| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <aO5Sv9GEEPl6zAE5@strlen.de>
Date: Tue, 14 Oct 2025 15:40:15 +0200
From: Florian Westphal <fw@...len.de>
To: Eric Dumazet <edumazet@...gle.com>
Cc: Michal Kubecek <mkubecek@...e.cz>, Paolo Abeni <pabeni@...hat.com>,
Sabrina Dubroca <sd@...asysnail.net>,
"David S . Miller" <davem@...emloft.net>,
Jakub Kicinski <kuba@...nel.org>, Simon Horman <horms@...nel.org>,
Willem de Bruijn <willemb@...gle.com>, netdev@...r.kernel.org,
eric.dumazet@...il.com
Subject: Re: [PATCH net] udp: drop secpath before storing an skb in a receive
queue
Eric Dumazet <edumazet@...gle.com> wrote:
> Thanks for testing. I will follow Sabrina suggestion and send :
>
> diff --git a/net/ipv4/udp.c b/net/ipv4/udp.c
> index 95241093b7f0..d66f273f9070 100644
> --- a/net/ipv4/udp.c
> +++ b/net/ipv4/udp.c
> @@ -1851,8 +1851,13 @@ void skb_consume_udp(struct sock *sk, struct
> sk_buff *skb, int len)
> sk_peek_offset_bwd(sk, len);
>
> if (!skb_shared(skb)) {
> - if (unlikely(udp_skb_has_head_state(skb)))
> - skb_release_head_state(skb);
> + /* Make sure that this skb has no dst, destructor
> + * or conntracking parts, because it might stay
> + * in a remote cpu list for a very long time.
> + */
> + DEBUG_NET_WARN_ON_ONCE(skb_dst(skb));
> + DEBUG_NET_WARN_ON_ONCE(skb->destructor);
> + DEBUG_NET_WARN_ON_ONCE(skb_nfct(skb));
> skb_attempt_defer_free(skb);
Are there cases where we expect to pass skb which violate this to
skb_attempt_defer_free()?
If no, then maybe move existing checks in skb_attempt_defer_free() up and
apped the skb_nfct check there so syzbot can blame other offenders too.
Powered by blists - more mailing lists