Revision ae6fcfbf5f03de3407b809aaee319330d3dc7f8b authored by Stefano Garzarella on 17 October 2019, 12:44:03 UTC, committed by David S. Miller on 18 October 2019, 17:19:43 UTC
If the remote peer doesn't respect the credit information (buf_alloc, fwd_cnt), sending more data than it can send, we should drop the packets to prevent a malicious peer from using all of our memory. This is patch follows the VIRTIO spec: "VIRTIO_VSOCK_OP_RW data packets MUST only be transmitted when the peer has sufficient free buffer space for the payload" Signed-off-by: Stefano Garzarella <sgarzare@redhat.com> Signed-off-by: David S. Miller <davem@davemloft.net>
1 parent ec3359b
| File | Mode | Size |
|---|---|---|
| apparmor | ||
| integrity | ||
| keys | ||
| loadpin | ||
| lockdown | ||
| safesetid | ||
| selinux | ||
| smack | ||
| tomoyo | ||
| yama | ||
| Kconfig | -rw-r--r-- | 10.7 KB |
| Kconfig.hardening | -rw-r--r-- | 7.9 KB |
| Makefile | -rw-r--r-- | 1.2 KB |
| commoncap.c | -rw-r--r-- | 38.9 KB |
| device_cgroup.c | -rw-r--r-- | 20.5 KB |
| inode.c | -rw-r--r-- | 10.6 KB |
| lsm_audit.c | -rw-r--r-- | 10.6 KB |
| min_addr.c | -rw-r--r-- | 1.3 KB |
| security.c | -rw-r--r-- | 59.1 KB |
Computing file changes ...
