Eric Dumazet ec83921899 tcp: tcp_fragment() should apply sane memory limits ... commit f070ef2ac6 upstream. Jonathan Looney reported that a malicious peer can force a sender to fragment its retransmit queue into tiny skbs, inflating memory usage and/or overflow 32bit counters. TCP allows an application to queue up to sk_sndbuf bytes, so we need to give some allowance for non malicious splitting of retransmit queue. A new SNMP counter is added to monitor how many times TCP did not allow to split an skb if the allowance was exceeded. Note that this counter might increase in the case applications use SO_SNDBUF socket option to lower sk_sndbuf. CVE-2019-11478 : tcp_fragment, prevent fragmenting a packet when the socket is already using more than half the allowed space Signed-off-by: Eric Dumazet <edumazet@google.com> Reported-by: Jonathan Looney <jtl@netflix.com> Acked-by: Neal Cardwell <ncardwell@google.com> Acked-by: Yuchung Cheng <ycheng@google.com> Reviewed-by: Tyler Hicks <tyhicks@canonical.com> Cc: Bruce Curtis <brucec@netflix.com> Cc: Jonathan Lemon <jonathan.lemon@gmail.com> Signed-off-by: David S. Miller <davem@davemloft.net> Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>		2019-06-17 19:51:56 +02:00
..
asm-generic	mm/hugetlb: add mmap() encodings for 32MB and 512MB page sizes	2018-10-05 16:32:04 -07:00
drm	drm/i915: Fix I915_EXEC_RING_MASK	2019-06-11 12:20:56 +02:00
linux	tcp: tcp_fragment() should apply sane memory limits	2019-06-17 19:51:56 +02:00
misc	ocxl: Add an IOCTL so userspace knows what OCXL features are available	2018-06-03 20:40:32 +10:00
mtd	ubi: expose the volume CRC check skip flag	2018-08-15 00:25:21 +02:00
rdma	RDMA/vmw_pvrdma: Return the correct opcode when creating WR	2019-01-22 21:40:34 +01:00
scsi
sound	ASoC: uapi: fix sound/skl-tplg-interface.h userspace compilation errors	2018-08-14 15:08:07 +01:00
video
xen	xen/gntdev: Add initial support for dma-buf UAPI	2018-07-26 23:05:14 -04:00