Signed-off-by: Jason A. Donenfeld <ja...@zx2c4.com>
Cc: Steffen Klassert <steffen.klass...@secunet.com>
Cc: Herbert Xu <herb...@gondor.apana.org.au>
Cc: "David S. Miller" <da...@davemloft.net>
---
net/ipv4/ah4.c | 8 ++--
net/ipv4/esp4.c | 20
Signed-off-by: Jason A. Donenfeld
Cc: Steffen Klassert
Cc: Herbert Xu
Cc: "David S. Miller"
---
net/ipv4/ah4.c | 8 ++--
net/ipv4/esp4.c | 20 +---
net/ipv6/ah6.c | 8 ++--
net/ipv6/esp6.c | 20 +---
4 files changed, 38 insertions(+), 18
Signed-off-by: Jason A. Donenfeld <ja...@zx2c4.com>
Cc: David Howells <dhowe...@redhat.com>
---
net/rxrpc/rxkad.c | 19 ++-
1 file changed, 14 insertions(+), 5 deletions(-)
diff --git a/net/rxrpc/rxkad.c b/net/rxrpc/rxkad.c
index 1bb9b2ccc267..29fe20ad04aa 100644
---
Signed-off-by: Jason A. Donenfeld <ja...@zx2c4.com>
Cc: "Michael S. Tsirkin" <m...@redhat.com>
Cc: Jason Wang <jasow...@redhat.com>
---
drivers/net/virtio_net.c | 9 +++--
1 file changed, 7 insertions(+), 2 deletions(-)
diff --git a/drivers/net/virtio_net.c b/dr
Signed-off-by: Jason A. Donenfeld
Cc: David Howells
---
net/rxrpc/rxkad.c | 19 ++-
1 file changed, 14 insertions(+), 5 deletions(-)
diff --git a/net/rxrpc/rxkad.c b/net/rxrpc/rxkad.c
index 1bb9b2ccc267..29fe20ad04aa 100644
--- a/net/rxrpc/rxkad.c
+++ b/net/rxrpc/rxkad.c
Signed-off-by: Jason A. Donenfeld
Cc: "Michael S. Tsirkin"
Cc: Jason Wang
---
drivers/net/virtio_net.c | 9 +++--
1 file changed, 7 insertions(+), 2 deletions(-)
diff --git a/drivers/net/virtio_net.c b/drivers/net/virtio_net.c
index 9320d96a1632..13fbe4b349c2 100644
--- a/d
ecent MIPS
changes that give it a separate IRQ stack, so that I could experience
some worst-case situations. I found that limiting it to 24 layers deep
yielded a good stack usage with room for safety, as well as being much
deeper than any driver actually ever creates.
Signed-off-by: Jason A. Don
nks to feedback from Dave Howells.
Jason A. Donenfeld (5):
skbuff: return -EMSGSIZE in skb_to_sgvec to prevent overflow
ipsec: check return value of skb_to_sgvec always
rxrpc: check return value of skb_to_sgvec always
macsec: check return value of skb_to_sgvec always
virtio_net: check ret
Signed-off-by: Jason A. Donenfeld <ja...@zx2c4.com>
Cc: Sabrina Dubroca <s...@queasysnail.net>
---
drivers/net/macsec.c | 13 +++--
1 file changed, 11 insertions(+), 2 deletions(-)
diff --git a/drivers/net/macsec.c b/drivers/net/macsec.c
index cdc347be68f2..dfcb1e9
nks to feedback from Dave Howells.
Jason A. Donenfeld (5):
skbuff: return -EMSGSIZE in skb_to_sgvec to prevent overflow
ipsec: check return value of skb_to_sgvec always
rxrpc: check return value of skb_to_sgvec always
macsec: check return value of skb_to_sgvec always
virtio_net: check ret
Signed-off-by: Jason A. Donenfeld
Cc: Sabrina Dubroca
---
drivers/net/macsec.c | 13 +++--
1 file changed, 11 insertions(+), 2 deletions(-)
diff --git a/drivers/net/macsec.c b/drivers/net/macsec.c
index cdc347be68f2..dfcb1e9d2ab2 100644
--- a/drivers/net/macsec.c
+++ b/drivers/net
ecent MIPS
changes that give it a separate IRQ stack, so that I could experience
some worst-case situations. I found that limiting it to 24 layers deep
yielded a good stack usage with room for safety, as well as being much
deeper than any driver actually ever creates.
Signed-off-by: Jason A. Don
On Mon, May 15, 2017 at 3:11 PM, David Howells wrote:
> skb_to_sgvec() can return -EMSGSIZE in some circumstances. You shouldn't
> return -ENOMEM here in such a case.
Noted. I'll fix this up for the next round.
On Mon, May 15, 2017 at 3:11 PM, David Howells wrote:
> skb_to_sgvec() can return -EMSGSIZE in some circumstances. You shouldn't
> return -ENOMEM here in such a case.
Noted. I'll fix this up for the next round.
On Mon, May 15, 2017 at 3:12 PM, David Howells wrote:
> Is there a reason you moved skb_to_sgvec() in the file rather than just moving
> the comment to it (since you moved the comment anyway)?
1) Because it's easier to understand skb_to_sgvec_nomark as a variant
of
On Mon, May 15, 2017 at 3:12 PM, David Howells wrote:
> Is there a reason you moved skb_to_sgvec() in the file rather than just moving
> the comment to it (since you moved the comment anyway)?
1) Because it's easier to understand skb_to_sgvec_nomark as a variant
of skb_to_sgvec, so I'd rather
On Thu, May 11, 2017 at 6:22 PM, Florian Fainelli wrote:
> What you are looking for can be done using ipset-dns from Jason:
>
> https://git.zx2c4.com/ipset-dns/about/
Funny to see this project coming up. I actually ported this
functionality into dnsmasq directly a few weeks
On Thu, May 11, 2017 at 6:22 PM, Florian Fainelli wrote:
> What you are looking for can be done using ipset-dns from Jason:
>
> https://git.zx2c4.com/ipset-dns/about/
Funny to see this project coming up. I actually ported this
functionality into dnsmasq directly a few weeks after writing
Signed-off-by: Jason A. Donenfeld <ja...@zx2c4.com>
Cc: "Michael S. Tsirkin" <m...@redhat.com>
Cc: Jason Wang <jasow...@redhat.com>
---
drivers/net/virtio_net.c | 9 +++--
1 file changed, 7 insertions(+), 2 deletions(-)
diff --git a/drivers/net/virtio_net.c b/dr
Signed-off-by: Jason A. Donenfeld
Cc: "Michael S. Tsirkin"
Cc: Jason Wang
---
drivers/net/virtio_net.c | 9 +++--
1 file changed, 7 insertions(+), 2 deletions(-)
diff --git a/drivers/net/virtio_net.c b/drivers/net/virtio_net.c
index 9320d96a1632..13fbe4b349c2 100644
--- a/d
ecent MIPS
changes that give it a separate IRQ stack, so that I could experience
some worst-case situations. I found that limiting it to 24 layers deep
yielded a good stack usage with room for safety, as well as being much
deeper than any driver actually ever creates.
Signed-off-by: Jason A. Don
ecent MIPS
changes that give it a separate IRQ stack, so that I could experience
some worst-case situations. I found that limiting it to 24 layers deep
yielded a good stack usage with room for safety, as well as being much
deeper than any driver actually ever creates.
Signed-off-by: Jason A. Don
Signed-off-by: Jason A. Donenfeld <ja...@zx2c4.com>
Cc: David Howells <dhowe...@redhat.com>
---
net/rxrpc/rxkad.c | 13 ++---
1 file changed, 10 insertions(+), 3 deletions(-)
diff --git a/net/rxrpc/rxkad.c b/net/rxrpc/rxkad.c
index 1bb9b2ccc267..ecab9334e3c1 100644
---
Signed-off-by: Jason A. Donenfeld
Cc: David Howells
---
net/rxrpc/rxkad.c | 13 ++---
1 file changed, 10 insertions(+), 3 deletions(-)
diff --git a/net/rxrpc/rxkad.c b/net/rxrpc/rxkad.c
index 1bb9b2ccc267..ecab9334e3c1 100644
--- a/net/rxrpc/rxkad.c
+++ b/net/rxrpc/rxkad.c
@@ -227,7
Signed-off-by: Jason A. Donenfeld <ja...@zx2c4.com>
Cc: Sabrina Dubroca <s...@queasysnail.net>
---
drivers/net/macsec.c | 13 +++--
1 file changed, 11 insertions(+), 2 deletions(-)
diff --git a/drivers/net/macsec.c b/drivers/net/macsec.c
index cdc347be68f2..dfcb1e9
Signed-off-by: Jason A. Donenfeld
Cc: Sabrina Dubroca
---
drivers/net/macsec.c | 13 +++--
1 file changed, 11 insertions(+), 2 deletions(-)
diff --git a/drivers/net/macsec.c b/drivers/net/macsec.c
index cdc347be68f2..dfcb1e9d2ab2 100644
--- a/drivers/net/macsec.c
+++ b/drivers/net
Signed-off-by: Jason A. Donenfeld <ja...@zx2c4.com>
Cc: Steffen Klassert <steffen.klass...@secunet.com>
Cc: Herbert Xu <herb...@gondor.apana.org.au>
Cc: "David S. Miller" <da...@davemloft.net>
---
net/ipv4/ah4.c | 8 ++--
net/ipv4/esp4.c | 20
Signed-off-by: Jason A. Donenfeld
Cc: Steffen Klassert
Cc: Herbert Xu
Cc: "David S. Miller"
---
net/ipv4/ah4.c | 8 ++--
net/ipv4/esp4.c | 20 +---
net/ipv6/ah6.c | 8 ++--
net/ipv6/esp6.c | 20 +---
4 files changed, 38 insertions(+), 18
ion.
- Rebased against latest upstream ipsec changes.
Jason A. Donenfeld (5):
skbuff: return -EMSGSIZE in skb_to_sgvec to prevent overflow
ipsec: check return value of skb_to_sgvec always
rxrpc: check return value of skb_to_sgvec always
macsec: check return value of skb_to_sgvec always
virtio_
ion.
- Rebased against latest upstream ipsec changes.
Jason A. Donenfeld (5):
skbuff: return -EMSGSIZE in skb_to_sgvec to prevent overflow
ipsec: check return value of skb_to_sgvec always
rxrpc: check return value of skb_to_sgvec always
macsec: check return value of skb_to_sgvec always
virtio_
On Tue, May 9, 2017 at 3:50 PM, Jason A. Donenfeld <ja...@zx2c4.com> wrote:
> num_sg = skb_to_sgvec(skb, sq->sg + 1, 0, skb->len) + 1;
(The next submission of this will take into account this + 1 here.
https://git.zx2c4.com/linux-dev/log/?h=jd/safe-skb-vec )
On Tue, May 9, 2017 at 3:50 PM, Jason A. Donenfeld wrote:
> num_sg = skb_to_sgvec(skb, sq->sg + 1, 0, skb->len) + 1;
(The next submission of this will take into account this + 1 here.
https://git.zx2c4.com/linux-dev/log/?h=jd/safe-skb-vec )
(The next submission of this ipsec patch will have this rebased over
the latest upstream tree.
https://git.zx2c4.com/linux-dev/log/?h=jd/safe-skb-vec )
(The next submission of this ipsec patch will have this rebased over
the latest upstream tree.
https://git.zx2c4.com/linux-dev/log/?h=jd/safe-skb-vec )
On Tue, May 9, 2017 at 4:03 PM, Johannes Berg wrote:
> Perhaps you should add __must_check annotation to the function
> prototype(s)?
Great idea. I've started doing this in my own code. Wasn't sure how
popular it was outside of there, but I'm glad to hear a suggestion
On Tue, May 9, 2017 at 4:03 PM, Johannes Berg wrote:
> Perhaps you should add __must_check annotation to the function
> prototype(s)?
Great idea. I've started doing this in my own code. Wasn't sure how
popular it was outside of there, but I'm glad to hear a suggestion of
it now. I'll have this
Signed-off-by: Jason A. Donenfeld <ja...@zx2c4.com>
Cc: David Howells <dhowe...@redhat.com>
---
net/rxrpc/rxkad.c | 13 ++---
1 file changed, 10 insertions(+), 3 deletions(-)
diff --git a/net/rxrpc/rxkad.c b/net/rxrpc/rxkad.c
index 4374e7b9c7bf..486026689448 100644
---
Signed-off-by: Jason A. Donenfeld
Cc: David Howells
---
net/rxrpc/rxkad.c | 13 ++---
1 file changed, 10 insertions(+), 3 deletions(-)
diff --git a/net/rxrpc/rxkad.c b/net/rxrpc/rxkad.c
index 4374e7b9c7bf..486026689448 100644
--- a/net/rxrpc/rxkad.c
+++ b/net/rxrpc/rxkad.c
@@ -229,7
Signed-off-by: Jason A. Donenfeld <ja...@zx2c4.com>
Cc: Sabrina Dubroca <s...@queasysnail.net>
---
drivers/net/macsec.c | 13 +++--
1 file changed, 11 insertions(+), 2 deletions(-)
diff --git a/drivers/net/macsec.c b/drivers/net/macsec.c
index 49ce4e9f4a0f..e022e3f
Signed-off-by: Jason A. Donenfeld
Cc: Sabrina Dubroca
---
drivers/net/macsec.c | 13 +++--
1 file changed, 11 insertions(+), 2 deletions(-)
diff --git a/drivers/net/macsec.c b/drivers/net/macsec.c
index 49ce4e9f4a0f..e022e3fcd012 100644
--- a/drivers/net/macsec.c
+++ b/drivers/net
Signed-off-by: Jason A. Donenfeld <ja...@zx2c4.com>
Cc: Steffen Klassert <steffen.klass...@secunet.com>
Cc: Herbert Xu <herb...@gondor.apana.org.au>
Cc: "David S. Miller" <da...@davemloft.net>
---
net/ipv4/ah4.c | 8 ++--
net/ipv4/esp4.c | 30
Signed-off-by: Jason A. Donenfeld <ja...@zx2c4.com>
Cc: "Michael S. Tsirkin" <m...@redhat.com>
Cc: Jason Wang <jasow...@redhat.com>
---
drivers/net/virtio_net.c | 4 +++-
1 file changed, 3 insertions(+), 1 deletion(-)
diff --git a/drivers/net/virtio_net.c b/dr
Signed-off-by: Jason A. Donenfeld
Cc: Steffen Klassert
Cc: Herbert Xu
Cc: "David S. Miller"
---
net/ipv4/ah4.c | 8 ++--
net/ipv4/esp4.c | 30 --
net/ipv6/ah6.c | 8 ++--
net/ipv6/esp6.c | 31 +--
4 files c
Signed-off-by: Jason A. Donenfeld
Cc: "Michael S. Tsirkin"
Cc: Jason Wang
---
drivers/net/virtio_net.c | 4 +++-
1 file changed, 3 insertions(+), 1 deletion(-)
diff --git a/drivers/net/virtio_net.c b/drivers/net/virtio_net.c
index f36584616e7d..1709fd0b4bf7 100644
--- a/d
:
1) When the passed in sglist is too small; and
2) When the passed in skbuff is too deeply nested.
So, the first patch in this series handles the issues with
skb_to_sgvec directly, and the remaining ones then handle the call
sites.
Jason A. Donenfeld (5):
skbuff: return -EMSGSIZE
ecent MIPS
changes that give it a separate IRQ stack, so that I could experience
some worst-case situations. I found that limiting it to 24 layers deep
yielded a good stack usage with room for safety, as well as being much
deeper than any driver actually ever creates.
Signed-off-by: Jason A. Don
:
1) When the passed in sglist is too small; and
2) When the passed in skbuff is too deeply nested.
So, the first patch in this series handles the issues with
skb_to_sgvec directly, and the remaining ones then handle the call
sites.
Jason A. Donenfeld (5):
skbuff: return -EMSGSIZE
ecent MIPS
changes that give it a separate IRQ stack, so that I could experience
some worst-case situations. I found that limiting it to 24 layers deep
yielded a good stack usage with room for safety, as well as being much
deeper than any driver actually ever creates.
Signed-off-by: Jason A. Don
Hey Willy,
On Sun, Apr 9, 2017 at 3:25 PM, Willy Tarreau <w...@1wt.eu> wrote:
>
> Hi Jason,
>
> On Sun, Apr 09, 2017 at 02:59:53PM +0200, Jason A. Donenfeld wrote:
> > Hey Willy,
> >
> > Linux 3.10 is inexplicably missing crypto_memneq, making all crypto
>
Hey Willy,
On Sun, Apr 9, 2017 at 3:25 PM, Willy Tarreau wrote:
>
> Hi Jason,
>
> On Sun, Apr 09, 2017 at 02:59:53PM +0200, Jason A. Donenfeld wrote:
> > Hey Willy,
> >
> > Linux 3.10 is inexplicably missing crypto_memneq, making all crypto
> > mac compariso
Hi Sabrina,
On Fri, Apr 28, 2017 at 6:18 PM, Sabrina Dubroca wrote:
> One small thing here: since you're touching this comment, could you
> move it next to skb_to_sgvec, since that's the function it's supposed
> to document?
Done. I'll wait until next week to resubmit, to
Hi Sabrina,
On Fri, Apr 28, 2017 at 6:18 PM, Sabrina Dubroca wrote:
> One small thing here: since you're touching this comment, could you
> move it next to skb_to_sgvec, since that's the function it's supposed
> to document?
Done. I'll wait until next week to resubmit, to give some more time
Hi Sabrina,
Thanks for the review.
On Fri, Apr 28, 2017 at 1:41 PM, Sabrina Dubroca wrote:
> > sg_init_table(sg, nsg);
> > - skb_to_sgvec(skb, sg, offset, len);
> > + if (unlikely(skb_to_sgvec(skb, sg, offset, len) < 0))
> > + goto nomem;
>
>
Hi Sabrina,
Thanks for the review.
On Fri, Apr 28, 2017 at 1:41 PM, Sabrina Dubroca wrote:
> > sg_init_table(sg, nsg);
> > - skb_to_sgvec(skb, sg, offset, len);
> > + if (unlikely(skb_to_sgvec(skb, sg, offset, len) < 0))
> > + goto nomem;
>
> You're leaking sg when nsg
On Thu, Apr 27, 2017 at 1:30 PM, Sabrina Dubroca wrote:
> Hmm, I think this can actually happen:
Alright, perhaps better to err on the side of caution, then.
Jason
On Thu, Apr 27, 2017 at 1:30 PM, Sabrina Dubroca wrote:
> Hmm, I think this can actually happen:
Alright, perhaps better to err on the side of caution, then.
Jason
Hey Dave,
David Laight and I have been discussing offlist. It occurred to both
of us that this could just be turned into a loop because perhaps this
is actually just tail-recursive. Upon further inspection, however, the
way the current algorithm works, it's possible that each of the
fraglist skbs
Hey Dave,
David Laight and I have been discussing offlist. It occurred to both
of us that this could just be turned into a loop because perhaps this
is actually just tail-recursive. Upon further inspection, however, the
way the current algorithm works, it's possible that each of the
fraglist skbs
Signed-off-by: Jason A. Donenfeld <ja...@zx2c4.com>
---
net/rxrpc/rxkad.c | 10 +++---
1 file changed, 7 insertions(+), 3 deletions(-)
diff --git a/net/rxrpc/rxkad.c b/net/rxrpc/rxkad.c
index 4374e7b9c7bf..dcf46c9c3ece 100644
--- a/net/rxrpc/rxkad.c
+++ b/net/rxrpc/rxkad.c
@@ -229,7
Signed-off-by: Jason A. Donenfeld
---
net/rxrpc/rxkad.c | 10 +++---
1 file changed, 7 insertions(+), 3 deletions(-)
diff --git a/net/rxrpc/rxkad.c b/net/rxrpc/rxkad.c
index 4374e7b9c7bf..dcf46c9c3ece 100644
--- a/net/rxrpc/rxkad.c
+++ b/net/rxrpc/rxkad.c
@@ -229,7 +229,9 @@ static int
Signed-off-by: Jason A. Donenfeld <ja...@zx2c4.com>
---
net/ipv4/ah4.c | 8 ++--
net/ipv4/esp4.c | 30 --
net/ipv6/ah6.c | 8 ++--
net/ipv6/esp6.c | 31 +--
4 files changed, 53 insertions(+), 24 deletions(-)
diff --git
Signed-off-by: Jason A. Donenfeld <ja...@zx2c4.com>
---
drivers/net/virtio_net.c | 4 +++-
1 file changed, 3 insertions(+), 1 deletion(-)
diff --git a/drivers/net/virtio_net.c b/drivers/net/virtio_net.c
index f36584616e7d..1709fd0b4bf7 100644
--- a/drivers/net/virtio_net.c
+++ b/drive
Signed-off-by: Jason A. Donenfeld <ja...@zx2c4.com>
---
drivers/net/macsec.c | 13 +++--
1 file changed, 11 insertions(+), 2 deletions(-)
diff --git a/drivers/net/macsec.c b/drivers/net/macsec.c
index dbab05afcdbe..d846f42b99ec 100644
--- a/drivers/net/macsec.c
+++ b/drivers/net/ma
Signed-off-by: Jason A. Donenfeld
---
net/ipv4/ah4.c | 8 ++--
net/ipv4/esp4.c | 30 --
net/ipv6/ah6.c | 8 ++--
net/ipv6/esp6.c | 31 +--
4 files changed, 53 insertions(+), 24 deletions(-)
diff --git a/net/ipv4/ah4.c b/net
Signed-off-by: Jason A. Donenfeld
---
drivers/net/virtio_net.c | 4 +++-
1 file changed, 3 insertions(+), 1 deletion(-)
diff --git a/drivers/net/virtio_net.c b/drivers/net/virtio_net.c
index f36584616e7d..1709fd0b4bf7 100644
--- a/drivers/net/virtio_net.c
+++ b/drivers/net/virtio_net.c
Signed-off-by: Jason A. Donenfeld
---
drivers/net/macsec.c | 13 +++--
1 file changed, 11 insertions(+), 2 deletions(-)
diff --git a/drivers/net/macsec.c b/drivers/net/macsec.c
index dbab05afcdbe..d846f42b99ec 100644
--- a/drivers/net/macsec.c
+++ b/drivers/net/macsec.c
@@ -733,7
sily avoid here.
Signed-off-by: Jason A. Donenfeld <ja...@zx2c4.com>
---
Changes v5->v6:
* Use unlikely() for the rare overflow conditions.
* Also bound recursion, since this is a potential disaster we can avert.
net/core/skbuff.c | 31 ---
1 file cha
sily avoid here.
Signed-off-by: Jason A. Donenfeld
---
Changes v5->v6:
* Use unlikely() for the rare overflow conditions.
* Also bound recursion, since this is a potential disaster we can avert.
net/core/skbuff.c | 31 ---
1 file changed, 24 insertions(+)
We call skb_cow_data, which is good anyway to ensure we can actually
modify the skb as such (another error from prior). Now that we have the
number of fragments required, we can safely allocate exactly that amount
of memory.
Signed-off-by: Jason A. Donenfeld <ja...@zx2c4.com>
Cc: Sabrina D
We call skb_cow_data, which is good anyway to ensure we can actually
modify the skb as such (another error from prior). Now that we have the
number of fragments required, we can safely allocate exactly that amount
of memory.
Signed-off-by: Jason A. Donenfeld
Cc: Sabrina Dubroca
Cc: secur
Signed-off-by: Jason A. Donenfeld <ja...@zx2c4.com>
---
net/rxrpc/rxkad.c | 10 +++---
1 file changed, 7 insertions(+), 3 deletions(-)
diff --git a/net/rxrpc/rxkad.c b/net/rxrpc/rxkad.c
index 4374e7b9c7bf..dcf46c9c3ece 100644
--- a/net/rxrpc/rxkad.c
+++ b/net/rxrpc/rxkad.c
@@ -229,7
Signed-off-by: Jason A. Donenfeld
---
net/rxrpc/rxkad.c | 10 +++---
1 file changed, 7 insertions(+), 3 deletions(-)
diff --git a/net/rxrpc/rxkad.c b/net/rxrpc/rxkad.c
index 4374e7b9c7bf..dcf46c9c3ece 100644
--- a/net/rxrpc/rxkad.c
+++ b/net/rxrpc/rxkad.c
@@ -229,7 +229,9 @@ static int
Signed-off-by: Jason A. Donenfeld <ja...@zx2c4.com>
---
drivers/net/macsec.c | 13 +++--
1 file changed, 11 insertions(+), 2 deletions(-)
diff --git a/drivers/net/macsec.c b/drivers/net/macsec.c
index dbab05afcdbe..d846f42b99ec 100644
--- a/drivers/net/macsec.c
+++ b/drivers/net/ma
Signed-off-by: Jason A. Donenfeld
---
drivers/net/macsec.c | 13 +++--
1 file changed, 11 insertions(+), 2 deletions(-)
diff --git a/drivers/net/macsec.c b/drivers/net/macsec.c
index dbab05afcdbe..d846f42b99ec 100644
--- a/drivers/net/macsec.c
+++ b/drivers/net/macsec.c
@@ -733,7
Signed-off-by: Jason A. Donenfeld <ja...@zx2c4.com>
---
drivers/net/virtio_net.c | 4 +++-
1 file changed, 3 insertions(+), 1 deletion(-)
diff --git a/drivers/net/virtio_net.c b/drivers/net/virtio_net.c
index f36584616e7d..1709fd0b4bf7 100644
--- a/drivers/net/virtio_net.c
+++ b/drive
Signed-off-by: Jason A. Donenfeld
---
drivers/net/virtio_net.c | 4 +++-
1 file changed, 3 insertions(+), 1 deletion(-)
diff --git a/drivers/net/virtio_net.c b/drivers/net/virtio_net.c
index f36584616e7d..1709fd0b4bf7 100644
--- a/drivers/net/virtio_net.c
+++ b/drivers/net/virtio_net.c
Signed-off-by: Jason A. Donenfeld <ja...@zx2c4.com>
---
net/ipv4/ah4.c | 8 ++--
net/ipv4/esp4.c | 30 --
net/ipv6/ah6.c | 8 ++--
net/ipv6/esp6.c | 31 +--
4 files changed, 53 insertions(+), 24 deletions(-)
diff --git
This is a defense-in-depth measure in response to bugs like
4d6fa57b4dab ("macsec: avoid heap overflow in skb_to_sgvec")
Signed-off-by: Jason A. Donenfeld <ja...@zx2c4.com>
---
This is a resend of v4 with all the other child commits along with it.
net/core/skbuff.c | 12
Signed-off-by: Jason A. Donenfeld
---
net/ipv4/ah4.c | 8 ++--
net/ipv4/esp4.c | 30 --
net/ipv6/ah6.c | 8 ++--
net/ipv6/esp6.c | 31 +--
4 files changed, 53 insertions(+), 24 deletions(-)
diff --git a/net/ipv4/ah4.c b/net
This is a defense-in-depth measure in response to bugs like
4d6fa57b4dab ("macsec: avoid heap overflow in skb_to_sgvec")
Signed-off-by: Jason A. Donenfeld
---
This is a resend of v4 with all the other child commits along with it.
net/core/skbuff.c | 12 +++-
1 file c
We call skb_cow_data, which is good anyway to ensure we can actually
modify the skb as such (another error from prior). Now that we have the
number of fragments required, we can safely allocate exactly that amount
of memory.
Signed-off-by: Jason A. Donenfeld <ja...@zx2c4.com>
Cc: Sabrina D
We call skb_cow_data, which is good anyway to ensure we can actually
modify the skb as such (another error from prior). Now that we have the
number of fragments required, we can safely allocate exactly that amount
of memory.
Signed-off-by: Jason A. Donenfeld
Cc: Sabrina Dubroca
Cc: secur
On Tue, Apr 25, 2017 at 5:12 PM, Sabrina Dubroca wrote:
>> https://patchwork.ozlabs.org/patch/754861/
>
> Yes, that prevents the overflow, but now you're just dropping
> packets.
Right, it's a so-called "defense-in-depth" measure.
> I'll review that later, let's fix the
On Tue, Apr 25, 2017 at 5:12 PM, Sabrina Dubroca wrote:
>> https://patchwork.ozlabs.org/patch/754861/
>
> Yes, that prevents the overflow, but now you're just dropping
> packets.
Right, it's a so-called "defense-in-depth" measure.
> I'll review that later, let's fix the overflow without
>
Hi Sabrina,
On Tue, Apr 25, 2017 at 4:53 PM, Sabrina Dubroca wrote:
> Ugh, good catch :/
>
> AFAICT this patch doesn't really help, because NETIF_F_FRAGLIST
> doesn't get tested in paths that can lead to triggering this.
You're right. This fixes the xmit() path, but not
Hi Sabrina,
On Tue, Apr 25, 2017 at 4:53 PM, Sabrina Dubroca wrote:
> Ugh, good catch :/
>
> AFAICT this patch doesn't really help, because NETIF_F_FRAGLIST
> doesn't get tested in paths that can lead to triggering this.
You're right. This fixes the xmit() path, but not the receive path,
which
This is a defense-in-depth measure in response to bugs like
4d6fa57b4dab ("macsec: avoid heap overflow in skb_to_sgvec")
Signed-off-by: Jason A. Donenfeld <ja...@zx2c4.com>
---
v4 fixes the commit message and moves the check into the inner-most if.
net/core/skbuff.c | 12
This is a defense-in-depth measure in response to bugs like
4d6fa57b4dab ("macsec: avoid heap overflow in skb_to_sgvec")
Signed-off-by: Jason A. Donenfeld
---
v4 fixes the commit message and moves the check into the inner-most if.
net/core/skbuff.c | 12 +++-
1 file c
This is a defense-in-depth measure in response to bugs like
4d6fa57b4dab0d77f4d8e9d9c73d1e63f6fe8fee.
Signed-off-by: Jason A. Donenfeld <ja...@zx2c4.com>
---
Sorry for the completely stupid amount of churn - v1,v2,v3 in the span of
two minutes. It's just that after noticing first that nsg
This is a defense-in-depth measure in response to bugs like
4d6fa57b4dab0d77f4d8e9d9c73d1e63f6fe8fee.
Signed-off-by: Jason A. Donenfeld
---
Sorry for the completely stupid amount of churn - v1,v2,v3 in the span of
two minutes. It's just that after noticing first that nsg needs to be checked,
I
This is a defense-in-depth measure in response to bugs like
4d6fa57b4dab0d77f4d8e9d9c73d1e63f6fe8fee.
Signed-off-by: Jason A. Donenfeld <ja...@zx2c4.com>
---
net/core/skbuff.c | 13 -
1 file changed, 12 insertions(+), 1 deletion(-)
diff --git a/net/core/skbuff.c b/net/core/sk
This is a defense-in-depth measure in response to bugs like
4d6fa57b4dab0d77f4d8e9d9c73d1e63f6fe8fee.
Signed-off-by: Jason A. Donenfeld
---
net/core/skbuff.c | 13 -
1 file changed, 12 insertions(+), 1 deletion(-)
diff --git a/net/core/skbuff.c b/net/core/skbuff.c
index
Signed-off-by: Jason A. Donenfeld <ja...@zx2c4.com>
---
drivers/net/macsec.c | 13 +++--
1 file changed, 11 insertions(+), 2 deletions(-)
diff --git a/drivers/net/macsec.c b/drivers/net/macsec.c
index dbab05afcdbe..d846f42b99ec 100644
--- a/drivers/net/macsec.c
+++ b/drivers/net/ma
Signed-off-by: Jason A. Donenfeld <ja...@zx2c4.com>
---
net/ipv4/ah4.c | 8 ++--
net/ipv4/esp4.c | 30 --
net/ipv6/ah6.c | 8 ++--
net/ipv6/esp6.c | 31 +--
4 files changed, 53 insertions(+), 24 deletions(-)
diff --git
Signed-off-by: Jason A. Donenfeld
---
drivers/net/macsec.c | 13 +++--
1 file changed, 11 insertions(+), 2 deletions(-)
diff --git a/drivers/net/macsec.c b/drivers/net/macsec.c
index dbab05afcdbe..d846f42b99ec 100644
--- a/drivers/net/macsec.c
+++ b/drivers/net/macsec.c
@@ -733,7
Signed-off-by: Jason A. Donenfeld
---
net/ipv4/ah4.c | 8 ++--
net/ipv4/esp4.c | 30 --
net/ipv6/ah6.c | 8 ++--
net/ipv6/esp6.c | 31 +--
4 files changed, 53 insertions(+), 24 deletions(-)
diff --git a/net/ipv4/ah4.c b/net
Signed-off-by: Jason A. Donenfeld <ja...@zx2c4.com>
---
net/rxrpc/rxkad.c | 10 +++---
1 file changed, 7 insertions(+), 3 deletions(-)
diff --git a/net/rxrpc/rxkad.c b/net/rxrpc/rxkad.c
index 4374e7b9c7bf..dcf46c9c3ece 100644
--- a/net/rxrpc/rxkad.c
+++ b/net/rxrpc/rxkad.c
@@ -229,7
Signed-off-by: Jason A. Donenfeld
---
net/rxrpc/rxkad.c | 10 +++---
1 file changed, 7 insertions(+), 3 deletions(-)
diff --git a/net/rxrpc/rxkad.c b/net/rxrpc/rxkad.c
index 4374e7b9c7bf..dcf46c9c3ece 100644
--- a/net/rxrpc/rxkad.c
+++ b/net/rxrpc/rxkad.c
@@ -229,7 +229,9 @@ static int
Signed-off-by: Jason A. Donenfeld <ja...@zx2c4.com>
---
drivers/net/virtio_net.c | 4 +++-
1 file changed, 3 insertions(+), 1 deletion(-)
diff --git a/drivers/net/virtio_net.c b/drivers/net/virtio_net.c
index f36584616e7d..1709fd0b4bf7 100644
--- a/drivers/net/virtio_net.c
+++ b/drive
Signed-off-by: Jason A. Donenfeld
---
drivers/net/virtio_net.c | 4 +++-
1 file changed, 3 insertions(+), 1 deletion(-)
diff --git a/drivers/net/virtio_net.c b/drivers/net/virtio_net.c
index f36584616e7d..1709fd0b4bf7 100644
--- a/drivers/net/virtio_net.c
+++ b/drivers/net/virtio_net.c
801 - 900 of 1706 matches
Mail list logo