| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Mon, 21 Jun 2010 14:25:09 -0700
From: Mitchell Erblich <erblichs@...thlink.net>
To: netdev@...r.kernel.org
Subject: Code flow: tcp_input.c : tcp_prune_queue : Dropping frames
group,
The tcp_prune_queue() calls tcp_collapse() is called to
prevent frames/pkts from being dropped due to buffer
?"ooo"? overcommit.
However, tcp_collapse() calls alloc_skb() with GFP_ATOMIC
which can grab the last of reserveable memory.
nskb = alloc_skb(copy + header, GFP_ATOMIC);
if (!nskb)
return;
It should be called with GFP_NOWAIT to keep the NON-SLEEP
aspect of the mem reservation, but not grap the last bits of mem.
Because, if the over-commit was that bad, all other allocations
have ALREADY STARTED TO FAIL. The system SHOULD be
dead.
Secondly, if the alloc failed, why try to do the reclaim?
Thus,
tcp_collapse() should return int instead of void and the
alloc return should return -1 upon failure.
tcp_prune_queue_should check for the return and skip
sk_mem_reclaim().
Why not some logging message?
Didn't see one.
Rename ofo to "ooo" as this is known as "out-of-order".
Lastly, follow-up should be done to identify the GFP_ mem
type and SHOULD not be alloc'ing mem with ATOMIC
for an "out-of-order" queue as this COULD be a form of
DENIAL of Service (DoS) attack.
Mitchell Erblich
--
To unsubscribe from this list: send the line "unsubscribe netdev" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at http://vger.kernel.org/majordomo-info.html
Powered by blists - more mailing lists