linux/include/net
Zhu Yi 8eae939f14 net: add limit for socket backlog
We got system OOM while running some UDP netperf testing on the loopback
device. The case is multiple senders sent stream UDP packets to a single
receiver via loopback on local host. Of course, the receiver is not able
to handle all the packets in time. But we surprisingly found that these
packets were not discarded due to the receiver's sk->sk_rcvbuf limit.
Instead, they are kept queuing to sk->sk_backlog and finally ate up all
the memory. We believe this is a secure hole that a none privileged user
can crash the system.

The root cause for this problem is, when the receiver is doing
__release_sock() (i.e. after userspace recv, kernel udp_recvmsg ->
skb_free_datagram_locked -> release_sock), it moves skbs from backlog to
sk_receive_queue with the softirq enabled. In the above case, multiple
busy senders will almost make it an endless loop. The skbs in the
backlog end up eat all the system memory.

The issue is not only for UDP. Any protocols using socket backlog is
potentially affected. The patch adds limit for socket backlog so that
the backlog size cannot be expanded endlessly.

Reported-by: Alex Shi <alex.shi@intel.com>
Cc: David Miller <davem@davemloft.net>
Cc: Arnaldo Carvalho de Melo <acme@ghostprotocols.net>
Cc: Alexey Kuznetsov <kuznet@ms2.inr.ac.ru
Cc: "Pekka Savola (ipv6)" <pekkas@netcore.fi>
Cc: Patrick McHardy <kaber@trash.net>
Cc: Vlad Yasevich <vladislav.yasevich@hp.com>
Cc: Sridhar Samudrala <sri@us.ibm.com>
Cc: Jon Maloy <jon.maloy@ericsson.com>
Cc: Allan Stephens <allan.stephens@windriver.com>
Cc: Andrew Hendry <andrew.hendry@gmail.com>
Signed-off-by: Zhu Yi <yi.zhu@intel.com>
Signed-off-by: Eric Dumazet <eric.dumazet@gmail.com>
Acked-by: Arnaldo Carvalho de Melo <acme@redhat.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
2010-03-05 13:33:59 -08:00
..
9p 9p: fix readdir corner cases 2009-11-02 08:43:45 -06:00
bluetooth Bluetooth: Add controller types for BR/EDR and 802.11 AMP 2010-02-27 14:05:38 +01:00
irda net: mark read-only arrays as const 2009-08-05 10:42:58 -07:00
iucv af_iucv: Return -EAGAIN if iucv msg limit is exceeded 2009-06-19 00:10:40 -07:00
netfilter netfilter: nf_defrag_ipv4: fix compilation error with NF_CONNTRACK=n 2010-02-18 19:04:44 +01:00
netns packet: convert socket list to RCU (v3) 2010-02-22 15:45:56 -08:00
phonet Phonet: zero-copy GPRS TX 2010-01-07 00:24:55 -08:00
sctp Merge branch 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/jikos/trivial 2009-12-09 19:43:33 -08:00
tc_act pkt_sched: skbedit add support for setting mark 2009-10-22 21:56:42 -07:00
tipc
act_api.h net: restore gnet_stats_basic to previous definition 2009-08-17 21:33:49 -07:00
addrconf.h net: Add checking to rcu_dereference() primitives 2010-02-25 09:41:03 +01:00
af_ieee802154.h af_ieee802154: add support for WANT_ACK socket option 2009-08-12 21:54:50 -07:00
af_rxrpc.h
af_unix.h net: Fix soft lockups/OOM issues w/ unix garbage collector 2008-11-26 15:32:27 -08:00
ah.h net: cleanup include/net 2009-11-04 05:06:25 -08:00
arp.h net: make neigh_ops constant 2009-09-01 17:40:57 -07:00
atmclip.h clip: convert to internal network_device_stats 2009-01-21 14:01:59 -08:00
ax25.h
ax88796.h ax88796: Add method to take MAC from platform data 2009-03-24 23:32:03 -07:00
cfg80211.h nl80211: add power save commands 2010-02-19 15:52:40 -05:00
checksum.h include/net net/ - csum_partial - remove unnecessary casts 2008-11-19 15:44:53 -08:00
cipso_ipv4.h netlabel: Label incoming TCP connections correctly in SELinux 2009-03-28 15:01:36 +11:00
compat.h net: fix compat_sys_recvmmsg parameter type 2009-12-11 15:07:56 -08:00
datalink.h
dcbnl.h dcbnl: Add support for setapp/getapp to netdev dcbnl_rtnl_ops 2009-09-01 01:24:30 -07:00
dn_dev.h Merge git://git.kernel.org/pub/scm/linux/kernel/git/davem/net-next-2.6 2009-12-08 07:55:01 -08:00
dn_fib.h net: cleanup include/net 2009-11-04 05:06:25 -08:00
dn_neigh.h
dn_nsp.h net: cleanup include/net 2009-11-04 05:06:25 -08:00
dn_route.h
dn.h decnet: compile fix for removal of byteorder wrapper 2008-11-27 23:04:13 -08:00
dsa.h dsa: add switch chip cascading support 2009-03-21 19:06:54 -07:00
dsfield.h
dst_ops.h netns: embed ip6_dst_ops directly 2009-09-01 17:40:31 -07:00
dst.h net: Add rtnetlink init_rcvwnd to set the TCP initial receive window 2009-12-23 14:13:30 -08:00
esp.h
ethoc.h net: Add support for the OpenCores 10/100 Mbps Ethernet MAC. 2009-03-27 00:16:21 -07:00
fib_rules.h net: Allow fib_rule_unregister to batch 2009-12-03 12:22:55 -08:00
flow.h netns xfrm: lookup in netns 2008-11-25 17:35:18 -08:00
garp.h
gen_stats.h net: cleanup include/net 2009-11-04 05:06:25 -08:00
genetlink.h net: cleanup include/net 2009-11-04 05:06:25 -08:00
icmp.h icmp: move icmp_err_convert[] to .rodata 2010-01-23 01:21:28 -08:00
ieee80211_radiotap.h wireless: update radiotap parser 2010-02-08 16:50:53 -05:00
ieee802154_netdev.h ieee802154: add an mlme_ops call to retrieve PHY object 2009-11-06 14:32:18 +03:00
ieee802154.h ieee802154: move headers out of extra directory 2009-07-23 17:08:51 +04:00
if_inet6.h IPv6: convert mc_lock to spinlock 2010-02-17 18:48:44 -08:00
inet6_connection_sock.h
inet6_hashtables.h tcp: Fix a connect() race with timewait sockets 2009-12-08 20:17:51 -08:00
inet_common.h
inet_connection_sock.h net: Make setsockopt() optlen be unsigned. 2009-09-30 16:12:20 -07:00
inet_ecn.h net: replace __constant_{endian} uses in net headers 2009-02-14 22:58:35 -08:00
inet_frag.h inet fragments: fix sparse warning: context imbalance 2009-02-26 23:13:35 -08:00
inet_hashtables.h tcp: Fix a connect() race with timewait sockets 2009-12-08 20:17:51 -08:00
inet_sock.h tcp: Generalized TTL Security Mechanism 2010-01-11 16:28:01 -08:00
inet_timewait_sock.h tcp: Fix a connect() race with timewait sockets 2009-12-08 20:17:51 -08:00
inetpeer.h inetpeer: Optimize inet_getid() 2009-11-13 20:46:58 -08:00
ip6_checksum.h
ip6_fib.h ipv6: use standard lists for FIB walks 2010-02-18 14:30:17 -08:00
ip6_route.h net: cleanup include/net 2009-11-04 05:06:25 -08:00
ip6_tunnel.h
ip_fib.h Merge branch 'master' of master.kernel.org:/pub/scm/linux/kernel/git/davem/net-2.6 2009-11-06 00:55:55 -08:00
ip_vs.h ipvs: SCTP Trasport Loadbalancing Support 2010-02-18 12:31:05 +01:00
ip.h percpu: add __percpu sparse annotations to net 2010-02-16 23:05:38 -08:00
ipcomp.h percpu: add __percpu sparse annotations to net 2010-02-16 23:05:38 -08:00
ipconfig.h
ipip.h net: cleanup include/net 2009-11-04 05:06:25 -08:00
ipv6.h ipv6: Remove IPV6_ADDR_RESERVED 2010-02-26 03:59:07 -08:00
ipx.h net: replace __constant_{endian} uses in net headers 2009-02-14 22:58:35 -08:00
iw_handler.h net: cleanup include/net 2009-11-04 05:06:25 -08:00
lapb.h
lib80211.h wireless: missing include in lib80211.h 2008-11-21 11:42:55 -05:00
llc_c_ac.h
llc_c_ev.h
llc_c_st.h
llc_conn.h llc: use a device based hash table to speed up multicast delivery 2009-12-26 20:43:57 -08:00
llc_if.h
llc_pdu.h
llc_s_ac.h
llc_s_ev.h
llc_s_st.h
llc_sap.h
llc.h llc: convert llc_sap_list to RCU 2009-12-26 20:46:28 -08:00
mac80211.h mac80211: Fix HT rate control configuration 2010-03-03 15:39:21 -05:00
mip6.h
ndisc.h sysctl: remove "struct file *" argument of ->proc_handler 2009-09-24 07:21:04 -07:00
neighbour.h percpu: add __percpu sparse annotations to net 2010-02-16 23:05:38 -08:00
net_namespace.h netfilter: nfnetlink: netns support 2010-01-13 16:02:14 +01:00
netdma.h net_dma: convert to dma_find_channel 2009-01-06 11:38:15 -07:00
netevent.h
netlabel.h netlabel: Cleanup the Smack/NetLabel code to fix incoming TCP connections 2009-03-28 15:01:37 +11:00
netlink.h const: struct nla_policy 2010-02-18 14:30:18 -08:00
netrom.h ax25: netrom: rose: Fix timer oopses 2010-01-16 01:04:04 -08:00
nexthop.h
nl802154.h ieee802154: add support for channel pages from IEEE 802.15.4-2006 2009-08-19 23:08:22 +04:00
p8022.h
pkt_cls.h net: rename skb->iif to skb->skb_iif 2009-11-20 15:35:04 -08:00
pkt_sched.h sched: add head drop fifo queue 2010-01-28 21:27:00 -08:00
protocol.h net: drop capability from protocol definitions 2009-11-05 21:40:17 -08:00
psnap.h snap: use const for descriptor 2009-03-21 19:06:50 -07:00
raw.h
rawv6.h ipv6: Use correct data types for ICMPv6 type and code 2009-06-23 04:31:07 -07:00
red.h net: cleanup include/net 2009-11-04 05:06:25 -08:00
regulatory.h cfg80211: add regulatory hint disconnect support 2010-02-01 15:40:06 -05:00
request_sock.h tcp: account SYN-ACK timeouts & retransmissions 2010-01-17 19:09:39 -08:00
rose.h NET: ROSE: Don't use static buffer. 2009-07-26 19:11:14 -07:00
route.h percpu: add __percpu sparse annotations to net 2010-02-16 23:05:38 -08:00
rtnetlink.h rtnetlink: support specifying device flags on device creation 2010-02-27 02:43:40 -08:00
sch_generic.h sched: add head drop fifo queue 2010-01-28 21:27:00 -08:00
scm.h net: cleanup include/net 2009-11-04 05:06:25 -08:00
slhc_vj.h
snmp.h percpu: add __percpu sparse annotations to net 2010-02-16 23:05:38 -08:00
sock.h net: add limit for socket backlog 2010-03-05 13:33:59 -08:00
stp.h
tcp_states.h
tcp.h net: add scheduler sync hint to tcp_prequeue(). 2010-03-04 00:53:51 -08:00
timewait_sock.h net: Fix memory leak in the proto_register function 2008-11-21 16:45:22 -08:00
transp_v6.h inet: inet_connection_sock_af_ops const 2009-09-02 01:03:49 -07:00
udp.h udp: bind() optimisation 2009-11-10 20:54:38 -08:00
udplite.h udp: introduce struct udp_table and multiple spinlocks 2008-10-29 01:41:45 -07:00
wext.h wext: refactor 2009-10-07 16:39:43 -04:00
wimax.h Merge branch 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/jikos/trivial 2009-12-09 19:43:33 -08:00
wpan-phy.h ieee802154: add support for creation/removal of logic interfaces 2009-11-06 14:32:24 +03:00
x25.h X25: Move SYSCTL ifdefs into header 2009-11-29 00:24:59 -08:00
x25device.h
xfrm.h ipsec: Fix bogus bundle flowi 2010-03-03 01:04:37 -08:00