Re: [PATCH v8 1/5] skbuff: return -EMSGSIZE in skb_to_sgvec to prevent overflow

2017-05-16 Thread Jason A. Donenfeld
On Mon, May 15, 2017 at 3:12 PM, David Howells wrote: > Is there a reason you moved skb_to_sgvec() in the file rather than just moving > the comment to it (since you moved the comment anyway)? 1) Because it's easier to understand skb_to_sgvec_nomark as a variant of

Re: [PATCH v8 1/5] skbuff: return -EMSGSIZE in skb_to_sgvec to prevent overflow

2017-05-16 Thread Jason A. Donenfeld
On Mon, May 15, 2017 at 3:12 PM, David Howells wrote: > Is there a reason you moved skb_to_sgvec() in the file rather than just moving > the comment to it (since you moved the comment anyway)? 1) Because it's easier to understand skb_to_sgvec_nomark as a variant of skb_to_sgvec, so I'd rather

Re: [PATCH v8 1/5] skbuff: return -EMSGSIZE in skb_to_sgvec to prevent overflow

2017-05-15 Thread David Howells
Jason A. Donenfeld wrote: > +int skb_to_sgvec(struct sk_buff *skb, struct scatterlist *sg, int offset, > int len) > ... > -int skb_to_sgvec(struct sk_buff *skb, struct scatterlist *sg, int offset, > int len) Is there a reason you moved skb_to_sgvec() in the file rather than

Re: [PATCH v8 1/5] skbuff: return -EMSGSIZE in skb_to_sgvec to prevent overflow

2017-05-15 Thread David Howells
Jason A. Donenfeld wrote: > +int skb_to_sgvec(struct sk_buff *skb, struct scatterlist *sg, int offset, > int len) > ... > -int skb_to_sgvec(struct sk_buff *skb, struct scatterlist *sg, int offset, > int len) Is there a reason you moved skb_to_sgvec() in the file rather than just moving the

[PATCH v8 1/5] skbuff: return -EMSGSIZE in skb_to_sgvec to prevent overflow

2017-05-11 Thread Jason A. Donenfeld
This is a defense-in-depth measure in response to bugs like 4d6fa57b4dab ("macsec: avoid heap overflow in skb_to_sgvec"). There's not only a potential overflow of sglist items, but also a stack overflow potential, so we fix this by limiting the amount of recursion this function is allowed to do.

[PATCH v8 1/5] skbuff: return -EMSGSIZE in skb_to_sgvec to prevent overflow

2017-05-11 Thread Jason A. Donenfeld
This is a defense-in-depth measure in response to bugs like 4d6fa57b4dab ("macsec: avoid heap overflow in skb_to_sgvec"). There's not only a potential overflow of sglist items, but also a stack overflow potential, so we fix this by limiting the amount of recursion this function is allowed to do.