| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <20240103174931.15ea4dbd@kernel.org> Date: Wed, 3 Jan 2024 17:49:31 -0800 From: Jakub Kicinski <kuba@...nel.org> To: vladbu@...dia.com, Xin Long <lucien.xin@...il.com> Cc: Tao Liu <taoliu828@....com>, davem@...emloft.net, edumazet@...gle.com, pabeni@...hat.com, paulb@...dia.com, netdev@...r.kernel.org, simon.horman@...igine.com, xiyou.wangcong@...il.com, pablo@...filter.org Subject: Re: [PATCH net] net/sched: act_ct: fix skb leak and crash on ooo frags On Thu, 28 Dec 2023 16:14:57 +0800 Tao Liu wrote: > act_ct adds skb->users before defragmentation. If frags arrive in order, > the last frag's reference is reset in: > > inet_frag_reasm_prepare > skb_morph > > which is not straightforward. > > However when frags arrive out of order, nobody unref the last frag, and > all frags are leaked. The situation is even worse, as initiating packet > capture can lead to a crash[0] when skb has been cloned and shared at the > same time. > > Fix the issue by removing skb_get() before defragmentation. act_ct > returns TC_ACT_CONSUMED when defrag failed or in progress. Vlad, Xin Long, does this look good to you? -- pw-bot: needs-ack
Powered by blists - more mailing lists