mirror of
https://github.com/hardkernel/linux.git
synced 2026-06-08 20:07:46 +09:00
176c6b591b
PD#172028 merge CVE patch inet: frag: enforce memory limits earlier [ Upstream commit56e2c94f05] We currently check current frags memory usage only when a new frag queue is created. This allows attackers to first consume the memory budget (default : 4 MB) creating thousands of frag queues, then sending tiny skbs to exceed high_thresh limit by 2 to 3 order of magnitude. Note that before commit648700f76b("inet: frags: use rhashtables for reassembly units"), work queue could be starved under DOS, getting no cpu cycles. After commit648700f76b, only the per frag queue timer can eventually remove an incomplete frag queue and its skbs. Change-Id: I93236ff2764c02ad347339872b05b6f4dce7a06a Fixes:b13d3cbfb8("inet: frag: move eviction of queues to work queue") Signed-off-by: Eric Dumazet <edumazet@google.com> Reported-by: Jann Horn <jannh@google.com> Cc: Florian Westphal <fw@strlen.de> Cc: Peter Oskolkov <posk@google.com> Cc: Paolo Abeni <pabeni@redhat.com> Acked-by: Florian Westphal <fw@strlen.de> Signed-off-by: David S. Miller <davem@davemloft.net> Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>