Piteball/android_kernel_google_msm
1
0
Fork 0
mirror of https://github.com/followmsi/android_kernel_google_msm.git synced 2024-11-06 23:17:41 +00:00
Code Issues Projects Releases Wiki Activity
android_kernel_google_msm/net
History
Eric Dumazet 385557a239 tcp: avoid infinite loop in tcp_splice_read() 
Splicing from TCP socket is vulnerable when a packet with URG flag is
received and stored into receive queue.

__tcp_splice_read() returns 0, and sk_wait_data() immediately
returns since there is the problematic skb in queue.

This is a nice way to burn cpu (aka infinite loop) and trigger
soft lockups.

Again, this gem was found by syzkaller tool.

Fixes: 9c55e01c0c ("[TCP]: Splice receive support.")
Signed-off-by: Eric Dumazet <edumazet@google.com>
Reported-by: Dmitry Vyukov  <dvyukov@google.com>
Cc: Willy Tarreau <w@1wt.eu>
Signed-off-by: David S. Miller <davem@davemloft.net>
(cherry picked from commit ccf7abb93af09ad0868ae9033d1ca8108bdaec82)

Change-Id: I9317f3351ee57c4a2c88e524d6c7b7f25b84cafa
2017-03-07 11:41:56 -07:00
..
9p
802 Merge git://git.kernel.org/pub/scm/linux/kernel/git/davem/net 2012-04-02 17:53:39 -07:00
8021q Revert "net: maintain namespace isolation between vlan and real device" 2012-05-10 23:03:34 -04:00
appletalk
atm Remove all #inclusions of asm/system.h 2012-03-28 18:30:03 +01:00
ax25 net: add validation for the socket syscall protocol argument 2016-10-29 23:12:11 +08:00
batman-adv Merge tag 'batman-adv-for-davem' of git://git.open-mesh.org/linux-merge 2012-03-11 15:36:34 -07:00
bluetooth bluetooth: Validate socket address length in sco_sock_bind(). 2016-10-29 23:12:11 +08:00
bridge Merge commit 'v3.4-rc6' into android-3.4 2012-05-07 18:20:34 -07:00
caif caif: Fix memory leakage in the chnl_net.c. 2012-04-13 11:01:44 -04:00
can
ceph libceph: isolate kmap() call in write_partial_msg_pages() 2012-03-22 10:47:52 -05:00
core net: avoid signed overflows for SO_{SND|RCV}BUFFORCE 2017-03-01 19:48:48 -07:00
dcb
dccp ipv6: add complete rcu protection around np->opt 2016-06-17 02:54:32 +00:00
decnet net: add validation for the socket syscall protocol argument 2016-10-29 23:12:11 +08:00
dns_resolver
dsa
econet Remove all #inclusions of asm/system.h 2012-03-28 18:30:03 +01:00
ethernet Remove all #inclusions of asm/system.h 2012-03-28 18:30:03 +01:00
ieee802154 6lowpan: add missing spin_lock_init() 2012-04-26 05:32:55 -04:00
ipv4 tcp: avoid infinite loop in tcp_splice_read() 2017-03-07 11:41:56 -07:00
ipv6 UPSTREAM: netfilter: x_tables: validate e->target_offset early 2016-10-31 23:01:48 +11:00
ipx
irda net: add validation for the socket syscall protocol argument 2016-10-29 23:12:11 +08:00
iucv Merge branch 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/s390/linux 2012-03-22 18:15:32 -07:00
key net/key/af_key.c: add missing kfree_skb 2012-04-13 11:01:44 -04:00
l2tp l2tp: fix racy SOCK_ZAPPED flag check in l2tp_ip{,6}_bind() 2017-03-07 05:41:51 +00:00
lapb Remove all #inclusions of asm/system.h 2012-03-28 18:30:03 +01:00
llc net/llc: avoid BUG_ON() in skb_orphan() 2017-03-07 05:47:26 +00:00
mac80211 mac80211: fix fragmentation code, particularly for encryption 2017-03-07 05:42:27 +00:00
netfilter netfilter: Change %p to %pK in debug messages 2016-12-22 22:05:10 +11:00
netlabel netlabel: use GFP flags from caller instead of GFP_ATOMIC 2012-03-22 19:29:57 -04:00
netlink netlink: validate addr_len on bind 2013-07-03 10:34:22 -07:00
netrom Remove all #inclusions of asm/system.h 2012-03-28 18:30:03 +01:00
nfc NFC: Fix the LLCP Tx fragmentation loop 2012-04-11 15:09:33 -04:00
openvswitch openvswitch: checking wrong variable in queue_userspace_packet() 2012-05-13 15:47:34 -04:00
packet packet: fix race condition in packet_set_ring 2016-12-12 15:29:13 +11:00
phonet phonet: Sort out initiailziation and cleanup code. 2012-04-13 11:01:43 -04:00
rds RDS: use gfp flags from caller in conn_alloc() 2012-03-22 19:29:58 -04:00
rfkill rfkill: Introduce CONFIG_RFKILL_PM and use instead of CONFIG_PM to power down 2012-04-09 13:57:48 -07:00
rose Merge git://git.kernel.org/pub/scm/linux/kernel/git/davem/net 2012-04-02 17:53:39 -07:00
rxrpc net: add length argument to skb_copy_and_csum_datagram_iovec 2016-10-31 22:26:43 +11:00
sched net: sched: export an api to enable/disable flow on sch 2013-03-07 15:20:04 -08:00
sctp sctp: deny peeloff operation on asocs with threads sleeping on it 2017-03-07 05:46:39 +00:00
sunrpc sunrpc: Fix possibly uninitialized variable warnings 2016-10-29 23:12:09 +08:00
tipc
unix af_unix: use freezable blocking calls in read 2013-07-12 14:22:59 -07:00
wanrouter
wimax
wireless cfg80211: fix possible circular lock on reg_regdb_search() 2016-10-29 23:12:27 +08:00
x25
xfrm xfrm: Access the replay notify functions via the registered callbacks 2012-03-22 19:29:58 -04:00
activity_stats.c net: activity_stats: Add statistics for network transmission activity 2012-04-09 13:57:50 -07:00
compat.c net/compat.c,linux/filter.h: share compat_sock_fprog 2014-10-31 19:46:10 -07:00
Kconfig net: Fix CONFIG_RPS option to be turned off 2012-04-09 13:57:51 -07:00
Makefile net: activity_stats: Add statistics for network transmission activity 2012-04-09 13:57:50 -07:00
nonet.c
socket.c net: Fix use after free in the recvmmsg exit path 2016-10-31 23:25:23 +11:00
sysctl_net.c