From: Eric Dumazet <eric.duma...@gmail.com>
Date: Wed, 18 Nov 2015 21:03:33 -0800
> From: Eric Dumazet <eduma...@google.com>
>
> tcp_send_rcvq() is used for re-injecting data into tcp receive queue.
>
> Problems :
>
> - No check against size is performed, allowed user to fool kernel in
> attempting very large memory allocations, eventually triggering
> OOM when memory is fragmented.
>
> - In case of fault during the copy we do not return correct errno.
>
> Lets use alloc_skb_with_frags() to cook optimal skbs.
>
> Fixes: 292e8d8c8538 ("tcp: Move rcvq sending to tcp_input.c")
> Fixes: c0e88ff0f256 ("tcp: Repair socket queues")
> Signed-off-by: Eric Dumazet <eduma...@google.com>
Good catch, applied and queued up for -stable.
Thanks!
--
To unsubscribe from this list: send the line "unsubscribe netdev" in
the body of a message to majord...@vger.kernel.org
More majordomo info at http://vger.kernel.org/majordomo-info.html
