On Thu, 2015-11-19 at 13:51 +0300, Pavel Emelyanov wrote: > On 11/19/2015 08:03 AM, Eric Dumazet wrote: > > From: Eric Dumazet <eduma...@google.com> > > > > tcp_send_rcvq() is used for re-injecting data into tcp receive queue. > > > > Problems : > > > > - No check against size is performed, allowed user to fool kernel in > > attempting very large memory allocations, eventually triggering > > OOM when memory is fragmented. > > Doesn't the tcp_try_rmem_schedule() protect us from doing this "eventually"? > I mean first we would be allowed to do it, but then the sock will be charged > with the previous allocations and will not add more memory to socket.
But this tcp_try_rmem_schedule() is done _after_ allocation was attempted. This is too late :( -- To unsubscribe from this list: send the line "unsubscribe netdev" in the body of a message to majord...@vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html
