On 27.02.2017 16:55, Konstantin Khorenko wrote:
Please consider this to ReadyKernel.
Queued, thanks.
https://readykernel.com/
--
Best regards,
Konstantin Khorenko,
Virtuozzo Linux Kernel Team
On 02/27/2017 04:53 PM, Konstantin Khorenko wrote:
The commit is pushed to "branch-rh7-3.10.0-514.6.1.vz7.28.x-ovz" and
will appear at https://src.openvz.org/scm/ovz/vzkernel.git
after rh7-3.10.0-514.6.1.vz7.28.7
------>
commit b207397b05680d0d47b484ff3090194eb10f5cc8
Author: Eric Dumazet <eduma...@google.com>
Date: Fri Feb 3 14:59:38 2017 -0800
ms/tcp: avoid infinite loop in tcp_splice_read()
Splicing from TCP socket is vulnerable when a packet with URG flag is
received and stored into receive queue.
__tcp_splice_read() returns 0, and sk_wait_data() immediately
returns since there is the problematic skb in queue.
This is a nice way to burn cpu (aka infinite loop) and trigger
soft lockups.
Again, this gem was found by syzkaller tool.
Fixes: 9c55e01c0cc8 ("[TCP]: Splice receive support.")
Signed-off-by: Eric Dumazet <eduma...@google.com>
Reported-by: Dmitry Vyukov <dvyu...@google.com>
Cc: Willy Tarreau <w...@1wt.eu>
Signed-off-by: David S. Miller <da...@davemloft.net>
https://jira.sw.ru/browse/PSBM-61135
https://bugzilla.redhat.com/show_bug.cgi?id=1426542
CVE-2017-6214 kernel: ipv4/tcp: Infinite loop in tcp_splice_read()
(cherry picked from commit ccf7abb93af09ad0868ae9033d1ca8108bdaec82)
Signed-off-by: Konstantin Khorenko <khore...@virtuozzo.com>
.
_______________________________________________
Devel mailing list
Devel@openvz.org
https://lists.openvz.org/mailman/listinfo/devel
