* [PATCH v2 0/1] virtio-vsock: Fix unbound rx buffer
@ 2016-08-04 14:09 ggarcia
2016-08-04 14:09 ` [PATCH v2 1/1] " ggarcia
0 siblings, 1 reply; 4+ messages in thread
From: ggarcia @ 2016-08-04 14:09 UTC (permalink / raw)
To: netdev; +Cc: stefanha, Gerard Garcia
From: Gerard Garcia <ggarcia@deic.uab.cat>
This patch applies over VSOCK RFC v6.
Reset connection and close rx socket when the sender is ignoring our
announced available buffer. This avoids a DoS.
v2:
* Get vvs->rx_lock lock before checking if next packet is going to
overflow the rx buffer.
Gerard Garcia (1):
Fix unbound rx buffer
net/vmw_vsock/virtio_transport_common.c | 20 +++++++++++++++-----
1 file changed, 15 insertions(+), 5 deletions(-)
--
2.9.1
^ permalink raw reply [flat|nested] 4+ messages in thread
* [PATCH v2 1/1] Fix unbound rx buffer
2016-08-04 14:09 [PATCH v2 0/1] virtio-vsock: Fix unbound rx buffer ggarcia
@ 2016-08-04 14:09 ` ggarcia
2016-08-10 12:25 ` Stefan Hajnoczi
0 siblings, 1 reply; 4+ messages in thread
From: ggarcia @ 2016-08-04 14:09 UTC (permalink / raw)
To: netdev; +Cc: stefanha, Gerard Garcia
From: Gerard Garcia <ggarcia@deic.uab.cat>
Reset connection and close rx socket when the sender is ignoring our announced available buffer.
Signed-off-by: Gerard Garcia <ggarcia@deic.uab.cat>
---
v2:
* Get vvs->rx_lock lock before checking if next packet is going to
overflow the rx buffer.
net/vmw_vsock/virtio_transport_common.c | 20 +++++++++++++++-----
1 file changed, 15 insertions(+), 5 deletions(-)
diff --git a/net/vmw_vsock/virtio_transport_common.c b/net/vmw_vsock/virtio_transport_common.c
index a53b3a1..8d4abb6 100644
--- a/net/vmw_vsock/virtio_transport_common.c
+++ b/net/vmw_vsock/virtio_transport_common.c
@@ -774,12 +774,22 @@ virtio_transport_recv_connected(struct sock *sk,
pkt->off = 0;
spin_lock_bh(&vvs->rx_lock);
- virtio_transport_inc_rx_pkt(vvs, pkt);
- list_add_tail(&pkt->list, &vvs->rx_queue);
- spin_unlock_bh(&vvs->rx_lock);
+ if (vvs->rx_bytes + pkt->len <= vvs->buf_size) {
+ virtio_transport_inc_rx_pkt(vvs, pkt);
+ list_add_tail(&pkt->list, &vvs->rx_queue);
+ spin_unlock_bh(&vvs->rx_lock);
+
+ sk->sk_data_ready(sk);
+ return err;
+ } else {
+ /* Sender is ignoring our buf_alloc */
+ spin_unlock_bh(&vvs->rx_lock);
+
+ virtio_transport_reset(vsk, pkt);
+ virtio_transport_do_close(vsk, true);
+ break;
+ }
- sk->sk_data_ready(sk);
- return err;
case VIRTIO_VSOCK_OP_CREDIT_UPDATE:
sk->sk_write_space(sk);
break;
--
2.9.1
^ permalink raw reply related [flat|nested] 4+ messages in thread
* Re: [PATCH v2 1/1] Fix unbound rx buffer
2016-08-04 14:09 ` [PATCH v2 1/1] " ggarcia
@ 2016-08-10 12:25 ` Stefan Hajnoczi
2016-08-10 22:12 ` David Miller
0 siblings, 1 reply; 4+ messages in thread
From: Stefan Hajnoczi @ 2016-08-10 12:25 UTC (permalink / raw)
To: ggarcia; +Cc: netdev, Michael S. Tsirkin
[-- Attachment #1: Type: text/plain, Size: 578 bytes --]
On Thu, Aug 04, 2016 at 04:09:57PM +0200, ggarcia@abra.uab.cat wrote:
> From: Gerard Garcia <ggarcia@deic.uab.cat>
>
> Reset connection and close rx socket when the sender is ignoring our announced available buffer.
>
> Signed-off-by: Gerard Garcia <ggarcia@deic.uab.cat>
>
> ---
> v2:
> * Get vvs->rx_lock lock before checking if next packet is going to
> overflow the rx buffer.
>
> net/vmw_vsock/virtio_transport_common.c | 20 +++++++++++++++-----
> 1 file changed, 15 insertions(+), 5 deletions(-)
Acked-by: Stefan Hajnoczi <stefanha@redhat.com>
[-- Attachment #2: signature.asc --]
[-- Type: application/pgp-signature, Size: 473 bytes --]
^ permalink raw reply [flat|nested] 4+ messages in thread
* Re: [PATCH v2 1/1] Fix unbound rx buffer
2016-08-10 12:25 ` Stefan Hajnoczi
@ 2016-08-10 22:12 ` David Miller
0 siblings, 0 replies; 4+ messages in thread
From: David Miller @ 2016-08-10 22:12 UTC (permalink / raw)
To: stefanha; +Cc: ggarcia, netdev, mst
All of these patches need to be resubmitted with a proper subsystem
prefix in the Subject line.
Thank you.
^ permalink raw reply [flat|nested] 4+ messages in thread
end of thread, other threads:[~2016-08-10 22:12 UTC | newest]
Thread overview: 4+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2016-08-04 14:09 [PATCH v2 0/1] virtio-vsock: Fix unbound rx buffer ggarcia
2016-08-04 14:09 ` [PATCH v2 1/1] " ggarcia
2016-08-10 12:25 ` Stefan Hajnoczi
2016-08-10 22:12 ` David Miller
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).