lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Date:	Mon, 20 May 2013 11:58:43 -0700
From:	Eric Dumazet <eric.dumazet@...il.com>
To:	Matthew Rosato <mjrosato@...ux.vnet.ibm.com>
Cc:	davem@...emloft.net, netdev@...r.kernel.org
Subject: Re: [PATCH] net_sched: check skb_transport_header_was_set() in
 qdisc_pkt_len_init()

On Mon, 2013-05-20 at 14:47 -0400, Matthew Rosato wrote:
> commit 1def9238d4aa2 (net_sched: more precise pkt_len computation) does
> not check to see if skb_transport_header is valid prior to using it in
> qdisc_pkt_len_init(), which can lead to a kernel panic if
> skb_transport_header is not valid but gso_size is nonzero.  This patch
> adds a check for skb_transport_header_was_set().
> 
> I managed to hit this scenario by driving a burst of traffic from a
> qemu guest through a macvtap interface, causing a panic in the host kernel.
> 
> Signed-off-by: Matthew Rosato <mjrosato@...ux.vnet.ibm.com>
> ---
>  net/core/dev.c |    2 +-
>  1 file changed, 1 insertion(+), 1 deletion(-)
> 
> diff --git a/net/core/dev.c b/net/core/dev.c
> index fc1e289..5d0d3af 100644
> --- a/net/core/dev.c
> +++ b/net/core/dev.c
> @@ -2596,7 +2596,7 @@ static void qdisc_pkt_len_init(struct sk_buff *skb)
>  	/* To get more precise estimation of bytes sent on wire,
>  	 * we add to pkt_len the headers size of all segments
>  	 */
> -	if (shinfo->gso_size)  {
> +	if (shinfo->gso_size && skb_transport_header_was_set(skb))  {
>  		unsigned int hdr_len;
>  		u16 gso_segs = shinfo->gso_segs;
>  

Have you tried a recent kernel ?

I believe this was already discussed.

Please fix macvtap instead if its still buggy.


--
To unsubscribe from this list: send the line "unsubscribe netdev" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ