Eric Dumazet
a3225a836e
net: dccp: avoid crash in ccid3_hc_rx_send_feedback() ...
[ Upstream commit 74174fe5634ffbf645a7ca5a261571f700b2f332 ]
On fast hosts or malicious bots, we trigger a DCCP_BUG() which
seems excessive.
syzbot reported :
BUG: delta (-6195) <= 0 at net/dccp/ccids/ccid3.c:628/ccid3_hc_rx_send_feedback()
CPU: 1 PID: 18 Comm: ksoftirqd/1 Not tainted 4.18.0-rc1+ #112
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
Call Trace:
__dump_stack lib/dump_stack.c:77 [inline]
dump_stack+0x1c9/0x2b4 lib/dump_stack.c:113
ccid3_hc_rx_send_feedback net/dccp/ccids/ccid3.c:628 [inline]
ccid3_hc_rx_packet_recv.cold.16+0x38/0x71 net/dccp/ccids/ccid3.c:793
ccid_hc_rx_packet_recv net/dccp/ccid.h:185 [inline]
dccp_deliver_input_to_ccids+0xf0/0x280 net/dccp/input.c:180
dccp_rcv_established+0x87/0xb0 net/dccp/input.c:378
dccp_v4_do_rcv+0x153/0x180 net/dccp/ipv4.c:654
sk_backlog_rcv include/net/sock.h:914 [inline]
__sk_receive_skb+0x3ba/0xd80 net/core/sock.c:517
dccp_v4_rcv+0x10f9/0x1f58 net/dccp/ipv4.c:875
ip_local_deliver_finish+0x2eb/0xda0 net/ipv4/ip_input.c:215
NF_HOOK include/linux/netfilter.h:287 [inline]
ip_local_deliver+0x1e9/0x750 net/ipv4/ip_input.c:256
dst_input include/net/dst.h:450 [inline]
ip_rcv_finish+0x823/0x2220 net/ipv4/ip_input.c:396
NF_HOOK include/linux/netfilter.h:287 [inline]
ip_rcv+0xa18/0x1284 net/ipv4/ip_input.c:492
__netif_receive_skb_core+0x2488/0x3680 net/core/dev.c:4628
__netif_receive_skb+0x2c/0x1e0 net/core/dev.c:4693
process_backlog+0x219/0x760 net/core/dev.c:5373
napi_poll net/core/dev.c:5771 [inline]
net_rx_action+0x7da/0x1980 net/core/dev.c:5837
__do_softirq+0x2e8/0xb17 kernel/softirq.c:284
run_ksoftirqd+0x86/0x100 kernel/softirq.c:645
smpboot_thread_fn+0x417/0x870 kernel/smpboot.c:164
kthread+0x345/0x410 kernel/kthread.c:240
ret_from_fork+0x3a/0x50 arch/x86/entry/entry_64.S:412
Signed-off-by: Eric Dumazet <edumazet@google.com>
Reported-by: syzbot <syzkaller@googlegroups.com>
Cc: Gerrit Renker <gerrit@erg.abdn.ac.uk>
Cc: dccp@vger.kernel.org
Signed-off-by: David S. Miller <davem@davemloft.net>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
2018-07-22 14:28:44 +02:00
2017-11-02 11:10:55 +01:00
2018-02-22 15:42:30 +01:00
2017-11-02 11:10:55 +01:00
2018-05-30 07:52:16 +02:00
2017-11-02 11:10:55 +01:00
2018-07-22 14:28:43 +02:00
2017-11-02 11:10:55 +01:00
2018-05-30 07:52:19 +02:00
2018-04-19 08:56:19 +02:00
2017-05-02 11:46:28 -04:00
2018-07-17 11:39:32 +02:00
2017-11-02 11:10:55 +01:00
2018-01-23 19:58:17 +01:00
2018-05-30 07:52:04 +02:00
2018-06-11 22:49:22 +02:00
2017-08-09 16:57:38 -07:00
2018-07-22 14:28:44 +02:00
2018-02-25 11:07:52 +01:00
2018-04-29 11:33:10 +02:00
2018-06-26 08:06:28 +08:00
2017-06-16 11:48:40 -04:00
2017-08-22 13:40:23 -07:00
2018-03-31 18:10:40 +02:00
2018-04-29 11:33:13 +02:00
2018-07-17 11:39:32 +02:00
2018-07-22 14:28:43 +02:00
2017-11-02 11:10:55 +01:00
2018-03-31 18:10:41 +02:00
2018-06-11 22:49:19 +02:00
2018-06-16 09:45:14 +02:00
2018-05-19 10:20:27 +02:00
2017-07-04 22:35:16 +01:00
2018-05-30 07:52:20 +02:00
2018-06-21 04:02:55 +09:00
2017-11-02 11:10:55 +01:00
2018-02-22 15:42:28 +01:00
2017-10-21 01:56:38 +01:00
2018-07-17 11:39:32 +02:00
2018-05-30 07:52:40 +02:00
2018-05-16 10:10:23 +02:00
2017-07-04 22:35:17 +01:00
2018-05-30 07:51:57 +02:00
2018-05-19 10:20:26 +02:00
2018-05-19 10:20:24 +02:00
2018-06-26 08:06:28 +08:00
2017-11-02 11:10:55 +01:00
2017-11-01 12:19:03 +09:00
2018-05-30 07:52:05 +02:00
2018-06-21 04:02:48 +09:00
2018-05-16 10:10:26 +02:00
2018-06-21 04:02:56 +09:00
2018-06-26 08:06:28 +08:00
2018-06-11 22:49:20 +02:00
2018-06-21 04:02:53 +09:00
2018-04-29 11:33:13 +02:00
2018-07-22 14:28:42 +02:00
2017-08-07 14:48:48 -07:00
2018-06-21 04:02:56 +09:00
2018-06-26 08:06:29 +08:00
2017-11-02 10:04:46 -07:00
2018-02-25 11:07:59 +01:00
2017-11-02 11:10:55 +01:00
2018-05-30 07:51:58 +02:00
2017-11-02 11:10:55 +01:00
2018-05-30 07:52:19 +02:00
2018-05-19 10:20:24 +02:00
2017-09-04 13:25:20 +02:00
2017-11-02 11:10:55 +01:00
2018-06-26 08:06:28 +08:00
2017-04-16 23:42:49 -05:00
a3225a836e