review.tizen.org Git - platform/kernel/linux-amlogic.git/commit

author	Eric Dumazet <edumazet@google.com>
	Fri, 27 Jul 2018 10:08:46 +0000 (12:08 +0200)
committer	Jianxin Pan <jianxin.pan@amlogic.com>
	Mon, 3 Sep 2018 10:57:33 +0000 (03:57 -0700)
commit	48c76518d12e4bd504dec62fa063feb53e44235a
tree	d7fd51141c42435c523b839f9f20f33910f56123	tree \| snapshot
parent	05aa224a13325c1f7149a250682173aa4eea36c6	commit \| diff

net: merge CVE-2018-5390 patch

PD#172028 merge CVE patch

tcp: detect malicious patterns in tcp_collapse_ofo_queue()

[ Upstream commit 3d4bf93ac12003f9b8e1e2de37fe27983deebdcf ]

In case an attacker feeds tiny packets completely out of order,
tcp_collapse_ofo_queue() might scan the whole rb-tree, performing
expensive copies, but not changing socket memory usage at all.

1) Do not attempt to collapse tiny skbs.
2) Add logic to exit early when too many tiny skbs are detected.

We prefer not doing aggressive collapsing (which copies packets)
for pathological flows, and revert to tcp_prune_ofo_queue() which
will be less expensive.

In the future, we might add the possibility of terminating flows
that are proven to be malicious.

Change-Id: I5f857fe551726fcc5144cf0e217362ba0b8d85ae
Signed-off-by: Eric Dumazet <edumazet@google.com>
Acked-by: Soheil Hassas Yeganeh <soheil@google.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@google.com>