On Tue, 2017-04-11 at 12:41 +0300, Alexey Dobriyan wrote:
> On Mon, Apr 10, 2017 at 5:43 PM, Eric Dumazet <eric.duma...@gmail.com> wrote:
> > On Mon, 2017-04-10 at 11:07 +0300, Alexey Dobriyan wrote:
> >> struct skb_shared_info {
> >> - unsigned short _unused;
> >> unsigned char nr_frags;
> >> __u8 tx_flags;
> >> unsigned short gso_size;
> >
> > Nack
> >
> > This exact placement was discussed at Netconf and Netdev.
> >
> > We had off-by-one errors in the past leading to nr_frags being mangled,
> > and some exploits were quite happy to use these bugs.
> >
> > Some shuffling in shared_info might help us to find other bugs, and give
> > more work to security researchers
>
> By this logic there should be redzone around every field in networking stack.
Only shared_info immediately follows skb->head
For other structures, standard debug tools in SLUB/SLB/KASAN already
take care of redzones.
