lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [day] [month] [year] [list] 
Message-Id: <20140702.182152.1004736569979242732.davem@davemloft.net>
Date:	Wed, 02 Jul 2014 18:21:52 -0700 (PDT)
From:	David Miller <davem@...emloft.net>
To:	christoph.paasch@...ouvain.be
Cc:	netdev@...r.kernel.org, avagin@...nvz.org, xemul@...allels.com
Subject: Re: [PATCH net] tcp: Fix divide by zero when pushing during
 tcp-repair

From: Christoph Paasch <christoph.paasch@...ouvain.be>
Date: Sat, 28 Jun 2014 18:26:37 +0200

> When in repair-mode and TCP_RECV_QUEUE is set, we end up calling
> tcp_push with mss_now being 0. If data is in the send-queue and
> tcp_set_skb_tso_segs gets called, we crash because it will divide by
> mss_now:
 ...
> This can easily be reproduced with the following packetdrill-script (the
> "magic" with netem, sk_pacing and limit_output_bytes is done to prevent
> the kernel from pushing all segments, because hitting the limit without
> doing this is not so easy with packetdrill):
 ...
> This happens since ec3423257508 (tcp: fix retransmission in repair
> mode). Prior to that, the call to tcp_push was prevented by a check for
> tp->repair.
> 
> The patch fixes it, by adding the new goto-label out_nopush. When exiting
> tcp_sendmsg and a push is not required, which is the case for tp->repair,
> we go to this label.
> 
> When repairing and calling send() with TCP_RECV_QUEUE, the data is
> actually put in the receive-queue. So, no push is required because no
> data has been added to the send-queue.
> 
> Cc: Andrew Vagin <avagin@...nvz.org>
> Cc: Pavel Emelyanov <xemul@...allels.com>
> Fixes: ec3423257508 (tcp: fix retransmission in repair mode)
> Signed-off-by: Christoph Paasch <christoph.paasch@...ouvain.be>

Applied and queued up for -stable, thanks.
--
To unsubscribe from this list: send the line "unsubscribe netdev" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ