| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Wed, 28 Nov 2018 10:49:31 -0800 (PST)
From: David Miller <davem@...emloft.net>
To: bianpan2016@....com
Cc: thomas.lendacky@....com, netdev@...r.kernel.org,
linux-kernel@...r.kernel.org
Subject: Re: [PATCH] amd-xgbe: set skb to NULL after freeing it
From: Pan Bian <bianpan2016@....com>
Date: Wed, 28 Nov 2018 16:09:45 +0800
> @@ -2754,6 +2754,7 @@ static int xgbe_rx_poll(struct xgbe_channel *channel, int budget)
> netif_err(pdata, rx_err, netdev,
> "error in received packet\n");
> dev_kfree_skb(skb);
> + skb = NULL;
> goto next_packet;
> }
>
> @@ -2806,6 +2807,7 @@ static int xgbe_rx_poll(struct xgbe_channel *channel, int budget)
> netif_err(pdata, rx_err, netdev,
> "packet length exceeds configured MTU\n");
> dev_kfree_skb(skb);
> + skb = NULL;
> goto next_packet;
> }
>
> --
> 2.7.4
If either of these two cases are executed, it means that it must be
the case that:
!last || context_next
is FALSE, therefore the conditional in the tail code of this function:
/* Check if we need to save state before leaving */
if (received && (!last || context_next)) {
rdata = XGBE_GET_DESC_DATA(ring, ring->cur);
rdata->state_saved = 1;
rdata->state.skb = skb;
rdata->state.len = len;
rdata->state.error = error;
}
will not trigger, and therefore we will not record the free'd SKB.
And if we iterate the loop again, it is guaranteed that 'skb' will
be set to a new packet or NULL.
So there is no problem here.
Powered by blists - more mailing lists