lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Date:   Fri, 16 Oct 2020 11:00:20 +0200
From:   Christian Eggers <ceggers@...i.de>
To:     Kurt Kanzenbach <kurt@...utronix.de>
CC:     Vladimir Oltean <olteanv@...il.com>,
        Woojung Huh <woojung.huh@...rochip.com>,
        Andrew Lunn <andrew@...n.ch>,
        Vivien Didelot <vivien.didelot@...il.com>,
        Florian Fainelli <f.fainelli@...il.com>,
        Microchip Linux Driver Support <UNGLinuxDriver@...rochip.com>,
        "David S . Miller" <davem@...emloft.net>,
        Jakub Kicinski <kuba@...nel.org>, <netdev@...r.kernel.org>,
        <linux-kernel@...r.kernel.org>
Subject: Re: [PATCH net] net: dsa: ksz: fix padding size of skb

On Friday, 16 October 2020, 09:45:42 CEST, Kurt Kanzenbach wrote:
> On Thu Oct 15 2020, Christian Eggers wrote:
> > On Wednesday, 14 October 2020, 19:31:03 CEST, Vladimir Oltean wrote:
> >> What problem are you actually trying to solve?
> > 
> > After (hopefully) understanding the important bits, I would like to solve
> > the problem that after calling __skb_put_padto() there may be no tailroom
> > for the tail tag.
> > 
> > The conditions where this can happen are quite special. You need a
> > skb->len < ETH_ZLEN and the skb must be marked as cloned. One condition
> > where this happens in practice is when the skb has been selected for TX
> > time stamping in dsa_skb_tx_timestamp() [cloned] and L2 is used as
> > transport for PTP [size < ETH_ZLEN]. But maybe cloned sk_buffs can also
> > happen for other reasons.
> Hmm. I've never observed any problems using DSA with L2 PTP time
> stamping with this tail tag code. What's the impact exactly? Memory
> corruption?
It looks like skb_put_padto() is only used by the tag_ksz driver. So it's 
unlikely that other drivers are affected by the same problem.

If I remember correctly, I got a skb_panic in skb_put() when adding the tail 
tag. But with the current kernel I didn't manage to create packets where the 
skb allocated by __skb_put_padto has not enough spare room for the tag tag. 
Either I am trying with wrong packets, or something else has been changed in 
between.

I just sent a new patch which should solve the problem correctly here:
https://patchwork.ozlabs.org/project/netdev/list/?series=208269

Best regards
Christian




Powered by blists - more mailing lists