github-mirror/linux
1
0
Fork 0
mirror of https://github.com/torvalds/linux.git synced 2026-06-15 02:21:59 +02:00
Code Issues Actions Packages Projects Releases Wiki Activity Graph
2b7cda9c35
linux/include
History
Eric Dumazet 2b7cda9c35 tcp: fix tcp_mtu_probe() vs highest_sack 
Based on SNMP values provided by Roman, Yuchung made the observation
that some crashes in tcp_sacktag_walk() might be caused by MTU probing.

Looking at tcp_mtu_probe(), I found that when a new skb was placed
in front of the write queue, we were not updating tcp highest sack.

If one skb is freed because all its content was copied to the new skb
(for MTU probing), then tp->highest_sack could point to a now freed skb.

Bad things would then happen, including infinite loops.

This patch renames tcp_highest_sack_combine() and uses it
from tcp_mtu_probe() to fix the bug.

Note that I also removed one test against tp->sacked_out,
since we want to replace tp->highest_sack regardless of whatever
condition, since keeping a stale pointer to freed skb is a recipe
for disaster.

Fixes: a47e5a988a ("[TCP]: Convert highest_sack to sk_buff to allow direct access")
Signed-off-by: Eric Dumazet <edumazet@google.com>
Reported-by: Alexei Starovoitov <alexei.starovoitov@gmail.com>
Reported-by: Roman Gushchin <guro@fb.com>
Reported-by: Oleksandr Natalenko <oleksandr@natalenko.name>
Acked-by: Alexei Starovoitov <ast@kernel.org>
Acked-by: Neal Cardwell <ncardwell@google.com>
Acked-by: Yuchung Cheng <ycheng@google.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
2017-11-01 21:18:34 +09:00
..
acpi ACPI / bus: Make ACPI_HANDLE() work for non-GPL code again 2017-09-19 22:42:31 +02:00
asm-generic percpu: make this_cpu_generic_read() atomic w.r.t. interrupts 2017-09-26 07:37:33 -07:00
clocksource
crypto
drm lib/interval_tree: fast overlap detection 2017-09-08 18:26:49 -07:00
dt-bindings ARC: reset: remove the misleading v1 suffix all over 2017-09-18 13:02:03 +02:00
keys
kvm
linux Merge git://git.kernel.org/pub/scm/linux/kernel/git/davem/net 2017-10-29 08:11:49 -07:00
math-emu
media media updates for v4.14-rc1 2017-09-07 12:53:14 -07:00
memory
misc
net tcp: fix tcp_mtu_probe() vs highest_sack 2017-11-01 21:18:34 +09:00
pcmcia
ras
rdma IB: Correct MR length field to be 64-bit 2017-09-25 11:47:23 -04:00
scsi scsi: libiscsi: Remove iscsi_destroy_session 2017-10-02 22:23:21 -04:00
soc ARM: SoC driver updates for v4.14 2017-09-10 20:40:00 -07:00
sound ALSA: hda - Fix incorrect TLV callback check introduced during set_fs() removal 2017-10-18 12:27:00 +02:00
target
trace sched/debug: Add explicit TASK_PARKED printing 2017-09-29 11:02:57 +02:00
uapi bpf: remove SK_REDIRECT from UAPI 2017-11-01 11:43:50 +09:00
video
xen xen, arm64: drop dummy lookup_address() 2017-09-19 09:25:05 -04:00