On 14/05/14 20:41, Zoltan Kiss wrote:
But here is the thing: deliver_skb calls orphan_frags for every packet
delivered to the local stack, so we are safe IF these functions are
called before the IP stack. So we are safe now, but things can go wrong,
if:
- such a frag-mangling function is called
Hi,
Recently I've investigated issues around SKBTX_DEV_ZEROCOPY skbs where
the frags list were modified. I came across this function skb_shift(),
which moves frags between skbs. And there are a lot more of such kind,
skb_split or skb_try_coalesce, for example.
It could be a dangerous thing if
On Wed, 2014-05-14 at 14:40 +0100, Zoltan Kiss wrote:
Hi,
Recently I've investigated issues around SKBTX_DEV_ZEROCOPY skbs where
the frags list were modified. I came across this function skb_shift(),
which moves frags between skbs. And there are a lot more of such kind,
skb_split or
From: Eric Dumazet eric.duma...@gmail.com
Date: Wed, 14 May 2014 07:23:52 -0700
On Wed, 2014-05-14 at 14:40 +0100, Zoltan Kiss wrote:
Hi,
Recently I've investigated issues around SKBTX_DEV_ZEROCOPY skbs where
the frags list were modified. I came across this function skb_shift(),
which
On Wed, 2014-05-14 at 13:42 -0400, David Miller wrote:
From: Eric Dumazet eric.duma...@gmail.com
Date: Wed, 14 May 2014 07:23:52 -0700
On Wed, 2014-05-14 at 14:40 +0100, Zoltan Kiss wrote:
Hi,
Recently I've investigated issues around SKBTX_DEV_ZEROCOPY skbs where
the frags list
On 14/05/14 15:23, Eric Dumazet wrote:
On Wed, 2014-05-14 at 14:40 +0100, Zoltan Kiss wrote:
Hi,
Recently I've investigated issues around SKBTX_DEV_ZEROCOPY skbs where
the frags list were modified. I came across this function skb_shift(),
which moves frags between skbs. And there are a lot
On Wed, 2014-05-14 at 20:41 +0100, Zoltan Kiss wrote:
On 14/05/14 15:23, Eric Dumazet wrote:
On Wed, 2014-05-14 at 14:40 +0100, Zoltan Kiss wrote:
Hi,
Recently I've investigated issues around SKBTX_DEV_ZEROCOPY skbs where
the frags list were modified. I came across this function