lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [day] [month] [year] [list] 
Message-ID: <1268482142.2947.38.camel@edumazet-laptop>
Date:	Sat, 13 Mar 2010 13:09:02 +0100
From:	Eric Dumazet <eric.dumazet@...il.com>
To:	William Allen Simpson <william.allen.simpson@...il.com>
Cc:	Linux Kernel Network Developers <netdev@...r.kernel.org>,
	Dan Carpenter <error27@...il.com>,
	David Miller <davem@...emloft.net>,
	Simon Horman <horms@...ge.net.au>
Subject: Re: Code paths setting gso_size

Le samedi 13 mars 2010 à 06:22 -0500, William Allen Simpson a écrit :
> This is a new thread dedicated to a specific topic, spawned by an
> earlier discussion.  I've CC'd only those that participated recently.
> 
> I've written:
> # In this particular instance, I suggest that you take a look at all the
> # places that gso_size is set, and cross index with all the code paths that
> # place these TCP headers onto the txq without a check of doff -- as I did!
> #
> # I'll specifically mention the tun and virtio_net devices, but I'm also
> # particularly concerned with af_packet.c and skbuff.c -- and the general
> # problem with inet_lro.c, too.
> #
> # Amazingly enough, folks sometimes use Linux for routers....
> #
> 
> Eric (and David) have written:
> # Only *locally* generated trafic by linux kernel can enter this path.
> #
> 
> So, let us begin with the tun device, and work our way through the others.
> 

Thats a really good idea William, I'll start another thread to study all
the paths setting skb->len to a possible wrong value. But I'll do this
in my own time, and if I find something, I'll post a patch.

Sure we'll find some bugs by this studies, since in average we find 100
bugs per month, and introduce 90 new ones, thanks God for this.



--
To unsubscribe from this list: send the line "unsubscribe netdev" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ