From: Daniel Borkmann <dborkman@redhat.com>
To: "Robert Święcki" <robert@swiecki.net>
Cc: linux-sctp@vger.kernel.org, linux-kernel@vger.kernel.org,
vyasevich@gmail.com
Subject: Re: panic in skb_push via sctp
Date: Mon, 01 Dec 2014 19:14:21 +0000 [thread overview]
Message-ID: <547CBE0D.8010501@redhat.com> (raw)
In-Reply-To: <CAP145pici-xNuvyhdyRdSok_p_1KXvuNKeceMcdaWdEw8VOBuQ@mail.gmail.com>
On 12/01/2014 08:00 PM, Robert Święcki wrote:
> 2014-12-01 19:08 GMT+01:00 Daniel Borkmann <dborkman@redhat.com>:
>>
>>> Thanks for looking into it. I can try with your patch, but no
>>> guarantees that the fuzzer will hit the same condition in some
>>> reasonable time-frame. Will get back in some time with results.
>>
>> Ok, thanks!
>>
>>> PS. If you think it's possible to create a repro (userland code) which
>>> can trigger this, I can give it a try.
>>
>> Did by accident trinity create tunnels? It looks that upper layer
>> protocols (except SCTP) all allocate and reserve MAX_HEADER to
>> accommodate enough head room in worst case for possible tunnels.
>
> Not sure, but I run it inside a pid/ipc/uts/etc/user-namespaces where
> it operates with a full set of capabilities, so most of the SOCK_RAW
> and tunnel-like-creating calls succeed, so maybe..
Ok thanks, can you post your .config?
WARNING: multiple messages have this Message-ID (diff)
From: Daniel Borkmann <dborkman@redhat.com>
To: "Robert Święcki" <robert@swiecki.net>
Cc: linux-sctp@vger.kernel.org, linux-kernel@vger.kernel.org,
vyasevich@gmail.com
Subject: Re: panic in skb_push via sctp
Date: Mon, 01 Dec 2014 20:14:21 +0100 [thread overview]
Message-ID: <547CBE0D.8010501@redhat.com> (raw)
In-Reply-To: <CAP145pici-xNuvyhdyRdSok_p_1KXvuNKeceMcdaWdEw8VOBuQ@mail.gmail.com>
On 12/01/2014 08:00 PM, Robert Święcki wrote:
> 2014-12-01 19:08 GMT+01:00 Daniel Borkmann <dborkman@redhat.com>:
>>
>>> Thanks for looking into it. I can try with your patch, but no
>>> guarantees that the fuzzer will hit the same condition in some
>>> reasonable time-frame. Will get back in some time with results.
>>
>> Ok, thanks!
>>
>>> PS. If you think it's possible to create a repro (userland code) which
>>> can trigger this, I can give it a try.
>>
>> Did by accident trinity create tunnels? It looks that upper layer
>> protocols (except SCTP) all allocate and reserve MAX_HEADER to
>> accommodate enough head room in worst case for possible tunnels.
>
> Not sure, but I run it inside a pid/ipc/uts/etc/user-namespaces where
> it operates with a full set of capabilities, so most of the SOCK_RAW
> and tunnel-like-creating calls succeed, so maybe..
Ok thanks, can you post your .config?
next prev parent reply other threads:[~2014-12-01 19:14 UTC|newest]
Thread overview: 16+ messages / expand[flat|nested] mbox.gz Atom feed top
2014-12-01 16:49 panic in skb_push via sctp Robert Święcki
2014-12-01 16:49 ` Robert Święcki
2014-12-01 17:36 ` Daniel Borkmann
2014-12-01 17:36 ` Daniel Borkmann
2014-12-01 18:02 ` Robert Święcki
2014-12-01 18:02 ` Robert Święcki
2014-12-01 18:08 ` Daniel Borkmann
2014-12-01 18:08 ` Daniel Borkmann
2014-12-01 19:00 ` Robert Święcki
2014-12-01 19:00 ` Robert Święcki
2014-12-01 19:14 ` Daniel Borkmann [this message]
2014-12-01 19:14 ` Daniel Borkmann
2014-12-01 19:17 ` Robert Święcki
2014-12-01 19:17 ` Robert Święcki
2014-12-01 21:58 ` Daniel Borkmann
2014-12-01 21:58 ` Daniel Borkmann
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=547CBE0D.8010501@redhat.com \
--to=dborkman@redhat.com \
--cc=linux-kernel@vger.kernel.org \
--cc=linux-sctp@vger.kernel.org \
--cc=robert@swiecki.net \
--cc=vyasevich@gmail.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.