lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Message-ID: <1427370406.25985.129.camel@edumazet-glaptop2.roam.corp.google.com>
Date:	Thu, 26 Mar 2015 04:46:46 -0700
From:	Eric Dumazet <eric.dumazet@...il.com>
To:	Alexey Kodanev <alexey.kodanev@...cle.com>
Cc:	netdev@...r.kernel.org, vasily.isaenko@...cle.com
Subject: Re: [PATCH v2] net: tcp6: fix double call of tcp_v6_fill_cb()

On Thu, 2015-03-26 at 11:28 +0300, Alexey Kodanev wrote:
> Regression from the following commit: 2dc49d1680.
> 
> tcp_v6_fill_cb() will be called twice if socket's state changes from
> TCP_TIME_WAIT to TCP_LISTEN. That can result in control buffer data
> corruption because in the second tcp_v6_fill_cb() call it's not copying
> IP6CB(skb) anymore, but 'seq', 'end_seq', etc., so we can get weird and
> unpredictable results. Performance loss of up to 1200% has been observed
> in LTP/vxlan03 test.
> 
> This can be fixed by copying inet6_skb_parm to the beginning of 'cb'
> only if xfrm6_policy_check() and tcp_v6_fill_cb() are going to be
> called again.
> 
> Signed-off-by: Alexey Kodanev <alexey.kodanev@...cle.com>
> ---

Thanks Alexey !

Fixes: 2dc49d1680b53 ("tcp6: don't move IP6CB before xfrm6_policy_check()")
Acked-by: Eric Dumazet <edumazet@...gle.com>


--
To unsubscribe from this list: send the line "unsubscribe netdev" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ