| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <a8655149-80b9-c75d-6528-0b851ea85de8@virtuozzo.com>
Date: Thu, 21 Feb 2019 18:30:17 +0300
From: Vasily Averin <vvs@...tuozzo.com>
To: Eric Dumazet <edumazet@...gle.com>, netdev@...r.kernel.org
Subject: [PATCH] tcp: detect use sendpage for slab-based objects
There was few incidents when XFS over network block device generates
IO requests with slab-based metadata. If these requests are processed
via sendpage path tcp_sendpage() calls skb_can_coalesce() and merges
neighbour slab objects into one skb fragment.
If receiving side is located on the same host tcp_recvmsg() can trigger
following BUG_ON
usercopy: kernel memory exposure attempt detected
from XXXXXX (kmalloc-512) (1024 bytes)
This patch helps to detect the reason of similar incidents on sending side.
Signed-off-by: Vasily Averin <vvs@...tuozzo.com>
---
net/ipv4/tcp.c | 1 +
1 file changed, 1 insertion(+)
diff --git a/net/ipv4/tcp.c b/net/ipv4/tcp.c
index 2079145a3b7c..cf9572f4fc0f 100644
--- a/net/ipv4/tcp.c
+++ b/net/ipv4/tcp.c
@@ -996,6 +996,7 @@ ssize_t do_tcp_sendpages(struct sock *sk, struct page *page, int offset,
goto wait_for_memory;
if (can_coalesce) {
+ WARN_ON_ONCE(PageSlab(page));
skb_frag_size_add(&skb_shinfo(skb)->frags[i - 1], copy);
} else {
get_page(page);
--
2.17.1
Powered by blists - more mailing lists