lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite for Android: free password hash cracker in your pocket
[<prev] [next>] [<thread-prev] [day] [month] [year] [list] 
Date:   Tue, 16 May 2017 12:46:19 -0400 (EDT)
From:   David Miller <davem@...emloft.net>
To:     soheil.kdev@...il.com
Cc:     netdev@...r.kernel.org, ilpo.jarvinen@...sinki.fi,
        soheil@...gle.com, ncardwell@...gle.com, ycheng@...gle.com,
        edumazet@...gle.com
Subject: Re: [PATCH net] tcp: eliminate negative reordering in
 tcp_clean_rtx_queue

From: Soheil Hassas Yeganeh <soheil.kdev@...il.com>
Date: Mon, 15 May 2017 17:05:47 -0400

> From: Soheil Hassas Yeganeh <soheil@...gle.com>
> 
> tcp_ack() can call tcp_fragment() which may dededuct the
> value tp->fackets_out when MSS changes. When prior_fackets
> is larger than tp->fackets_out, tcp_clean_rtx_queue() can
> invoke tcp_update_reordering() with negative values. This
> results in absurd tp->reodering values higher than
> sysctl_tcp_max_reordering.
> 
> Note that tcp_update_reordering indeeds sets tp->reordering
> to min(sysctl_tcp_max_reordering, metric), but because
> the comparison is signed, a negative metric always wins.
> 
> Fixes: c7caf8d3ed7a ("[TCP]: Fix reord detection due to snd_una covered holes")
> Reported-by: Rebecca Isaacs <risaacs@...gle.com>
> Signed-off-by: Soheil Hassas Yeganeh <soheil@...gle.com>
> Signed-off-by: Neal Cardwell <ncardwell@...gle.com>
> Signed-off-by: Yuchung Cheng <ycheng@...gle.com>
> Signed-off-by: Eric Dumazet <edumazet@...gle.com>

Applied and queued up for -stable, thanks.

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ