Return-Path: Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1754184AbaLATAS (ORCPT ); Mon, 1 Dec 2014 14:00:18 -0500 Received: from mail-wi0-f178.google.com ([209.85.212.178]:60216 "EHLO mail-wi0-f178.google.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1754137AbaLATAQ convert rfc822-to-8bit (ORCPT ); Mon, 1 Dec 2014 14:00:16 -0500 MIME-Version: 1.0 In-Reply-To: <547CAEA3.3090906@redhat.com> References: <547CA719.6060101@redhat.com> <547CAEA3.3090906@redhat.com> Date: Mon, 1 Dec 2014 20:00:15 +0100 Message-ID: Subject: Re: panic in skb_push via sctp From: =?UTF-8?B?Um9iZXJ0IMWad2nEmWNraQ==?= To: Daniel Borkmann Cc: linux-sctp@vger.kernel.org, linux-kernel@vger.kernel.org, vyasevich@gmail.com Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8BIT Sender: linux-kernel-owner@vger.kernel.org List-ID: X-Mailing-List: linux-kernel@vger.kernel.org 2014-12-01 19:08 GMT+01:00 Daniel Borkmann : > >> Thanks for looking into it. I can try with your patch, but no >> guarantees that the fuzzer will hit the same condition in some >> reasonable time-frame. Will get back in some time with results. > > > Ok, thanks! > >> PS. If you think it's possible to create a repro (userland code) which >> can trigger this, I can give it a try. > > > Did by accident trinity create tunnels? It looks that upper layer > protocols (except SCTP) all allocate and reserve MAX_HEADER to > accommodate enough head room in worst case for possible tunnels. Not sure, but I run it inside a pid/ipc/uts/etc/user-namespaces where it operates with a full set of capabilities, so most of the SOCK_RAW and tunnel-like-creating calls succeed, so maybe.. -- Robert Święcki -- To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to majordomo@vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/