lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
Open Source and information security mailing list archives
| ||
|
Date: Wed, 21 Jul 2010 10:20:20 +0200 From: Eric Dumazet <eric.dumazet@...il.com> To: Johannes Berg <johannes@...solutions.net> Cc: David Miller <davem@...emloft.net>, netdev <netdev@...r.kernel.org> Subject: Re: [PATCH net-next-2.6] netlink: netlink_recvmsg() fix Le mercredi 21 juillet 2010 à 10:05 +0200, Johannes Berg a écrit : > On Tue, 2010-07-20 at 17:20 +0200, Eric Dumazet wrote: > > > [PATCH net-next-2.6 v2] netlink: netlink_recvmsg() fix > > > > commit 1dacc76d0014 > > (net/compat/wext: send different messages to compat tasks) > > introduced a race condition on netlink, in case MSG_PEEK is used. > > > > An skb given by skb_recv_datagram() might be shared, we must copy it > > before any modification, or risk fatal corruption. > > Makes sense to me, seeing that if you MSG_PEEK it just increases > skb->users. But nothing could touch the other skb at the same time? > Although I guess with netlink multicast we have a similar situation. Nothing can touch this skb at the same time but us and our friends (consumers that did a skb_recv_datagram( MSG_PEEK ) operation). Oh well, I see skb_unshare() tests skb_cloned(). This is not what we want. We probably wants something like : if (skb_shared(skb)) { nsbk = skb_copy(skb, GFP_KERNEL); ... } -- To unsubscribe from this list: send the line "unsubscribe netdev" in the body of a message to majordomo@...r.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html
Powered by blists - more mailing lists