On 17 Jun 2019, at 10:03, Eric Dumazet wrote:
> Jonathan Looney reported that a malicious peer can force a sender
> to fragment its retransmit queue into tiny skbs, inflating memory
> usage and/or overflow 32bit counters.
>
> TCP allows an application to queue up to sk_sndbuf bytes,
> so we need to give some allowance for non malicious splitting
> of retransmit queue.
>
> A new SNMP counter is added to monitor how many times TCP
> did not allow to split an skb if the allowance was exceeded.
>
> Note that this counter might increase in the case applications
> use SO_SNDBUF socket option to lower sk_sndbuf.
>
> CVE-2019-11478 : tcp_fragment, prevent fragmenting a packet when the
> socket is already using more than half the allowed space
>
> Signed-off-by: Eric Dumazet <eduma...@google.com>
> Reported-by: Jonathan Looney <j...@netflix.com>
> Acked-by: Neal Cardwell <ncardw...@google.com>
> Acked-by: Yuchung Cheng <ych...@google.com>
> Reviewed-by: Tyler Hicks <tyhi...@canonical.com>
> Cc: Bruce Curtis <bru...@netflix.com>
> Cc: Jonathan Lemon <jonathan.le...@gmail.com>
Acked-by: Jonathan Lemon <jonathan.le...@gmail.com>
