From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-3.6 required=3.0 tests=DKIM_SIGNED,DKIM_VALID, DKIM_VALID_AU,FREEMAIL_FORGED_FROMDOMAIN,FREEMAIL_FROM, HEADER_FROM_DIFFERENT_DOMAINS,MAILING_LIST_MULTI,SIGNED_OFF_BY,SPF_HELO_NONE, SPF_PASS,URIBL_BLOCKED autolearn=ham autolearn_force=no version=3.4.0 Received: from mail.kernel.org (mail.kernel.org [198.145.29.99]) by smtp.lore.kernel.org (Postfix) with ESMTP id A50F0C31E5B for ; Mon, 17 Jun 2019 17:15:06 +0000 (UTC) Received: from vger.kernel.org (vger.kernel.org [209.132.180.67]) by mail.kernel.org (Postfix) with ESMTP id 76F402084D for ; Mon, 17 Jun 2019 17:15:06 +0000 (UTC) Authentication-Results: mail.kernel.org; dkim=pass (2048-bit key) header.d=gmail.com header.i=@gmail.com header.b="ponQyp9Z" Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1726631AbfFQRPF (ORCPT ); Mon, 17 Jun 2019 13:15:05 -0400 Received: from mail-pg1-f194.google.com ([209.85.215.194]:42216 "EHLO mail-pg1-f194.google.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1726005AbfFQRPF (ORCPT ); Mon, 17 Jun 2019 13:15:05 -0400 Received: by mail-pg1-f194.google.com with SMTP id l19so6158175pgh.9 for ; Mon, 17 Jun 2019 10:15:05 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=from:to:cc:subject:date:message-id:in-reply-to:references :mime-version; bh=u3DYi4uMVuOh5kCk1w5xLbtHzFmVEUXY2eL3dhMZabE=; b=ponQyp9Zcpbgy5Yc0Y0QMdiH5bC4U/Dmp6aY1jM9kWqyRYa5ukPyHLFh0WIKu4Ihmn 5/HxxeMi37zUYGLbMlZFMsCg3gdljYXe7g7z8g4X5Ho3NDIeLdz7GaK9B+yDhOB2IzWH 7GKwmbDKuwDAmT9nI/j6nWSw3HGMXgdFUOqtqxR8DoO25N+AFuUvMolI4wMgHWUqZfBf iMx4rvCm2X6D4Z9+y2QLxMOfvLP+CViJvMZn5Ql3canSJzzRkpRshuoen0mLyorn3VpS YtwQgbJKL3kz4M96mbcPBX3mhGqcTI1jL4LFdjVXVO1ghG2AkypotYuVyuG4181+sOHd gD/A== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:from:to:cc:subject:date:message-id:in-reply-to :references:mime-version; bh=u3DYi4uMVuOh5kCk1w5xLbtHzFmVEUXY2eL3dhMZabE=; b=aUcYCLrwqEtu9y9j2tehws/UkSOSIbyPzBSzctAuBzAHMFmXELe5e/UNXYKeU+q8Tz muOn28Ts8cVE3lDVzs+A6X6cGJ038sYZsDabdZXgo5t644sxqDDfVlSA/LIJ64LtDcEt 2jSniTAnBbBEFMxc/2A02+8VXF9L3UE7+iby8y2gpaU6vXIryQP1qnuNAmBwdVzZVMYU HG+raKeGRenXd+0Qikcokmspz9eox5kuH5KN6ZEYSaM85pbB30MG4CHLGogGG7qyy0HK 3l8TqtdyjPPWJOJPT9x1qyMk3TQJkM+6SJKLYTUroERQMbUWh/T6dlZb6Mcwmy7GFaB3 rZvA== X-Gm-Message-State: APjAAAWg/uVLo3SN50tZJ1QnGyT1q6CTaEpphOrPkCm0HhJlukVgwCol ZhQWu2FEbj2/kDLzkGKIwc0= X-Google-Smtp-Source: APXvYqxkbZmlVTgqCwr2OygWSXSXmiJEnD5s51tfA3xSL/5WZfwXu8tekx/3lG5+zE32Qh0vBmNzfQ== X-Received: by 2002:aa7:9190:: with SMTP id x16mr101823698pfa.86.1560791696732; Mon, 17 Jun 2019 10:14:56 -0700 (PDT) Received: from [172.26.125.68] ([2620:10d:c090:180::1:e1dd]) by smtp.gmail.com with ESMTPSA id 132sm12523758pfw.124.2019.06.17.10.14.55 (version=TLS1_2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128); Mon, 17 Jun 2019 10:14:56 -0700 (PDT) From: "Jonathan Lemon" To: "Eric Dumazet" Cc: "David S . Miller" , netdev , "Eric Dumazet" , "Greg Kroah-Hartman" , "Jonathan Looney" , "Neal Cardwell" , "Tyler Hicks" , "Yuchung Cheng" , "Bruce Curtis" Subject: Re: [PATCH net 2/4] tcp: tcp_fragment() should apply sane memory limits Date: Mon, 17 Jun 2019 10:14:55 -0700 X-Mailer: MailMate (1.12.5r5635) Message-ID: <22211F2C-7381-4548-A3C6-E3AA097C9011@gmail.com> In-Reply-To: <20190617170354.37770-3-edumazet@google.com> References: <20190617170354.37770-1-edumazet@google.com> <20190617170354.37770-3-edumazet@google.com> MIME-Version: 1.0 Content-Type: text/plain Sender: netdev-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: netdev@vger.kernel.org On 17 Jun 2019, at 10:03, Eric Dumazet wrote: > Jonathan Looney reported that a malicious peer can force a sender > to fragment its retransmit queue into tiny skbs, inflating memory > usage and/or overflow 32bit counters. > > TCP allows an application to queue up to sk_sndbuf bytes, > so we need to give some allowance for non malicious splitting > of retransmit queue. > > A new SNMP counter is added to monitor how many times TCP > did not allow to split an skb if the allowance was exceeded. > > Note that this counter might increase in the case applications > use SO_SNDBUF socket option to lower sk_sndbuf. > > CVE-2019-11478 : tcp_fragment, prevent fragmenting a packet when the > socket is already using more than half the allowed space > > Signed-off-by: Eric Dumazet > Reported-by: Jonathan Looney > Acked-by: Neal Cardwell > Acked-by: Yuchung Cheng > Reviewed-by: Tyler Hicks > Cc: Bruce Curtis > Cc: Jonathan Lemon Acked-by: Jonathan Lemon