On Sun, 2015-09-13 at 00:56 +0200, Willy Tarreau wrote: > 2.6.32-longterm review patch. If anyone has any objections, please let me know. > > ------------------ > > From: Eric Dumazet <edumazet@xxxxxxxxxx> > > commit beb39db59d14990e401e235faf66a6b9b31240b0 upstream. > > We have two problems in UDP stack related to bogus checksums : > > 1) We return -EAGAIN to application even if receive queue is not empty. > This breaks applications using edge trigger epoll() > > 2) Under UDP flood, we can loop forever without yielding to other > processes, potentially hanging the host, especially on non SMP. > > This patch is an attempt to make things better. > > We might in the future add extra support for rt applications > wanting to better control time spent doing a recv() in a hostile > environment. For example we could validate checksums before queuing > packets in socket receive queue. > > Signed-off-by: Eric Dumazet <edumazet@xxxxxxxxxx> > Cc: Willem de Bruijn <willemb@xxxxxxxxxx> > Signed-off-by: David S. Miller <davem@xxxxxxxxxxxxx> > Signed-off-by: Ben Hutchings <ben@xxxxxxxxxxxxxxx> > > CVE-2015-5364 [...] As there were two different problems, each deserving its own CVE ID, this also fixes CVE-2015-5366. Ben. -- To unsubscribe from this list: send the line "unsubscribe stable" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html