On Tue, Mar 11, 2014 at 05:56:40AM +0800, Herbert Xu wrote: > On Mon, Mar 10, 2014 at 11:52:36PM +0200, Michael S. Tsirkin wrote: > > > > The cover letter has more detail: > > For some reason I didn't receive this cover letter. > > skb_segment ... moves frags > > between skbs without orphaning them. > > This causes userspace to assume it's safe to > > reuse the buffer, and receiver gets corrupted data. > > This further might leak information from the > > transmitter on the wire. > > > > if still unclear, pls let me know. > > Why can't we deal with this by simply postponing the copy until > later? > > Thanks,
Once one skb completes the callback is invoked and userspace reuses this buffer for something else. At that point it's too late to do the copy. > IOW if we pass along SKBTX_SHARED_FRAG will it work? I don't see how would SKBTX_SHARED_FRAG help with this at all. That only works for pages gifted to kernel by e.g. vmsplice that aren't reused by userspace. > -- > Email: Herbert Xu <[email protected]> > Home Page: http://gondor.apana.org.au/~herbert/ > PGP Key: http://gondor.apana.org.au/~herbert/pubkey.txt -- To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to [email protected] More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/
