** Description changed: [Impact] If the socket buffer array of a tap queue is full, a received package needs to be dropped. Currently, the check for the array being full is performed lockless, which might lead to use-after-free errors if the socket buffer array has been resized. [Test Case] TBD. [Regression Potential] The check for the array being full is simply dropped. In case the array is full, subsequent frame handling will fail and the frame is eventually dropped. A regression would manifest itself if the frame is not dropped - for whatever reason and inserted into the (ring) buffer, overwriting the - oldest frame in the buffer. + for whatever reason and inserted into the full (ring) buffer, + overwriting the oldest frame in the buffer. So we'd end up with + frame/packet loss.
-- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1889735 Title: tap: use after free To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/linux/+bug/1889735/+subscriptions -- ubuntu-bugs mailing list [email protected] https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
