| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <f3c7672edb978d520f12d72cb41d1e4d.squirrel@www.codeaurora.org> Date: Fri, 27 Mar 2015 19:57:34 -0000 From: subashab@...eaurora.org To: netdev@...r.kernel.org Cc: eric.dumazet@...il.com Subject: [RFC] Handling device free after a packet is passed to the network stack We have been coming across a couple of scenarios where the device is freed and the corresponding packets which were already queued up the stack encounter crashes when they find that contents of skb->dev are no longer valid. Specifically, we have observed an instance where a cpu hotplug occurs along with the network driver module unloading. When the packets are being queued up the stack using netif_rx_ni from dev_cpu_callback, get_rps_cpus crashes as it encounters invalid data at skb->dev since it would have been freed. We would like to know if the kernel provides some mechanisms to safeguard against such scenarios. -- Employee of Qualcomm Innovation Center, Inc. Qualcomm Innovation Center, Inc. is a member of Code Aurora Forum, a Linux Foundation Collaborative Project -- To unsubscribe from this list: send the line "unsubscribe netdev" in the body of a message to majordomo@...r.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html
Powered by blists - more mailing lists