git.proxmox.com Git - mirror_ubuntu-bionic-kernel.git/commit

author	Eric Dumazet <edumazet@google.com>
	Fri, 31 May 2019 20:59:30 +0000 (20:59 +0000)
committer	Marcelo Henrique Cerri <marcelo.cerri@canonical.com>
	Tue, 4 Jun 2019 20:32:09 +0000 (17:32 -0300)
commit	94c027719d279e2a8ad90c83f2425d36137aaa80
tree	4c2fa4b8a6a93bc94e46cdc0e62aba4afb628579	tree
parent	196379e675ffc658eb2414426d3f55311a575b46	commit \| diff

UBUNTU: SAUCE: tcp: tcp_fragment() should apply sane memory limits

Jonathan Looney reported that a malicious peer can force a sender
to fragment its retransmit queue into tiny skbs, inflating memory
usage and/or overflow 32bit counters.

TCP allows an application to queue up to sk_sndbuf bytes,
so we need to give some allowance for non malicious splitting
of retransmit queue.

A new SNMP counter is added to monitor how many times TCP
did not allow to split an skb if the allowance was exceeded.

Signed-off-by: Eric Dumazet <edumazet@google.com>
Reported-by: Jonathan Looney <jtl@netflix.com>
Cc: Bruce Curtis <brucec@netflix.com>
Cc: Neal Cardwell <ncardwell@google.com>
CC: Yuchung Cheng <ycheng@google.com>
BugLink: https://bugs.launchpad.net/bugs/1831638
[tyhicks: Adjust context of SNMP enums]
Signed-off-by: Tyler Hicks <tyhicks@canonical.com>
Signed-off-by: Marcelo Henrique Cerri <marcelo.cerri@canonical.com>

include/uapi/linux/snmp.h		diff \| blob \| blame \| history
net/ipv4/proc.c		diff \| blob \| blame \| history
net/ipv4/tcp_output.c		diff \| blob \| blame \| history