q3k/linux
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity
linux/net
History
Eric Dumazet 25888e3031 af_unix: limit recursion level 
Its easy to eat all kernel memory and trigger NMI watchdog, using an
exploit program that queues unix sockets on top of others.

lkml ref : http://lkml.org/lkml/2010/11/25/8

This mechanism is used in applications, one choice we have is to have a
recursion limit.

Other limits might be needed as well (if we queue other types of files),
since the passfd mechanism is currently limited by socket receive queue
sizes only.

Add a recursion_level to unix socket, allowing up to 4 levels.

Each time we send an unix socket through sendfd mechanism, we copy its
recursion level (plus one) to receiver. This recursion level is cleared
when socket receive queue is emptied.

Reported-by: Марк Коренберг <socketpair@gmail.com>
Signed-off-by: Eric Dumazet <eric.dumazet@gmail.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
2010-11-29 09:45:15 -08:00
..
9p net/9p: Return error on read with NULL buffer 2010-10-28 09:08:49 -05:00
802 net/802: add __rcu annotations 2010-10-25 13:09:44 -07:00
8021q vlan: rcu annotations 2010-10-25 13:09:43 -07:00
appletalk Merge branch 'master' of master.kernel.org:/pub/scm/linux/kernel/git/davem/net-2.6 2010-04-11 14:53:53 -07:00
atm Merge git://git.kernel.org/pub/scm/linux/kernel/git/davem/net-next-2.6 2010-10-23 11:47:02 -07:00
ax25 net: ax25: fix information leak to userland 2010-11-10 10:14:33 -08:00
bluetooth Bluetooth: fix not setting security level when creating a rfcomm session 2010-11-09 00:56:10 -02:00
bridge bridge: Forward reserved group addresses if !STP 2010-10-21 04:25:48 -07:00
caif caif: Remove noisy printout when disconnecting caif socket 2010-11-03 18:50:04 -07:00
can can-bcm: fix minor heap overflow 2010-11-12 14:07:14 -08:00
ceph Net: ceph: Makefile: Remove unnessary code 2010-11-27 17:39:29 -08:00
core net: allow GFP_HIGHMEM in __vmalloc() 2010-11-21 10:04:04 -08:00
dcb
dccp dccp: fix error in updating the GAR 2010-11-28 11:29:27 -08:00
decnet DECnet: don't leak uninitialized stack byte 2010-11-28 11:32:30 -08:00
dns_resolver DNS: If the DNS server returns an error, allow that to be cached [ver #2] 2010-08-11 17:11:28 +00:00
dsa phylib: available for any speed ethernet 2010-08-11 23:03:50 -07:00
econet econet: fix CVE-2010-3848 2010-11-24 11:51:47 -08:00
ethernet net: return operator cleanup 2010-09-23 14:33:39 -07:00
ieee802154 ieee802154: Fix possible NULL pointer dereference in wpan_phy_alloc 2010-05-23 23:11:07 -07:00
ipv4 inet: Fix __inet_inherit_port() to correctly increment bsockets and num_owners 2010-11-28 18:18:44 -08:00
ipv6 ipv6: fix missing in6_ifa_put in addrconf 2010-11-22 07:37:36 -08:00
ipx BKL: introduce CONFIG_BKL. 2010-10-21 15:44:13 +02:00
irda net: irda: irttp: sync error paths of data- and udata-requests 2010-11-18 12:24:25 -08:00
iucv [S390] cleanup lowcore access from external interrupts 2010-10-25 16:10:19 +02:00
key net: return operator cleanup 2010-09-23 14:33:39 -07:00
l2tp l2tp: kzalloc with swapped params in l2tp_dfs_seq_open 2010-11-01 06:56:02 -07:00
lapb
llc net/llc: storing negative error codes in unsigned short 2010-09-16 22:38:23 -07:00
mac80211 mac80211: unset SDATA_STATE_OFFCHANNEL when cancelling a scan 2010-11-08 16:53:47 -05:00
netfilter netfilter: fix IP_VS dependencies 2010-11-18 13:14:33 -08:00
netlabel net: Remove unnecessary returns from void function()s 2010-05-17 23:23:14 -07:00
netlink netlink: fix netlink_change_ngroups() 2010-10-24 16:25:39 -07:00
netrom net: sk_sleep() helper 2010-04-20 16:37:13 -07:00
packet net: Fix header size check for GSO case in recvmsg (af_packet) 2010-11-12 11:06:46 -08:00
phonet phonet: remove the unused variable pn 2010-10-20 01:55:54 -07:00
rds rds: Integer overflow in RDS cmsg handling 2010-11-17 12:20:52 -08:00
rfkill Merge git://git.kernel.org/pub/scm/linux/kernel/git/davem/net-next-2.6 2010-10-23 11:47:02 -07:00
rose Merge branch 'master' of master.kernel.org:/pub/scm/linux/kernel/git/davem/net-2.6 2010-09-27 01:03:03 -07:00
rxrpc Add a dummy printk function for the maintenance of unused printks 2010-08-12 09:51:35 -07:00
sched classifier: report statistics for basic classifier 2010-11-08 12:17:05 -08:00
sctp net: avoid limits overflow 2010-11-10 12:12:00 -08:00
sunrpc convert get_sb_single() users 2010-10-29 04:16:28 -04:00
tipc net: tipc: fix information leak to userland 2010-11-09 09:25:46 -08:00
unix af_unix: limit recursion level 2010-11-29 09:45:15 -08:00
wanrouter fix printk typo 'faild' 2010-08-09 11:25:17 +02:00
wimax Merge git://git.kernel.org/pub/scm/linux/kernel/git/davem/net-next-2.6 2010-05-20 21:04:44 -07:00
wireless cfg80211: fix can_beacon_sec_chan, reenable HT40 2010-11-18 11:35:05 -05:00
x25 x25: Prevent crashing when parsing bad X.25 facilities 2010-11-12 12:44:42 -08:00
xfrm net: allow GFP_HIGHMEM in __vmalloc() 2010-11-21 10:04:04 -08:00
compat.c net: Limit socket I/O iovec total length to INT_MAX. 2010-10-28 11:47:52 -07:00
Kconfig ceph: factor out libceph from Ceph file system 2010-10-20 15:37:28 -07:00
Makefile ceph: factor out libceph from Ceph file system 2010-10-20 15:37:28 -07:00
nonet.c llseek: automatically add .llseek fop 2010-10-15 15:53:27 +02:00
socket.c Merge git://git.kernel.org/pub/scm/linux/kernel/git/davem/net-2.6 2010-10-30 18:42:58 -07:00
sysctl_net.c net: Remove unnecessary returns from void function()s 2010-05-17 23:23:14 -07:00
TUNABLE