| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <1281940276.3683.7.camel@jlt3.sipsolutions.net> Date: Mon, 16 Aug 2010 08:31:16 +0200 From: Johannes Berg <johannes@...solutions.net> To: Eric Dumazet <eric.dumazet@...il.com> Cc: David Miller <davem@...emloft.net>, netdev@...r.kernel.org Subject: Re: [PATCH net-next-2.6] netlink: netlink_recvmsg() fix On Mon, 2010-08-16 at 08:29 +0200, Eric Dumazet wrote: > Le lundi 16 août 2010 à 08:22 +0200, Johannes Berg a écrit : > > On Mon, 2010-08-16 at 08:10 +0200, Eric Dumazet wrote: > > > > > We'll find another way to address the problem. > > > > For my understanding: The problem is that the save/restore of the > > frag_list skb can race so a second reader will not see the frag_list skb > > because it gets there while it's NULL. This happens with MSG_PEEK, or > > with clones of the SKB since skb_shared_info is invariant across clones. > > > > Correct? > > > > Yes > > I believe we should have a mutual exclusion for the critical section. > > (setting pointer to NULL, ...., setting pointer back to its orig value) Yeah, that'd work, but I'm wondering now why I did this at all. The code already restricts the data copying to skb->len, which will not include the frag_list, so it should be OK to just leave it intact? I'll go and look at that in more detail and try it. johannes -- To unsubscribe from this list: send the line "unsubscribe netdev" in the body of a message to majordomo@...r.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html
Powered by blists - more mailing lists