| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <20190625091507.pwtingx6yk4ltmbo@breakpoint.cc>
Date: Tue, 25 Jun 2019 11:15:07 +0200
From: Florian Westphal <fw@...len.de>
To: John Hurley <john.hurley@...ronome.com>
Cc: Eyal Birger <eyal.birger@...il.com>,
Linux Netdev List <netdev@...r.kernel.org>,
David Miller <davem@...emloft.net>,
Florian Westphal <fw@...len.de>,
Jamal Hadi Salim <jhs@...atatu.com>,
Simon Horman <simon.horman@...ronome.com>,
Jakub Kicinski <jakub.kicinski@...ronome.com>,
oss-drivers@...ronome.com, shmulik@...anetworks.com
Subject: Re: [PATCH net-next 2/2] net: sched: protect against stack overflow
in TC act_mirred
John Hurley <john.hurley@...ronome.com> wrote:
> Hi Eyal,
> The value of 4 is basically a revert to what it was on older kernels
> when TC had a TTL value in the skb:
> https://elixir.bootlin.com/linux/v3.19.8/source/include/uapi/linux/pkt_cls.h#L97
IIRC this TTL value was not used ever.
> I also found with my testing that a value greater than 4 was sailing
> close to the edge.
> With a larger value (on my system anyway), I could still trigger a
> stack overflow here.
> I'm not sure on the history of why a value of 4 was selected here but
> it seems to fall into line with my findings.
> Is there a hard requirement for >4 recursive calls here?
One alternative would be to (instead of dropping the skb), to
decrement the ttl and use netif_rx() instead.
Powered by blists - more mailing lists