Please sign in to comment.
tcp: avoid infinite loop in tcp_splice_read()
Splicing from TCP socket is vulnerable when a packet with URG flag is received and stored into receive queue. __tcp_splice_read() returns 0, and sk_wait_data() immediately returns since there is the problematic skb in queue. This is a nice way to burn cpu (aka infinite loop) and trigger soft lockups. Again, this gem was found by syzkaller tool. Fixes: 9c55e01 ("[TCP]: Splice receive support.") Signed-off-by: Eric Dumazet <firstname.lastname@example.org> Reported-by: Dmitry Vyukov <email@example.com> Cc: Willy Tarreau <firstname.lastname@example.org> Signed-off-by: David S. Miller <email@example.com>
- Loading branch information...