Return-Path: Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1032345AbdD0JWB (ORCPT ); Thu, 27 Apr 2017 05:22:01 -0400 Received: from frisell.zx2c4.com ([192.95.5.64]:57783 "EHLO frisell.zx2c4.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1032291AbdD0JVy (ORCPT ); Thu, 27 Apr 2017 05:21:54 -0400 MIME-Version: 1.0 In-Reply-To: <20170425184734.26563-1-Jason@zx2c4.com> References: <20170425155215.4835-1-Jason@zx2c4.com> <20170425184734.26563-1-Jason@zx2c4.com> From: "Jason A. Donenfeld" Date: Thu, 27 Apr 2017 11:21:51 +0200 X-Gmail-Original-Message-ID: Message-ID: Subject: Re: [PATCH v6 1/5] skbuff: return -EMSGSIZE in skb_to_sgvec to prevent overflow To: Netdev , LKML , David Laight , kernel-hardening@lists.openwall.com, David Miller Cc: "Jason A. Donenfeld" Content-Type: text/plain; charset=UTF-8 Sender: linux-kernel-owner@vger.kernel.org List-ID: X-Mailing-List: linux-kernel@vger.kernel.org Content-Length: 829 Lines: 17 Hey Dave, David Laight and I have been discussing offlist. It occurred to both of us that this could just be turned into a loop because perhaps this is actually just tail-recursive. Upon further inspection, however, the way the current algorithm works, it's possible that each of the fraglist skbs has its own fraglist, which would make this into tree recursion, which is why in the first place I wanted to place that limit on it. If that's the case, then the patch I proposed above is the best way forward. However, perhaps there's the chance that fraglist skbs having separate fraglists are actually forbidden? Is this the case? Are there other parts of the API that enforce this contract? Is it something we could safely rely on here? If you say yes, I'll send a v7 that makes this into a non-recursive loop. Regards, Jason