forge/linux-uconsole
1
0
Fork 0
Code Issues 1 Pull requests Projects Releases Packages Wiki Activity Actions
linux-uconsole/include
History
Eric Dumazet 6019f38379 af_unix: limit recursion level 
commit 25888e3031 upstream.

Its easy to eat all kernel memory and trigger NMI watchdog, using an
exploit program that queues unix sockets on top of others.

lkml ref : http://lkml.org/lkml/2010/11/25/8

This mechanism is used in applications, one choice we have is to have a
recursion limit.

Other limits might be needed as well (if we queue other types of files),
since the passfd mechanism is currently limited by socket receive queue
sizes only.

Add a recursion_level to unix socket, allowing up to 4 levels.

Each time we send an unix socket through sendfd mechanism, we copy its
recursion level (plus one) to receiver. This recursion level is cleared
when socket receive queue is emptied.

Reported-by: Марк Коренберг <socketpair@gmail.com>
Signed-off-by: Eric Dumazet <eric.dumazet@gmail.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
[bwh: Adjust for 2.6.32]
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
2011-05-09 15:55:36 -07:00
..
acpi ACPI: skip checking BM_STS if the BIOS doesn't ask for it 2010-08-02 10:21:24 -07:00
asm-generic dma-mapping: fix dma_sync_single_range_* 2010-05-26 14:29:14 -07:00
crypto Merge git://git.kernel.org/pub/scm/linux/kernel/git/herbert/crypto-2.6 2009-09-11 09:38:37 -07:00
drm drm: fix unsigned vs signed comparison issue in modeset ctl ioctl. 2011-03-07 15:17:52 -08:00
keys RxRPC: Fix v1 keys 2011-03-14 14:29:53 -07:00
linux mmc: fix all hangs related to mmc/sd card insert/removal during suspend/resume 2011-05-09 15:55:31 -07:00
math-emu math-emu: correct test for downshifting fraction in _FP_FROM_INT() 2010-08-02 10:20:44 -07:00
media V4L/DVB (13019): video: initial support for ADV7180 2009-09-19 00:53:39 -03:00
mtd
net af_unix: limit recursion level 2011-05-09 15:55:36 -07:00
pcmcia PM / yenta: Split resume into early and late parts (rev. 4) 2009-11-03 10:54:58 +01:00
rdma trivial: fix typo "to to" in multiple files 2009-09-21 15:14:55 +02:00
rxrpc
scsi ses: Avoid kernel panic when lun 0 is not mapped 2011-04-14 16:53:20 -07:00
sound ASoC: Explicitly say registerless widgets have no register 2011-04-14 16:53:26 -07:00
trace tracing: Fix ftrace_event_call alignment for use with gcc 4.5 2010-05-12 14:57:14 -07:00
video davinci-fb-frame-buffer-driver-for-ti-da8xx-omap-l1xx-v4 2009-09-23 07:39:51 -07:00
xen
Kbuild