lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [day] [month] [year] [list]
Date:   Mon, 29 Apr 2019 23:21:29 -0400 (EDT)
From:   David Miller <>
Subject: Re: [PATCH net] tcp: add sanity tests in tcp_add_backlog()

From: Eric Dumazet <>
Date: Fri, 26 Apr 2019 10:10:05 -0700

> Richard and Bruno both reported that my commit added a bug,
> and Bruno was able to determine the problem came when a segment
> wih a FIN packet was coalesced to a prior one in tcp backlog queue.
> It turns out the header prediction in tcp_rcv_established()
> looks back to TCP headers in the packet, not in the metadata
> (aka TCP_SKB_CB(skb)->tcp_flags)
> The fast path in tcp_rcv_established() is not supposed to
> handle a FIN flag (it does not call tcp_fin())
> Therefore we need to make sure to propagate the FIN flag,
> so that the coalesced packet does not go through the fast path,
> the same than a GRO packet carrying a FIN flag.
> While we are at it, make sure we do not coalesce packets with
> RST or SYN, or if they do not have ACK set.
> Many thanks to Richard and Bruno for pinpointing the bad commit,
> and to Richard for providing a first version of the fix.
> Fixes: 4f693b55c3d2 ("tcp: implement coalescing on backlog queue")
> Signed-off-by: Eric Dumazet <>
> Reported-by: Richard Purdie <>
> Reported-by: Bruno Prémont <>

Applied and queued up for -stable.

Powered by blists - more mailing lists