| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Thu, 6 Jul 2023 17:05:28 +0200 From: Eric Dumazet <edumazet@...gle.com> To: Kaiyu Zhang <squirrel.prog@...il.com> Cc: davem@...emloft.net, kuba@...nel.org, pabeni@...hat.com, netdev@...r.kernel.org, linux-kernel@...r.kernel.org Subject: Re: [PATCH] gro: check returned skb of napi_frags_skb() against NULL On Thu, Jul 6, 2023 at 4:35 PM Kaiyu Zhang <squirrel.prog@...il.com> wrote: > > Yes the network adapter needs to be fixed for passing invalid packets to GRO. And a message like "dropping impossible skb" should be indicative enough for developers to do so. > > And yet I propose this patch because an immediate system crash caused by NULL pointer access after the above warning message is a bit more difficult to analyse on some test bed where developers have to restore kernel messages after a reboot . > > Furthermore, the adapter I'm working with is capable of receiving very small packets (1 or 2 bytes). They insist this is a feature rather than a bug. I can, and I will check packet length before passing them to GRO, for this particular adapter. But maybe a non-crash warning in general might be helpful to other developers who will face the same problem and spare them some effort on debugging. 1 or 2 bytes would still be stored in an skb, right ? GRO is already very slow, we do not want to make it even slower so that some developers can save time. A kernel crash would point to the NULL deref just fine. If we continue this path, we will soon add "if (!skb) be_kind" to all functions accepting an skb as a parameter, then everything else...
Powered by blists - more mailing lists