| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <20100924063623.GA6359@ff.dom.local> Date: Fri, 24 Sep 2010 06:36:23 +0000 From: Jarek Poplawski <jarkao2@...il.com> To: Changli Gao <xiaosuo@...il.com> Cc: "David S. Miller" <davem@...emloft.net>, Eric Dumazet <eric.dumazet@...il.com>, Oliver Hartkopp <socketcan@...tkopp.net>, "Michael S. Tsirkin" <mst@...hat.com>, netdev@...r.kernel.org Subject: Re: [PATCH v3] net: af_packet: don't call tpacket_destruct_skb() until the skb is sent out On 2010-09-23 12:15, Changli Gao wrote: > Since skb->destructor() is used to account socket memory, and maybe called > before the skb is sent out, a corrupt skb maybe sent out finally. > > A new destructor is added into structure skb_shared_info(), and it won't > be called until the last reference to the data of an skb is put. af_packet > uses this destructor instead. IMHO, we shouldn't allow for fixing the bad design of one protocol at the expense of others by adding more and more conditionals. The proper way of handling paged skbs (splice compatible) exists. And the current patch doesn't even fix the problem completely against things like pskb_expand_head or pskb_copy. af_packet could check some flag which guarantees the queued dev can do skb_orphan after the real xmit and copy buffers otherwise. Jarek P. -- To unsubscribe from this list: send the line "unsubscribe netdev" in the body of a message to majordomo@...r.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html
Powered by blists - more mailing lists