lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <AE90C24D6B3A694183C094C60CF0A2F6026B743A@saturn3.aculab.com>
Date:	Wed, 20 Nov 2013 15:54:27 -0000
From:	"David Laight" <David.Laight@...LAB.COM>
To:	"Eric Dumazet" <eric.dumazet@...il.com>
Cc:	"Alan Stern" <stern@...land.harvard.edu>,
	"Sarah Sharp" <sarah.a.sharp@...ux.intel.com>,
	"Ben Hutchings" <bhutchings@...arflare.com>,
	<netdev@...r.kernel.org>, <linux-usb@...r.kernel.org>
Subject: RE: [PATCH] usb: xhci: Link TRB must not occur with a USB payload burst.

> From: Eric Dumazet [mailto:eric.dumazet@...il.com]
> On Wed, 2013-11-20 at 09:36 +0000, David Laight wrote:
> 
> > Ben said the largest number of fragments from the current network
> > stack will be 17, and that none of them will cross 32k boundaries.
> > So the network stack won't send down long SG lists.
> 
> Please note that skb->head itself _might_ cross a 32K or 64K boundary :
> 
> skb->head is kmalloc() provided, and SLUB can be tweaked
> (slub_max_order) to use very high order pages.

Worth remembering...

I suspect the number of fragments (inc 64k boundaries) is still limited
because maximum data length is under 64k (for TSO) and the SLUB memory
has to be physically contiguous (it is still limited even if not).

At the moment the usb bulk tx code calculated the exact number of
fragments needed. To do this it has to scan the sg list twice.
It would seem more sensible to generate a quick upper bound
(ie nfrags*2 + len/65536) and maybe calculate the exact number
if this would exceed the maximum number.
OTOH the max allowed could be documented that way.

In any case this is all aside from the bug itself.

	David

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ