lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Message-ID: <1442344243.131189.26.camel@infradead.org>
Date:	Tue, 15 Sep 2015 20:10:43 +0100
From:	David Woodhouse <dwmw2@...radead.org>
To:	simon@...e.lp0.eu
Cc:	netdev@...r.kernel.org, linux-atm-general@...ts.sourceforge.net
Subject: Re: [PATCH RFC] solos-pci: Fix BUG() with shared skb

On Wed, 2013-09-04 at 21:41 +0100, David Woodhouse wrote:
> On Wed, 2013-09-04 at 14:30 -0400, David Miller wrote:
> > skb_realloc_headroom() should do everything you need.
> 
> Great, thanks! Something like this then... ? 
>
> diff --git a/drivers/atm/solos-pci.c b/drivers/atm/solos-pci.c
> index 32784d1..4492c0f 100644
> --- a/drivers/atm/solos-pci.c
> +++ b/drivers/atm/solos-pci.c
> @@ -1145,19 +1145,19 @@ static int psend(struct atm_vcc *vcc, struct sk_buff *skb)
>  > 	> 	> return 0;
>  > 	> }
>  
> -> 	> if (!skb_clone_writable(skb, sizeof(*header))) {
> -> 	> 	> int expand_by = 0;
> -> 	> 	> int ret;
> -
> -> 	> 	> if (skb_headroom(skb) < sizeof(*header))
> -> 	> 	> 	> expand_by = sizeof(*header) - skb_headroom(skb);
> -
> -> 	> 	> ret = pskb_expand_head(skb, expand_by, 0, GFP_ATOMIC);
> -> 	> 	> if (ret) {
> -> 	> 	> 	> dev_warn(&card->dev->dev, "pskb_expand_head failed.\n");
> -> 	> 	> 	> solos_pop(vcc, skb);
> -> 	> 	> 	> return ret;
> -> 	> 	> }
> +> 	> if (skb_headroom(skb) < sizeof(*header)) {
> +> 	> 	> struct sk_buff *nskb;
> +
> +> 	> 	> nskb = skb_realloc_headroom(skb, sizeof(*header));
> +> 	> 	> if (!nskb) {
> +> 	> 	> 	> solos_pop(vcc, skb);
> +> 	> 	> 	> return -ENOMEM;
> +> 	> 	> }
> +> 	> 	> if (skb->truesize != nskb->truesize)
> +> 	> 	> 	> atm_force_charge(vcc, nskb->truesize - skb->truesize);
> + 
> +> 	> 	> dev_kfree_skb_any(skb);
> +> 	> 	> skb = nskb;
>  > 	> }
>  
>  > 	> header = (void *)skb_push(skb, sizeof(*header));

Simon, did you ever test this?
Can you still (tell me how to) reproduce the original problem? I think
that sending on br2684 was necessary but not sufficient...?

-- 
David Woodhouse                            Open Source Technology Centre
David.Woodhouse@...el.com                              Intel Corporation


Download attachment "smime.p7s" of type "application/x-pkcs7-signature" (5691 bytes)

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ