| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <YiBczo/gN8w9Hl+L@pop-os.localdomain>
Date: Wed, 2 Mar 2022 22:14:38 -0800
From: Cong Wang <xiyou.wangcong@...il.com>
To: Wang Yufen <wangyufen@...wei.com>
Cc: john.fastabend@...il.com, daniel@...earbox.net,
jakub@...udflare.com, lmb@...udflare.com, davem@...emloft.net,
edumazet@...gle.com, yoshfuji@...ux-ipv6.org, dsahern@...nel.org,
kuba@...nel.org, ast@...nel.org, andrii@...nel.org, kafai@...com,
songliubraving@...com, yhs@...com, kpsingh@...nel.org,
netdev@...r.kernel.org, bpf@...r.kernel.org
Subject: Re: [PATCH bpf-next v2 3/4] bpf, sockmap: Fix more uncharged while
msg has more_data
On Wed, Mar 02, 2022 at 10:27:54AM +0800, Wang Yufen wrote:
> In tcp_bpf_send_verdict(), if msg has more data after
> tcp_bpf_sendmsg_redir():
>
> tcp_bpf_send_verdict()
> tosend = msg->sg.size //msg->sg.size = 22220
> case __SK_REDIRECT:
> sk_msg_return() //uncharged msg->sg.size(22220) sk->sk_forward_alloc
> tcp_bpf_sendmsg_redir() //after tcp_bpf_sendmsg_redir, msg->sg.size=11000
> goto more_data;
> tosend = msg->sg.size //msg->sg.size = 11000
> case __SK_REDIRECT:
> sk_msg_return() //uncharged msg->sg.size(11000) to sk->sk_forward_alloc
>
> The msg->sg.size(11000) has been uncharged twice, to fix we can charge the
> remaining msg->sg.size before goto more data.
It looks like bpf_exec_tx_verdict() has the same issue.
Powered by blists - more mailing lists