| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Mon, 29 Apr 2019 23:21:29 -0400 (EDT)
From: David Miller <davem@...emloft.net>
To: edumazet@...gle.com
Cc: netdev@...r.kernel.org, eric.dumazet@...il.com,
richard.purdie@...uxfoundation.org, bonbons@...ophe.eu
Subject: Re: [PATCH net] tcp: add sanity tests in tcp_add_backlog()
From: Eric Dumazet <edumazet@...gle.com>
Date: Fri, 26 Apr 2019 10:10:05 -0700
> Richard and Bruno both reported that my commit added a bug,
> and Bruno was able to determine the problem came when a segment
> wih a FIN packet was coalesced to a prior one in tcp backlog queue.
>
> It turns out the header prediction in tcp_rcv_established()
> looks back to TCP headers in the packet, not in the metadata
> (aka TCP_SKB_CB(skb)->tcp_flags)
>
> The fast path in tcp_rcv_established() is not supposed to
> handle a FIN flag (it does not call tcp_fin())
>
> Therefore we need to make sure to propagate the FIN flag,
> so that the coalesced packet does not go through the fast path,
> the same than a GRO packet carrying a FIN flag.
>
> While we are at it, make sure we do not coalesce packets with
> RST or SYN, or if they do not have ACK set.
>
> Many thanks to Richard and Bruno for pinpointing the bad commit,
> and to Richard for providing a first version of the fix.
>
> Fixes: 4f693b55c3d2 ("tcp: implement coalescing on backlog queue")
> Signed-off-by: Eric Dumazet <edumazet@...gle.com>
> Reported-by: Richard Purdie <richard.purdie@...uxfoundation.org>
> Reported-by: Bruno Prémont <bonbons@...ophe.eu>
Applied and queued up for -stable.
Powered by blists - more mailing lists