lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Date:   Wed, 21 Mar 2018 08:03:44 -0700
From:   Eric Dumazet <erdnetdev@...il.com>
To:     Yonghong Song <yhs@...com>, edumazet@...gle.com, ast@...com,
        daniel@...earbox.net, diptanu@...com, netdev@...r.kernel.org
Cc:     kernel-team@...com
Subject: Re: [PATCH net-next v4 2/2] net: bpf: add a test for skb_segment in
 test_bpf module



On 03/20/2018 11:47 PM, Yonghong Song wrote:
...

+
> +static __init int test_skb_segment(void)
> +{
> +	netdev_features_t features;
> +	struct sk_buff *skb;
> +	int ret = -1;
> +
> +	features = NETIF_F_SG | NETIF_F_GSO_PARTIAL | NETIF_F_IP_CSUM |
> +		   NETIF_F_IPV6_CSUM;
> +	features |= NETIF_F_RXCSUM;
> +	skb = build_test_skb();
> +	if (!skb) {
> +		pr_info("%s: failed to build_test_skb", __func__);
> +		goto done;
> +	}
> +
> +	if (skb_segment(skb, features)) {
> +		ret = 0;
> +		pr_info("%s: success in skb_segment!", __func__);
> +	} else {
> +		pr_info("%s: failed in skb_segment!", __func__);
> +	}

If skb_segmen() was successful skb was already freed.

kfree_skb(old_skb) should thus panic the box, if you run this code
on a kernel having some debugging features like KASAN

So if you do not store in a variable the return of skb_segment(),
you can not properly free memory.

> +	kfree_skb(skb);
> +done:
> +	return ret;
> +}
> +
> 
Please make sure to fully test this code.

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ