| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-Id: <20100917.225824.193719467.davem@davemloft.net> Date: Fri, 17 Sep 2010 22:58:24 -0700 (PDT) From: David Miller <davem@...emloft.net> To: eric.dumazet@...il.com Cc: amit.salecha@...gic.com, netdev@...r.kernel.org, ameen.rahman@...gic.com, anirban.chakraborty@...gic.com Subject: Re: [PATCH] qlcnic: dont assume NET_IP_ALIGN is 2 From: Eric Dumazet <eric.dumazet@...il.com> Date: Fri, 17 Sep 2010 11:57:28 +0200 > [PATCH] qlcnic: dont assume NET_IP_ALIGN is 2 > > qlcnic driver allocates rx skbs and gives to hardware too bytes of extra > storage, allowing for corruption of kernel data. > > NET_IP_ALIGN being 0 on some platforms (including x86), drivers should > not assume it's 2. > > rds_ring->skb_size = rds_ring->dma_size + NET_IP_ALIGN; > ... > skb = dev_alloc_skb(rds_ring->skb_size); > skb_reserve(skb, 2); > pci_map_single(pdev, skb->data, rds_ring->dma_size, PCI_DMA_FROMDEVICE); > > (and rds_ring->skb_size == rds_ring->dma_size) -> bug > > > Because of extra alignment (1500 + 32) -> four extra bytes are available > before the struct skb_shared_info, so corruption is not noticed. > > Note: this driver could use netdev_alloc_skb_ip_align() > > Signed-off-by: Eric Dumazet <eric.dumazet@...il.com> Applied to net-2.6, thanks Eric. -- To unsubscribe from this list: send the line "unsubscribe netdev" in the body of a message to majordomo@...r.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html
Powered by blists - more mailing lists