Hi Ben, On 6/18/2019 7:28 AM, Ben Hutchings wrote: > 3.16.69-rc1 review patch. If anyone has any objections, please let me know. > > ------------------ > > From: Eric Dumazet <edumazet@xxxxxxxxxx> > > commit f070ef2ac66716357066b683fb0baf55f8191a2e upstream. > > Jonathan Looney reported that a malicious peer can force a sender > to fragment its retransmit queue into tiny skbs, inflating memory > usage and/or overflow 32bit counters. > > TCP allows an application to queue up to sk_sndbuf bytes, > so we need to give some allowance for non malicious splitting > of retransmit queue. > > A new SNMP counter is added to monitor how many times TCP > did not allow to split an skb if the allowance was exceeded. > > Note that this counter might increase in the case applications > use SO_SNDBUF socket option to lower sk_sndbuf. > > CVE-2019-11478 : tcp_fragment, prevent fragmenting a packet when the > socket is already using more than half the allowed space > > Signed-off-by: Eric Dumazet <edumazet@xxxxxxxxxx> > Reported-by: Jonathan Looney <jtl@xxxxxxxxxxx> > Acked-by: Neal Cardwell <ncardwell@xxxxxxxxxx> > Acked-by: Yuchung Cheng <ycheng@xxxxxxxxxx> > Reviewed-by: Tyler Hicks <tyhicks@xxxxxxxxxxxxx> > Cc: Bruce Curtis <brucec@xxxxxxxxxxx> > Cc: Jonathan Lemon <jonathan.lemon@xxxxxxxxx> > Signed-off-by: David S. Miller <davem@xxxxxxxxxxxxx> > [Salvatore Bonaccorso: Adjust context for backport to 4.9.168] > [bwh: Backported to 3.16: adjust context] > Signed-off-by: Ben Hutchings <ben@xxxxxxxxxxxxxxx> Don't we also need this patch to be backported: https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/commit/?id=b6653b3629e5b88202be3c9abc44713973f5c4b4 Thanks! -- Florian
