lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
Open Source and information security mailing list archives
| ||
|
Date: Mon, 06 Sep 2010 18:45:29 -0700 (PDT) From: David Miller <davem@...emloft.net> To: penguin-kernel@...ove.SAKURA.ne.jp Cc: eric.dumazet@...il.com, netdev@...r.kernel.org Subject: Re: [PATCH] UNIX: Do not loop forever at unix_autobind(). From: Tetsuo Handa <penguin-kernel@...ove.SAKURA.ne.jp> Date: Sat, 04 Sep 2010 20:34:28 +0900 > Subject: [PATCH] UNIX: Do not loop forever at unix_autobind(). > > We assumed that unix_autobind() never fails if kzalloc() succeeded. > But unix_autobind() allows only 1048576 names. If /proc/sys/fs/file-max is > larger than 1048576 (e.g. systems with more than 10GB of RAM), a local user can > consume all names using fork()/socket()/bind(). > > If all names are in use, those who call bind() with addr_len == sizeof(short) > or connect()/sendmsg() with setsockopt(SO_PASSCRED) will continue > > while (1) > yield(); > > loop at unix_autobind() till a name becomes available. > This patch adds a loop counter in order to give up after 1048576 attempts. > > Calling yield() for once per 256 attempts may not be sufficient when many names > are already in use, for __unix_find_socket_byname() can take long time under > such circumstance. Therefore, this patch also adds cond_resched() call. > > Note that currently a local user can consume 2GB of kernel memory if the user > is allowed to create and autobind 1048576 UNIX domain sockets. We should > consider adding some restriction for autobind operation. > > Signed-off-by: Tetsuo Handa <penguin-kernel@...ove.SAKURA.ne.jp> Applied and queued up for -stable, thanks! -- To unsubscribe from this list: send the line "unsubscribe netdev" in the body of a message to majordomo@...r.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html
Powered by blists - more mailing lists