Commits
Eric Dumazet authored and Konstantin Khorenko committed 36e86920560
ms/tcp: fix potential huge kmalloc() calls in TCP_REPAIR tcp_send_rcvq() is used for re-injecting data into tcp receive queue. Problems : - No check against size is performed, allowed user to fool kernel in attempting very large memory allocations, eventually triggering OOM when memory is fragmented. - In case of fault during the copy we do not return correct errno. Lets use alloc_skb_with_frags() to cook optimal skbs. Fixes: 292e8d8c8538 ("tcp: Move rcvq sending to tcp_input.c") Fixes: c0e88ff0f256 ("tcp: Repair socket queues") Signed-off-by: Eric Dumazet <edumazet@google.com> Cc: Pavel Emelyanov <xemul@parallels.com> Acked-by: Pavel Emelyanov <xemul@parallels.com> Signed-off-by: David S. Miller <davem@davemloft.net> CRIU often triggers 8 order page allocation while restoring TCP sockets without this patch. https://jira.sw.ru/browse/PSBM-93672 (cherry picked from commit 5d4c9bfbabdb1d497f21afd81501e5c54b0c85d9) Signed-off-by: Konstantin Khorenko <khorenko@virtuozzo.com>