Gitiles
Code Review Sign In
android-review.linaro.org / kernel / hikey-linaro / 25888e30319f8896fc656fc68643e6a078263060
commit25888e30319f8896fc656fc68643e6a078263060[log] [tgz]
authorEric Dumazet <eric.dumazet@gmail.com>Thu Nov 25 04:11:39 2010 +0000
committerDavid S. Miller <davem@davemloft.net>Mon Nov 29 09:45:15 2010 -0800
treeae484d38b1250da885d3939dd9a97e667fbc871d
parent50a4205333c5e545551f1f82b3004ca635407c5c [diff]
af_unix: limit recursion level

Its easy to eat all kernel memory and trigger NMI watchdog, using an
exploit program that queues unix sockets on top of others.

lkml ref : http://lkml.org/lkml/2010/11/25/8

This mechanism is used in applications, one choice we have is to have a
recursion limit.

Other limits might be needed as well (if we queue other types of files),
since the passfd mechanism is currently limited by socket receive queue
sizes only.

Add a recursion_level to unix socket, allowing up to 4 levels.

Each time we send an unix socket through sendfd mechanism, we copy its
recursion level (plus one) to receiver. This recursion level is cleared
when socket receive queue is emptied.

Reported-by: Марк Коренберг <socketpair@gmail.com>
Signed-off-by: Eric Dumazet <eric.dumazet@gmail.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
3 files changed
tree: ae484d38b1250da885d3939dd9a97e667fbc871d
  1. arch/
  2. block/
  3. crypto/
  4. Documentation/
  5. drivers/
  6. firmware/
  7. fs/
  8. include/
  9. init/
  10. ipc/
  11. kernel/
  12. lib/
  13. mm/
  14. net/
  15. samples/
  16. scripts/
  17. security/
  18. sound/
  19. tools/
  20. usr/
  21. virt/
  22. .gitignore
  23. .mailmap
  24. COPYING
  25. CREDITS
  26. Kbuild
  27. Kconfig
  28. MAINTAINERS
  29. Makefile
  30. README
  31. REPORTING-BUGS