pomfi/balena-allwinner
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions
balena-allwinner/layers/meta-balena-allwinner/recipes-kernel/linux/linux-mainline/0003-NFLX-2019-001-SACK-Panic-for-lteq-4.14.patch
Vicentiu Galanopulo 73f0a8828e linux-mainline_%.bbappend: Add NFLX-2019-001 patches 
Add remaining patches for multiple TCP-based remote denial
of service vulnerabilities identified by Netflix.
Patch source:
https://github.com/Netflix/security-bulletins/blob/master/advisories/third-party/2019-001.md

Change-type: patch
Changelog-entry: Add remaining Netflix patches
Signed-off-by: Vicentiu Galanopulo <vicentiu@balena.io>
2020-01-08 11:19:09 +01:00

65 lines
2.4 KiB
Diff
Raw Blame History

From 53494ae1afc7c9c4b527c158c7d836a5673fc5cf Mon Sep 17 00:00:00 2001
From: Vicentiu Galanopulo <vicentiu@balena.io>
Date: Tue, 7 Jan 2020 15:46:31 +0100
Subject: [PATCH] From cd4ffa93f16efea290bb70537f98f518e1927e63 Mon Sep 17
00:00:00 2001 From: Joao Martins <joao.m.martins@oracle.com> Date: Mon, 10
Jun 2019 23:12:39 +0100 Subject: [PATCH 5/5] tcp: fix fack_count accounting
on tcp_shift_skb_data()
v4.15 or since commit 737ff314563 ("tcp: use sequence distance to
detect reordering") had switched from the packet-based FACK tracking
to sequence-based.
v4.14 and older still have the old logic and hence on
tcp_skb_shift_data() needs to retain its original logic and have
@fack_count in sync. In other words, we keep the increment of pcount with
tcp_skb_pcount(skb) to later used that to update fack_count. To make it
more explicit we track the new skb that gets incremented to pcount in
@next_pcount, and we get to avoid the constant invocation of
tcp_skb_pcount(skb) all together.
Fixes: a5f1faa40101 ("tcp: limit payload size of sacked skbs")
Reported-by: Alexey Kodanev <alexey.kodanev@oracle.com>
Reviewed-by: Jack Vogel <jack.vogel@oracle.com>
Reviewed-by: John Haxby <john.haxby@oracle.com>
Reviewed-by: Rao Shoaib rao.shoaib@oracle.com>
Signed-off-by: Joao Martins <joao.m.martins@oracle.com>
Signed-off-by: Konrad Rzeszutek Wilk <konrad.wilk@oracle.com>
Upstream-Status: Inappropriate [not author]
Signed-off-by: Vicentiu Galanopulo <vicentiu@balena.io>
---
net/ipv4/tcp_input.c | 9 ++++++---
1 file changed, 6 insertions(+), 3 deletions(-)
diff --git a/net/ipv4/tcp_input.c b/net/ipv4/tcp_input.c
index 14a6a48..bac45dc 100644
--- a/net/ipv4/tcp_input.c
+++ b/net/ipv4/tcp_input.c
@@ -1407,6 +1407,7 @@ static struct sk_buff *tcp_shift_skb_data(struct sock *sk, struct sk_buff *skb,
struct tcp_sock *tp = tcp_sk(sk);
struct sk_buff *prev;
int mss;
+ int next_pcount;
int pcount = 0;
int len;
int in_sack;
@@ -1519,10 +1520,12 @@ static struct sk_buff *tcp_shift_skb_data(struct sock *sk, struct sk_buff *skb,
goto out;
len = skb->len;
- pcount = tcp_skb_pcount(skb);
- if (tcp_skb_shift(prev, skb, pcount, len))
- tcp_shifted_skb(sk, prev, skb, state, pcount,
+ next_pcount = tcp_skb_pcount(skb);
+ if (tcp_skb_shift(prev, skb, next_pcount, len)) {
+ pcount += next_pcount;
+ tcp_shifted_skb(sk, prev, skb, state, next_pcount,
len, mss, 0);
+ }
out:
return prev;
--
2.7.4
Reference in a new issue View git blame Copy permalink