 

Well, touching truesize is absolutely not allowed while the skb is
charged to a socket. This is what causes the truesize warning. The thing
we need to do is figure out is why the skb has a wrong truesize.

> etc. And then, we need to check
> > whether it makes sense to do this in pskb_expand_head().
> 
> Well whatever you do this short term patch is needed, there's no 
> reason to delay it.

Given that we've had this problem for a very long time now I think
there's no reason to rush a workaround now. I realise that we already
have a workaround like this in the tx path which we added because I
thought the tx path was the problem, but it still doesn't make much
sense to work around it at all spots until we know why it is required.

I think this patch similarly just papers over the problem with
pskb_expand_head(). I haven't looked through all the code yet, but if
anything then I think pskb_expand_head() should fix up truesize
afterwards, and we should audit all other callers too. Similar problems
exist in net/core/pktgen.c, drivers/net/wireless/libertas/rx.c,
net/ipv4/netfilter.c and many more, though those seem to not run into
trouble. Only a few users adjust truesize.

Any proper fix should also verify that the skb isn't charged to a socket
while it's being reallocated.

johannes

Download attachment "signature.asc" of type "application/pgp-signature" (837 bytes)

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ