• Eric Dumazet's avatar
    net: avoid sk_forward_alloc overflows · 20c64d5c
    Eric Dumazet authored
    A malicious TCP receiver, sending SACK, can force the sender to split
    skbs in write queue and increase its memory usage.
    
    Then, when socket is closed and its write queue purged, we might
    overflow sk_forward_alloc (It becomes negative)
    
    sk_mem_reclaim() does nothing in this case, and more than 2GB
    are leaked from TCP perspective (tcp_memory_allocated is not changed)
    
    Then warnings trigger from inet_sock_destruct() and
    sk_stream_kill_queues() seeing a not zero sk_forward_alloc
    
    All TCP stack can be stuck because TCP is under memory pressure.
    
    A simple fix is to preemptively reclaim from sk_mem_uncharge().
    
    This makes sure a socket wont have more than 2 MB forward allocated,
    after burst and idle period.
    Signed-off-by: default avatarEric Dumazet <edumazet@google.com>
    Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
    20c64d5c
Name
Last commit
Last update
Documentation Loading commit data...
arch Loading commit data...
block Loading commit data...
certs Loading commit data...
crypto Loading commit data...
drivers Loading commit data...
firmware Loading commit data...
fs Loading commit data...
include Loading commit data...
init Loading commit data...
ipc Loading commit data...
kernel Loading commit data...
lib Loading commit data...
mm Loading commit data...
net Loading commit data...
samples Loading commit data...
scripts Loading commit data...
security Loading commit data...
sound Loading commit data...
tools Loading commit data...
usr Loading commit data...
virt Loading commit data...
.cocciconfig Loading commit data...
.get_maintainer.ignore Loading commit data...
.gitignore Loading commit data...
.mailmap Loading commit data...
COPYING Loading commit data...
CREDITS Loading commit data...
Kbuild Loading commit data...
Kconfig Loading commit data...
MAINTAINERS Loading commit data...
Makefile Loading commit data...
README Loading commit data...
REPORTING-BUGS Loading commit data...