Hi Ben, On 6/18/2019 7:28 AM, Ben Hutchings wrote: > 3.16.69-rc1 review patch. If anyone has any objections, please let me know. > > ------------------ > > From: Eric Dumazet <[email protected]> > > commit f070ef2ac66716357066b683fb0baf55f8191a2e upstream. > > Jonathan Looney reported that a malicious peer can force a sender > to fragment its retransmit queue into tiny skbs, inflating memory > usage and/or overflow 32bit counters. > > TCP allows an application to queue up to sk_sndbuf bytes, > so we need to give some allowance for non malicious splitting > of retransmit queue. > > A new SNMP counter is added to monitor how many times TCP > did not allow to split an skb if the allowance was exceeded. > > Note that this counter might increase in the case applications > use SO_SNDBUF socket option to lower sk_sndbuf. > > CVE-2019-11478 : tcp_fragment, prevent fragmenting a packet when the > socket is already using more than half the allowed space > > Signed-off-by: Eric Dumazet <[email protected]> > Reported-by: Jonathan Looney <[email protected]> > Acked-by: Neal Cardwell <[email protected]> > Acked-by: Yuchung Cheng <[email protected]> > Reviewed-by: Tyler Hicks <[email protected]> > Cc: Bruce Curtis <[email protected]> > Cc: Jonathan Lemon <[email protected]> > Signed-off-by: David S. Miller <[email protected]> > [Salvatore Bonaccorso: Adjust context for backport to 4.9.168] > [bwh: Backported to 3.16: adjust context] > Signed-off-by: Ben Hutchings <[email protected]>
Don't we also need this patch to be backported: https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/commit/?id=b6653b3629e5b88202be3c9abc44713973f5c4b4 Thanks! -- Florian
