linux/net/tipc
Jon Paul Maloy 27777daa8b tipc: unclone unbundled buffers before forwarding
When extracting an individual message from a received "bundle" buffer,
we just create a clone of the base buffer, and adjust it to point into
the right position of the linearized data area of the latter. This works
well for regular message reception, but during periods of extremely high
load it may happen that an extracted buffer, e.g, a connection probe, is
reversed and forwarded through an external interface while the preceding
extracted message is still unhandled. When this happens, the header or
data area of the preceding message will be partially overwritten by a
MAC header, leading to unpredicatable consequences, such as a link
reset.

We now fix this by ensuring that the msg_reverse() function never
returns a cloned buffer, and that the returned buffer always contains
sufficient valid head and tail room to be forwarded.

Reported-by: Erik Hugne <erik.hugne@gmail.com>
Acked-by: Ying Xue <ying.xue@windriver.com>
Signed-off-by: Jon Maloy <jon.maloy@ericsson.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
2016-06-22 16:33:35 -04:00
..
addr.c tipc: simplify include dependencies 2015-05-14 12:24:45 -04:00
addr.h tipc: simplify include dependencies 2015-05-14 12:24:45 -04:00
bcast.c tipc: remove pre-allocated message header in link struct 2016-03-06 23:01:20 -05:00
bcast.h tipc: remove pre-allocated message header in link struct 2016-03-06 23:01:20 -05:00
bearer.c tipc: fix suspicious RCU usage 2016-06-15 21:47:23 -07:00
bearer.h tipc: remove remnants of old broadcast code 2016-04-13 17:49:11 -04:00
core.c tipc: redesign connection-level flow control 2016-05-03 15:51:16 -04:00
core.h tipc: make dist queue pernet 2016-04-11 15:22:20 -04:00
discover.c tipc: eliminate buffer leak in bearer layer 2016-04-07 17:00:13 -04:00
discover.h tipc: eliminate buffer leak in bearer layer 2016-04-07 17:00:13 -04:00
eth_media.c tipc: make media address offset a common define 2015-02-27 18:18:48 -05:00
ib_media.c tipc: rename media/msg related definitions 2015-02-27 18:18:48 -05:00
Kconfig tipc: add ip/udp media type 2015-03-05 22:08:42 -05:00
link.c tipc: eliminate uninitialized variable warning 2016-06-15 21:47:23 -07:00
link.h tipc: let first message on link be a state message 2016-04-15 16:09:06 -04:00
Makefile tipc: add ip/udp media type 2015-03-05 22:08:42 -05:00
msg.c tipc: unclone unbundled buffers before forwarding 2016-06-22 16:33:35 -04:00
msg.h tipc: unclone unbundled buffers before forwarding 2016-06-22 16:33:35 -04:00
name_distr.c tipc: purge deferred updates from dead nodes 2016-04-11 15:22:20 -04:00
name_distr.h tipc: reduce code dependency between binding table and node layer 2015-11-20 14:06:10 -05:00
name_table.c tipc: move netlink policies to netlink.c 2016-03-07 14:56:41 -05:00
name_table.h tipc: convert legacy nl name table dump to nl compat 2015-02-09 13:20:48 -08:00
net.c tipc: move netlink policies to netlink.c 2016-03-07 14:56:41 -05:00
net.h tipc: make tipc node table aware of net namespace 2015-01-12 16:24:32 -05:00
netlink_compat.c tipc: fix an infoleak in tipc_nl_compat_link_dump 2016-06-02 21:32:37 -07:00
netlink.c tipc: move netlink policies to netlink.c 2016-03-07 14:56:41 -05:00
netlink.h tipc: move netlink policies to netlink.c 2016-03-07 14:56:41 -05:00
node.c tipc: eliminate risk of double link_up events 2016-05-12 17:11:27 -04:00
node.h tipc: redesign connection-level flow control 2016-05-03 15:51:16 -04:00
server.c tipc: block BH in TCP callbacks 2016-05-19 11:36:49 -07:00
server.h tipc: fix a race condition leading to subscriber refcnt bug 2016-04-14 16:46:46 -04:00
socket.c tipc: fix socket timer deadlock 2016-06-17 21:38:10 -07:00
socket.h tipc: redesign connection-level flow control 2016-05-03 15:51:16 -04:00
subscr.c tipc: remove an unnecessary NULL check 2016-04-28 16:54:12 -04:00
subscr.h tipc: remove struct tipc_name_seq from struct tipc_subscription 2016-02-06 03:40:43 -05:00
sysctl.c tipc: add name distributor resiliency queue 2014-09-01 17:51:48 -07:00
udp_media.c tipc: make sure IPv6 header fits in skb headroom 2016-03-14 12:23:12 -04:00