* [PATCH v2 0/1] virtio-vsock: Fix unbound rx buffer
@ 2016-08-04 14:09 ggarcia
2016-08-04 14:09 ` [PATCH v2 1/1] " ggarcia
0 siblings, 1 reply; 4+ messages in thread
From: ggarcia @ 2016-08-04 14:09 UTC (permalink / raw)
To: netdev; +Cc: stefanha, Gerard Garcia
From: Gerard Garcia <ggarcia@deic.uab.cat>
This patch applies over VSOCK RFC v6.
Reset connection and close rx socket when the sender is ignoring our
announced available buffer. This avoids a DoS.
v2:
* Get vvs->rx_lock lock before checking if next packet is going to
overflow the rx buffer.
Gerard Garcia (1):
Fix unbound rx buffer
net/vmw_vsock/virtio_transport_common.c | 20 +++++++++++++++-----
1 file changed, 15 insertions(+), 5 deletions(-)
--
2.9.1
^ permalink raw reply [flat|nested] 4+ messages in thread* [PATCH v2 1/1] Fix unbound rx buffer
2016-08-04 14:09 [PATCH v2 0/1] virtio-vsock: Fix unbound rx buffer ggarcia
@ 2016-08-04 14:09 ` ggarcia
2016-08-10 12:25 ` Stefan Hajnoczi
0 siblings, 1 reply; 4+ messages in thread
From: ggarcia @ 2016-08-04 14:09 UTC (permalink / raw)
To: netdev; +Cc: stefanha, Gerard Garcia
From: Gerard Garcia <ggarcia@deic.uab.cat>
Reset connection and close rx socket when the sender is ignoring our announced available buffer.
Signed-off-by: Gerard Garcia <ggarcia@deic.uab.cat>
---
v2:
* Get vvs->rx_lock lock before checking if next packet is going to
overflow the rx buffer.
net/vmw_vsock/virtio_transport_common.c | 20 +++++++++++++++-----
1 file changed, 15 insertions(+), 5 deletions(-)
diff --git a/net/vmw_vsock/virtio_transport_common.c b/net/vmw_vsock/virtio_transport_common.c
index a53b3a1..8d4abb6 100644
--- a/net/vmw_vsock/virtio_transport_common.c
+++ b/net/vmw_vsock/virtio_transport_common.c
@@ -774,12 +774,22 @@ virtio_transport_recv_connected(struct sock *sk,
pkt->off = 0;
spin_lock_bh(&vvs->rx_lock);
- virtio_transport_inc_rx_pkt(vvs, pkt);
- list_add_tail(&pkt->list, &vvs->rx_queue);
- spin_unlock_bh(&vvs->rx_lock);
+ if (vvs->rx_bytes + pkt->len <= vvs->buf_size) {
+ virtio_transport_inc_rx_pkt(vvs, pkt);
+ list_add_tail(&pkt->list, &vvs->rx_queue);
+ spin_unlock_bh(&vvs->rx_lock);
+
+ sk->sk_data_ready(sk);
+ return err;
+ } else {
+ /* Sender is ignoring our buf_alloc */
+ spin_unlock_bh(&vvs->rx_lock);
+
+ virtio_transport_reset(vsk, pkt);
+ virtio_transport_do_close(vsk, true);
+ break;
+ }
- sk->sk_data_ready(sk);
- return err;
case VIRTIO_VSOCK_OP_CREDIT_UPDATE:
sk->sk_write_space(sk);
break;
--
2.9.1
^ permalink raw reply related [flat|nested] 4+ messages in thread
end of thread, other threads:[~2016-08-10 22:12 UTC | newest]
Thread overview: 4+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2016-08-04 14:09 [PATCH v2 0/1] virtio-vsock: Fix unbound rx buffer ggarcia
2016-08-04 14:09 ` [PATCH v2 1/1] " ggarcia
2016-08-10 12:25 ` Stefan Hajnoczi
2016-08-10 22:12 ` David Miller
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).