| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <20131029144100.GA28046@gondor.apana.org.au> Date: Tue, 29 Oct 2013 22:41:00 +0800 From: Herbert Xu <herbert@...dor.apana.org.au> To: Eric Dumazet <eric.dumazet@...il.com> Cc: Christoph Paasch <christoph.paasch@...ouvain.be>, netdev <netdev@...r.kernel.org> Subject: Re: Bug in skb_segment: fskb->len != len On Mon, Oct 28, 2013 at 06:15:08PM -0700, Eric Dumazet wrote: > On Mon, 2013-10-28 at 06:21 -0700, Eric Dumazet wrote: > > > But we also need to fix the skb_segment() bug anyway. > > Hi Christoph > > I cooked a minimal patch, could you please try it ? > > I'll refactor skb_segment() to be smarter for the next release > (linux-3.14). I think this patch is just papering over a deeper issue. We should either be building skbs in pages, or using frag_list. In the latter case each frag_list must be exactly mss bytes, except for the last one. So if we're crashing here it means that we got mixed up on the receive side, either because the driver was sending us bogus skbs or we're simply buggy. So we need to figure out why the receive-side (i.e., GRO) is building these bogus packets, and not papering over them on the transmit-side. Cheers, -- Email: Herbert Xu <herbert@...dor.apana.org.au> Home Page: http://gondor.apana.org.au/~herbert/ PGP Key: http://gondor.apana.org.au/~herbert/pubkey.txt -- To unsubscribe from this list: send the line "unsubscribe netdev" in the body of a message to majordomo@...r.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html
Powered by blists - more mailing lists