| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <20180815131913.GC31330@kroah.com>
Date: Wed, 15 Aug 2018 15:19:13 +0200
From: Greg KH <gregkh@...ux-foundation.org>
To: Mao Wenan <maowenan@...wei.com>
Cc: dwmw2@...radead.org, netdev@...r.kernel.org,
eric.dumazet@...il.com, edumazet@...gle.com, davem@...emloft.net,
ycheng@...gle.com, jdw@...zon.de
Subject: Re: [PATCH stable 4.4 7/9] tcp: detect malicious patterns in
tcp_collapse_ofo_queue()
On Wed, Aug 15, 2018 at 09:21:06PM +0800, Mao Wenan wrote:
> From: Eric Dumazet <edumazet@...gle.com>
>
> [ Upstream commit 3d4bf93ac12003f9b8e1e2de37fe27983deebdcf ]
>
> In case an attacker feeds tiny packets completely out of order,
> tcp_collapse_ofo_queue() might scan the whole rb-tree, performing
> expensive copies, but not changing socket memory usage at all.
>
> 1) Do not attempt to collapse tiny skbs.
> 2) Add logic to exit early when too many tiny skbs are detected.
>
> We prefer not doing aggressive collapsing (which copies packets)
> for pathological flows, and revert to tcp_prune_ofo_queue() which
> will be less expensive.
>
> In the future, we might add the possibility of terminating flows
> that are proven to be malicious.
>
> Signed-off-by: Eric Dumazet <edumazet@...gle.com>
> Acked-by: Soheil Hassas Yeganeh <soheil@...gle.com>
> Signed-off-by: David S. Miller <davem@...emloft.net>
> Signed-off-by: Greg Kroah-Hartman <gregkh@...uxfoundation.org>
> Signed-off-by: root <root@...alhost.localdomain>
signed off by from "root"? :)
And why are you adding the patch back after removing it?
thanks,
greg k-h
Powered by blists - more mailing lists