lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [day] [month] [year] [list] 
Message-ID: <20220224103319.1eb84d11@kicinski-fedora-pc1c0hjn.dhcp.thefacebook.com>
Date:   Thu, 24 Feb 2022 10:33:19 -0800
From:   Jakub Kicinski <kuba@...nel.org>
To:     "lena.wang" <lena.wang@...iatek.com>
Cc:     Eric Dumazet <edumazet@...gle.com>, <davem@...emloft.net>,
        <matthias.bgg@...il.com>, <netdev@...r.kernel.org>,
        <linux-kernel@...r.kernel.org>, <wsd_upstream@...iatek.com>,
        <hao.lin@...iatek.com>
Subject: Re: [PATCH] net:fix up skbs delta_truesize in UDP GRO frag_list

On Thu, 24 Feb 2022 09:08:35 -0800 Jakub Kicinski wrote:
> On Wed, 23 Feb 2022 18:08:47 +0800 lena.wang wrote:
> > The truesize for a UDP GRO packet is added by main skb and skbs in main
> > skb's frag_list:
> > skb_gro_receive_list
> >         p->truesize += skb->truesize;
> > 
> > When uncloning skb, it will call pskb_expand_head and trusesize for
> > frag_list skbs may increase. This can occur when allocators uses
> > __netdev_alloc_skb and not jump into __alloc_skb. This flow does not
> > use ksize(len) to calculate truesize while pskb_expand_head uses.
> > skb_segment_list
> > err = skb_unclone(nskb, GFP_ATOMIC);
> > pskb_expand_head
> >         if (!skb->sk || skb->destructor == sock_edemux)
> >                 skb->truesize += size - osize;
> > 
> > If we uses increased truesize adding as delta_truesize, it will be
> > larger than before and even larger than previous total truesize value
> > if skbs in frag_list are abundant. The main skb truesize will become
> > smaller and even a minus value or a huge value for an unsigned int
> > parameter. Then the following memory check will drop this abnormal skb.
> > 
> > To avoid this error we should use the original truesize to segment the
> > main skb.
> > 
> > Signed-off-by: lena wang <lena.wang@...iatek.com>  

Eric pointed out this patch did not make it to the mailing list.
It was also whitespace damaged and line wrapped.

Could you resend with git send-email?

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ