| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Mon, 19 Nov 2018 12:54:38 -0500
From: Willem de Bruijn <willemdebruijn.kernel@...il.com>
To: "Anand H. Krishnan" <anandhkrishnan@...il.com>
Cc: Network Development <netdev@...r.kernel.org>
Subject: Re: VETH & AF_PACKET problem
On Mon, Nov 19, 2018 at 6:00 AM Anand H. Krishnan
<anandhkrishnan@...il.com> wrote:
>
> Hello,
>
> I tried the 4.19.2 kernel without success. You were probably right
> that skb_orphan
> is indeed called from somewhere in the receive path. I had an
> instrumented kernel
> and the following is what I see:
Thanks for verifying.
I was also able to reproduce it without veth by looping a packet
to another packet socket that delays reading from the socket.
A very preliminary patch is to mark the socket as zerocopy in
tpacket_fill_skb to trigger skb_copy_ubufs whenever the
packet gets cloned or enters the receive path:
@@ -2462,6 +2462,9 @@ static int tpacket_fill_skb(struct packet_sock
*po, struct sk_buff *skb,
skb->tstamp = sockc->transmit_time;
sock_tx_timestamp(&po->sk, sockc->tsflags, &skb_shinfo(skb)->tx_flags);
skb_shinfo(skb)->destructor_arg = ph.raw;
+ skb_shinfo(skb)->tx_flags |= SKBTX_ZEROCOPY_FRAG;
This requires at the least a fixup in skb_zcopy_clear to handle this
special case and not call uarg->callback (because
skb_shinfo(skb)->destructor_arg is of a different type for
tpacket_snd). I'll share a patch to test when I have something
more concrete.
Powered by blists - more mailing lists