lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [day] [month] [year] [list] 
Message-Id: <20150329.133707.1244143029987516480.davem@davemloft.net>
Date:	Sun, 29 Mar 2015 13:37:07 -0700 (PDT)
From:	David Miller <davem@...emloft.net>
To:	alexey.kodanev@...cle.com
Cc:	netdev@...r.kernel.org, vasily.isaenko@...cle.com
Subject: Re: [PATCH v3] net: tcp6: fix double call of tcp_v6_fill_cb()

From: Alexey Kodanev <alexey.kodanev@...cle.com>
Date: Fri, 27 Mar 2015 12:24:22 +0300

> tcp_v6_fill_cb() will be called twice if socket's state changes from
> TCP_TIME_WAIT to TCP_LISTEN. That can result in control buffer data
> corruption because in the second tcp_v6_fill_cb() call it's not copying
> IP6CB(skb) anymore, but 'seq', 'end_seq', etc., so we can get weird and
> unpredictable results. Performance loss of up to 1200% has been observed
> in LTP/vxlan03 test.
> 
> This can be fixed by copying inet6_skb_parm to the beginning of 'cb'
> only if xfrm6_policy_check() and tcp_v6_fill_cb() are going to be
> called again.
> 
> Fixes: 2dc49d1680b53 ("tcp6: don't move IP6CB before xfrm6_policy_check()")
> 
> Signed-off-by: Alexey Kodanev <alexey.kodanev@...cle.com>
> Acked-by: Eric Dumazet <edumazet@...gle.com>

Applied and queued up for -stable.
--
To unsubscribe from this list: send the line "unsubscribe netdev" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ