Skip to main content

Browse the archive

Revision 25888e30319f8896fc656fc68643e6a078263060 authored by Eric Dumazet on 25 November 2010, 04:11:39 UTC, committed by David S. Miller on 29 November 2010, 17:45:15 UTC 
af_unix: limit recursion level
 
Its easy to eat all kernel memory and trigger NMI watchdog, using an
exploit program that queues unix sockets on top of others.

lkml ref : http://lkml.org/lkml/2010/11/25/8

This mechanism is used in applications, one choice we have is to have a
recursion limit.

Other limits might be needed as well (if we queue other types of files),
since the passfd mechanism is currently limited by socket receive queue
sizes only.

Add a recursion_level to unix socket, allowing up to 4 levels.

Each time we send an unix socket through sendfd mechanism, we copy its
recursion level (plus one) to receiver. This recursion level is cleared
when socket receive queue is emptied.

Reported-by: Марк Коренберг <socketpair@gmail.com>
Signed-off-by: Eric Dumazet <eric.dumazet@gmail.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
1 parent 50a4205
History
File Mode Size
accessibility
acpi
amba
ata
atm
auxdisplay
base
block
bluetooth
cdrom
char
clocksource
connector
cpufreq
cpuidle
crypto
dca
dio
dma
edac
eisa
firewire
firmware
gpio
gpu
hid
hwmon
i2c
ide
idle
ieee802154
infiniband
input
isdn
leds
lguest
macintosh
mca
md
media
memstick
message
mfd
misc
mmc
mtd
net
nubus
of
oprofile
parisc
parport
pci
pcmcia
platform
pnp
power
pps
ps3
rapidio
regulator
rtc
s390
sbus
scsi
serial
sfi
sh
sn
spi
ssb
staging
tc
telephony
thermal
tty
uio
usb
uwb
vhost
video
virtio
vlynq
w1
watchdog
xen
zorro
Kconfig -rw-r--r-- 1.8 KB
Makefile -rw-r--r-- 3.3 KB
back to top