lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Message-ID: <9AAE0902D5BC7E449B7C8E4E778ABCD029C5F4@AMSPEX01CL01.citrite.net>
Date:	Thu, 27 Mar 2014 12:30:18 +0000
From:	Paul Durrant <Paul.Durrant@...rix.com>
To:	Ian Campbell <Ian.Campbell@...rix.com>
CC:	"xen-devel@...ts.xen.org" <xen-devel@...ts.xen.org>,
	"netdev@...r.kernel.org" <netdev@...r.kernel.org>,
	Wei Liu <wei.liu2@...rix.com>,
	Sander Eikelenboom <linux@...elenboom.it>
Subject: RE: [PATCH net 3/3] xen-netback: BUG_ON in xenvif_rx_action() not
 catching overflow

> -----Original Message-----
> From: Ian Campbell
> Sent: 27 March 2014 12:28
> To: Paul Durrant
> Cc: xen-devel@...ts.xen.org; netdev@...r.kernel.org; Wei Liu; Sander
> Eikelenboom
> Subject: Re: [PATCH net 3/3] xen-netback: BUG_ON in xenvif_rx_action()
> not catching overflow
> 
> On Thu, 2014-03-27 at 12:23 +0000, Paul Durrant wrote:
> > The BUG_ON to catch ring overflow in xenvif_rx_action() makes the
> assumption
> > that meta_slots_used == ring slots used. This is not the case for GSO
> > packets.
> 
> Can you explain why not here please.
>

Sure. I'll add an explanation.

  Paul
 
> >  This patch changes the test to actually check ring slots.
> >
> > Signed-off-by: Paul Durrant <paul.durrant@...rix.com>
> > Cc: Ian Campbell <ian.campbell@...rix.com>
> > Cc: Wei Liu <wei.liu2@...rix.com>
> > Cc: Sander Eikelenboom <linux@...elenboom.it>
> > ---
> >  drivers/net/xen-netback/netback.c |    8 +++++++-
> >  1 file changed, 7 insertions(+), 1 deletion(-)
> >
> > diff --git a/drivers/net/xen-netback/netback.c b/drivers/net/xen-
> netback/netback.c
> > index ac35489..ae7351f 100644
> > --- a/drivers/net/xen-netback/netback.c
> > +++ b/drivers/net/xen-netback/netback.c
> > @@ -481,6 +481,8 @@ static void xenvif_rx_action(struct xenvif *vif)
> >
> >  	while ((skb = skb_dequeue(&vif->rx_queue)) != NULL) {
> >  		RING_IDX max_slots_needed;
> > +		RING_IDX old_req_cons;
> > +		RING_IDX ring_slots_used;
> >  		int i;
> >
> >  		/* We need a cheap worse case estimate for the number of
> > @@ -520,8 +522,12 @@ static void xenvif_rx_action(struct xenvif *vif)
> >  			vif->rx_last_skb_slots = 0;
> >
> >  		sco = (struct skb_cb_overlay *)skb->cb;
> > +
> > +		old_req_cons = vif->rx.req_cons;
> >  		sco->meta_slots_used = xenvif_gop_skb(skb, &npo);
> > -		BUG_ON(sco->meta_slots_used > max_slots_needed);
> > +		ring_slots_used = vif->rx.req_cons - old_req_cons;
> > +
> > +		BUG_ON(ring_slots_used > max_slots_needed);
> >
> >  		__skb_queue_tail(&rxq, skb);
> >  	}
>

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ