| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Tue, 11 Mar 2014 16:27:14 -0400 (EDT) From: David Miller <davem@...emloft.net> To: mst@...hat.com Cc: linux-kernel@...r.kernel.org, jbenc@...hat.com, netdev@...r.kernel.org Subject: Re: [PATCH 0/5] skbuff: fix skb_segment with zero copy skbs From: "Michael S. Tsirkin" <mst@...hat.com> Date: Mon, 10 Mar 2014 18:29:01 +0200 > This fixes a bug in skb_segment where it moves frags > between skbs without orphaning them. > This causes userspace to assume it's safe to > reuse the buffer, and receiver gets corrupted data. > This further might leak information from the > transmitter on the wire. > > To fix track which skb does a copied frag belong > to, and orphan frags when copying them. > > As we are tracking multiple skbs here, using > short names (skb,nskb,fskb,skb_frag,frag) becomes confusing. > So before adding another one, I refactor these names > slightly. > > Patch is split out to make it easier to > verify that all trasformations are trivially correct. > > The problem was observed in the field, > so I think that the patch is necessary on stable > as well. Series applied and queued up for -stable, thanks for fixing this. -- To unsubscribe from this list: send the line "unsubscribe netdev" in the body of a message to majordomo@...r.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html
Powered by blists - more mailing lists