lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
Open Source and information security mailing list archives
| ||
|
Date: Mon, 26 Jan 2015 17:29:05 -0800 (PST) From: David Miller <davem@...emloft.net> To: hannes@...essinduktion.org Cc: netdev@...r.kernel.org, ja@....bg, mleitner@...hat.com, fw@...len.de Subject: Re: [PATCH net v3] ipv4: try to cache dst_entries which would cause a redirect From: Hannes Frederic Sowa <hannes@...essinduktion.org> Date: Fri, 23 Jan 2015 12:01:26 +0100 > Not caching dst_entries which cause redirects could be exploited by hosts > on the same subnet, causing a severe DoS attack. This effect aggravated > since commit f88649721268999 ("ipv4: fix dst race in sk_dst_get()"). > > Lookups causing redirects will be allocated with DST_NOCACHE set which > will force dst_release to free them via RCU. Unfortunately waiting for > RCU grace period just takes too long, we can end up with >1M dst_entries > waiting to be released and the system will run OOM. rcuos threads cannot > catch up under high softirq load. > > Attaching the flag to emit a redirect later on to the specific skb allows > us to cache those dst_entries thus reducing the pressure on allocation > and deallocation. > > This issue was discovered by Marcelo Leitner. > > Cc: Julian Anastasov <ja@....bg> > Signed-off-by: Marcelo Leitner <mleitner@...hat.com> > Signed-off-by: Florian Westphal <fw@...len.de> > Signed-off-by: Hannes Frederic Sowa <hannes@...essinduktion.org> Applied and queued up for -stable, thanks. -- To unsubscribe from this list: send the line "unsubscribe netdev" in the body of a message to majordomo@...r.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html
Powered by blists - more mailing lists