mirror of https://github.com/torvalds/linux.git
25888e3031
Its easy to eat all kernel memory and trigger NMI watchdog, using an exploit program that queues unix sockets on top of others. lkml ref : http://lkml.org/lkml/2010/11/25/8 This mechanism is used in applications, one choice we have is to have a recursion limit. Other limits might be needed as well (if we queue other types of files), since the passfd mechanism is currently limited by socket receive queue sizes only. Add a recursion_level to unix socket, allowing up to 4 levels. Each time we send an unix socket through sendfd mechanism, we copy its recursion level (plus one) to receiver. This recursion level is cleared when socket receive queue is emptied. Reported-by: Марк Коренберг <socketpair@gmail.com> Signed-off-by: Eric Dumazet <eric.dumazet@gmail.com> Signed-off-by: David S. Miller <davem@davemloft.net> |
||
|---|---|---|
| .. | ||
| 9p | ||
| bluetooth | ||
| caif | ||
| irda | ||
| iucv | ||
| netfilter | ||
| netns | ||
| phonet | ||
| sctp | ||
| tc_act | ||
| tipc | ||
| act_api.h | ||
| addrconf.h | ||
| af_ieee802154.h | ||
| af_rxrpc.h | ||
| af_unix.h | ||
| ah.h | ||
| arp.h | ||
| atmclip.h | ||
| ax25.h | ||
| ax88796.h | ||
| cfg80211.h | ||
| checksum.h | ||
| cipso_ipv4.h | ||
| cls_cgroup.h | ||
| compat.h | ||
| datalink.h | ||
| dcbnl.h | ||
| dn.h | ||
| dn_dev.h | ||
| dn_fib.h | ||
| dn_neigh.h | ||
| dn_nsp.h | ||
| dn_route.h | ||
| dsa.h | ||
| dsfield.h | ||
| dst.h | ||
| dst_ops.h | ||
| esp.h | ||
| ethoc.h | ||
| fib_rules.h | ||
| flow.h | ||
| garp.h | ||
| gen_stats.h | ||
| genetlink.h | ||
| gre.h | ||
| icmp.h | ||
| ieee80211_radiotap.h | ||
| ieee802154.h | ||
| ieee802154_netdev.h | ||
| if_inet6.h | ||
| inet6_connection_sock.h | ||
| inet6_hashtables.h | ||
| inet_common.h | ||
| inet_connection_sock.h | ||
| inet_ecn.h | ||
| inet_frag.h | ||
| inet_hashtables.h | ||
| inet_sock.h | ||
| inet_timewait_sock.h | ||
| inetpeer.h | ||
| ip.h | ||
| ip6_checksum.h | ||
| ip6_fib.h | ||
| ip6_route.h | ||
| ip6_tunnel.h | ||
| ip_fib.h | ||
| ip_vs.h | ||
| ipcomp.h | ||
| ipconfig.h | ||
| ipip.h | ||
| ipv6.h | ||
| ipx.h | ||
| iw_handler.h | ||
| lapb.h | ||
| lib80211.h | ||
| llc.h | ||
| llc_c_ac.h | ||
| llc_c_ev.h | ||
| llc_c_st.h | ||
| llc_conn.h | ||
| llc_if.h | ||
| llc_pdu.h | ||
| llc_s_ac.h | ||
| llc_s_ev.h | ||
| llc_s_st.h | ||
| llc_sap.h | ||
| mac80211.h | ||
| mip6.h | ||
| mld.h | ||
| ndisc.h | ||
| neighbour.h | ||
| net_namespace.h | ||
| netdma.h | ||
| netevent.h | ||
| netlabel.h | ||
| netlink.h | ||
| netrom.h | ||
| nexthop.h | ||
| nl802154.h | ||
| p8022.h | ||
| pkt_cls.h | ||
| pkt_sched.h | ||
| protocol.h | ||
| psnap.h | ||
| raw.h | ||
| rawv6.h | ||
| red.h | ||
| regulatory.h | ||
| request_sock.h | ||
| rose.h | ||
| route.h | ||
| rtnetlink.h | ||
| sch_generic.h | ||
| scm.h | ||
| slhc_vj.h | ||
| snmp.h | ||
| sock.h | ||
| stp.h | ||
| tcp.h | ||
| tcp_states.h | ||
| timewait_sock.h | ||
| transp_v6.h | ||
| udp.h | ||
| udplite.h | ||
| wext.h | ||
| wimax.h | ||
| wpan-phy.h | ||
| x25.h | ||
| x25device.h | ||
| xfrm.h | ||