Lucid CVE-2012-3412

Tim Gardner tim.gardner at canonical.com
Fri Aug 24 15:11:22 UTC 2012


On 08/24/2012 09:05 AM, Herton Ronaldo Krzesinski wrote:
> On Fri, Aug 24, 2012 at 07:58:34AM -0600, Tim Gardner wrote:
>>  static inline int netif_needs_gso(struct net_device *dev, struct sk_buff *skb)
>>  {
>> +	if (skb_is_gso(skb) &&
>> +		skb_shinfo(skb)->gso_segs > skb->dev->gso_max_segs)
>> +		return 0;
> 
> Shouldn't be return 1 here? If the condition is true, we would clear the
> flags from features. If flags are cleared, when calling skb_gso_ok:
> 
> net_gso_ok would always return 0
> skb_gso_ok would always return 0
> netif_needs_gso returns 1 because it does !skb_gso_ok
> 
> Unless I'm missing something here. Anyway, hard to read these functions...
> I think just copying/clearing the flags and passing through skb_gso_ok
> would be better.
> 

I guess I'm confused about when the flag is set. I was assuming if GSO
was set, then the driver handled 'generic segmentation offload'. Aren't
we checking for error conditions, e.g., if there are more segments then
the driver can handle, then _don't_ do GSO ?

rtg
-- 
Tim Gardner tim.gardner at canonical.com




More information about the kernel-team mailing list