lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [day] [month] [year] [list]
Message-Id: <20190429.232129.805928152726012679.davem@davemloft.net>
Date:   Mon, 29 Apr 2019 23:21:29 -0400 (EDT)
From:   David Miller <davem@...emloft.net>
To:     edumazet@...gle.com
Cc:     netdev@...r.kernel.org, eric.dumazet@...il.com,
        richard.purdie@...uxfoundation.org, bonbons@...ophe.eu
Subject: Re: [PATCH net] tcp: add sanity tests in tcp_add_backlog()

From: Eric Dumazet <edumazet@...gle.com>
Date: Fri, 26 Apr 2019 10:10:05 -0700

> Richard and Bruno both reported that my commit added a bug,
> and Bruno was able to determine the problem came when a segment
> wih a FIN packet was coalesced to a prior one in tcp backlog queue.
> 
> It turns out the header prediction in tcp_rcv_established()
> looks back to TCP headers in the packet, not in the metadata
> (aka TCP_SKB_CB(skb)->tcp_flags)
> 
> The fast path in tcp_rcv_established() is not supposed to
> handle a FIN flag (it does not call tcp_fin())
> 
> Therefore we need to make sure to propagate the FIN flag,
> so that the coalesced packet does not go through the fast path,
> the same than a GRO packet carrying a FIN flag.
> 
> While we are at it, make sure we do not coalesce packets with
> RST or SYN, or if they do not have ACK set.
> 
> Many thanks to Richard and Bruno for pinpointing the bad commit,
> and to Richard for providing a first version of the fix.
> 
> Fixes: 4f693b55c3d2 ("tcp: implement coalescing on backlog queue")
> Signed-off-by: Eric Dumazet <edumazet@...gle.com>
> Reported-by: Richard Purdie <richard.purdie@...uxfoundation.org>
> Reported-by: Bruno Prémont <bonbons@...ophe.eu>

Applied and queued up for -stable.

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ