lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Message-ID: <1440641561.8932.36.camel@edumazet-glaptop2.roam.corp.google.com>
Date:	Wed, 26 Aug 2015 19:12:41 -0700
From:	Eric Dumazet <eric.dumazet@...il.com>
To:	chenweilong@...wei.com
Cc:	davem@...emloft.net, edumazet@...gle.com,
	alexander.h.duyck@...hat.com, willemb@...gle.com,
	hannes@...essinduktion.org, netdev@...r.kernel.org
Subject: Re: [PATCH net-next] net: Check frag_lists first to prevent data
 out of order

On Thu, 2015-08-27 at 08:56 +0800, chenweilong@...wei.com wrote:
> From: Weilong Chen <chenweilong@...wei.com>
> 
> When try to merge several skbs to prior one, if the frag_list is
> used and the the last one is a small packet, once the condition
> "len <= skb_tailroom(to)" is satisfied, we will get a wrong
> packet!
> This patch just check frag_lists before the condtion to prevent
> this from happening.
> 
> Signed-off-by: Weilong Chen <chenweilong@...wei.com>
> ---
>  net/core/skbuff.c | 6 +++---
>  1 file changed, 3 insertions(+), 3 deletions(-)
> 
> diff --git a/net/core/skbuff.c b/net/core/skbuff.c
> index 8a725cc..d08edcb 100644
> --- a/net/core/skbuff.c
> +++ b/net/core/skbuff.c
> @@ -4133,6 +4133,9 @@ bool skb_try_coalesce(struct sk_buff *to, struct sk_buff *from,
>  	if (skb_cloned(to))
>  		return false;
>  
> +	if (skb_has_frag_list(to) || skb_has_frag_list(from))
> +		return false;
> +
>  	if (len <= skb_tailroom(to)) {
>  		if (len)
>  			BUG_ON(skb_copy_bits(from, 0, skb_put(to, len), len));
> @@ -4140,9 +4143,6 @@ bool skb_try_coalesce(struct sk_buff *to, struct sk_buff *from,
>  		return true;
>  	}
>  
> -	if (skb_has_frag_list(to) || skb_has_frag_list(from))
> -		return false;
> -
>  	if (skb_headlen(from) != 0) {
>  		struct page *page;
>  		unsigned int offset;

Sigh.

No idea what problem you tried to solve.

This patch is not needed.

If (len <= skb_tailroom()), then it is obviously correct to copy_bits()
the bytes.

Hints :

- If @to has a fraglist, then skb_tailroom(to) is 0 so the copy can not
be done.

- If @from has a fraglist, it is not relevant as we copy it into @to and
will free @from.



--
To unsubscribe from this list: send the line "unsubscribe netdev" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ