| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Wed, 15 Aug 2018 15:25:18 +0200
From: Greg KH <gregkh@...ux-foundation.org>
To: Mao Wenan <maowenan@...wei.com>
Cc: dwmw2@...radead.org, netdev@...r.kernel.org,
eric.dumazet@...il.com, edumazet@...gle.com, davem@...emloft.net,
ycheng@...gle.com, jdw@...zon.de
Subject: Re: [PATCH stable 4.4 6/9] tcp: avoid collapses in tcp_prune_queue()
if possible
On Wed, Aug 15, 2018 at 09:21:05PM +0800, Mao Wenan wrote:
> From: Eric Dumazet <edumazet@...gle.com>
>
> [ Upstream commit f4a3313d8e2ca9fd8d8f45e40a2903ba782607e7 ]
>
> Right after a TCP flow is created, receiving tiny out of order
> packets allways hit the condition :
>
> if (atomic_read(&sk->sk_rmem_alloc) >= sk->sk_rcvbuf)
> tcp_clamp_window(sk);
>
> tcp_clamp_window() increases sk_rcvbuf to match sk_rmem_alloc
> (guarded by tcp_rmem[2])
>
> Calling tcp_collapse_ofo_queue() in this case is not useful,
> and offers a O(N^2) surface attack to malicious peers.
>
> Better not attempt anything before full queue capacity is reached,
> forcing attacker to spend lots of resource and allow us to more
> easily detect the abuse.
>
> Signed-off-by: Eric Dumazet <edumazet@...gle.com>
> Acked-by: Soheil Hassas Yeganeh <soheil@...gle.com>
> Acked-by: Yuchung Cheng <ycheng@...gle.com>
> Signed-off-by: David S. Miller <davem@...emloft.net>
> Signed-off-by: Greg Kroah-Hartman <gregkh@...uxfoundation.org>
> Signed-off-by: root <root@...alhost.localdomain>
root?
Powered by blists - more mailing lists