| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Thu, 15 May 2014 18:14:26 +0100 From: Zoltan Kiss <zoltan.kiss@...rix.com> To: Eric Dumazet <eric.dumazet@...il.com> CC: <netdev@...r.kernel.org>, "xen-devel@...ts.xenproject.org" <xen-devel@...ts.xenproject.org>, <kvm@...r.kernel.org>, David Miller <davem@...emloft.net> Subject: Re: Moving frags and SKBTX_DEV_ZEROCOPY skbs On 14/05/14 20:41, Zoltan Kiss wrote: > But here is the thing: deliver_skb calls orphan_frags for every packet > delivered to the local stack, so we are safe IF these functions are > called before the IP stack. So we are safe now, but things can go wrong, > if: > - such a frag-mangling function is called before deliver_skb, now or in > the future > - if someone wants to take advantage of zerocopy in the guest<->backend > path Running through the code I've found the following core functions can shuffle frags between skbs (and don't handle zerocopy skbs already): skb_gro_receive skb_shift skb_split None of them can meet at the moment with zerocopy skbs, but it's better to keep it in mind for the future, that would blow up these kind of skbs. Zoli -- To unsubscribe from this list: send the line "unsubscribe netdev" in the body of a message to majordomo@...r.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html
Powered by blists - more mailing lists