lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [day] [month] [year] [list]
Message-Id: <A76B6C17-B457-4DCA-82C6-A801E1E4D25B@earthlink.net>
Date:	Mon, 21 Jun 2010 14:25:09 -0700
From:	Mitchell Erblich <erblichs@...thlink.net>
To:	netdev@...r.kernel.org
Subject: Code flow: tcp_input.c : tcp_prune_queue : Dropping frames

group,

The tcp_prune_queue() calls tcp_collapse() is called to
prevent frames/pkts from being dropped due to buffer
?"ooo"? overcommit.

However, tcp_collapse() calls alloc_skb() with GFP_ATOMIC
which can grab the last of reserveable memory.

nskb = alloc_skb(copy + header, GFP_ATOMIC); 
if (!nskb) 
     return; 

It should be called with GFP_NOWAIT to keep the NON-SLEEP
aspect of the mem reservation, but not grap the last bits of mem.

Because, if the over-commit was that bad, all other allocations
have ALREADY STARTED TO FAIL. The system SHOULD be
dead.

Secondly, if the alloc failed, why try to do the reclaim?

Thus, 

  tcp_collapse() should return int instead of void and the
  alloc return should return -1 upon failure.

  tcp_prune_queue_should check for the return and skip
  sk_mem_reclaim().

  Why not some logging message?
  Didn't see one.

  Rename ofo to "ooo" as this is known as "out-of-order".

  Lastly, follow-up should be done to identify the GFP_ mem
  type and SHOULD not be alloc'ing mem with ATOMIC
  for an "out-of-order" queue as this COULD be a form of
  DENIAL of Service (DoS) attack.

Mitchell Erblich

   





--
To unsubscribe from this list: send the line "unsubscribe netdev" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ