From: Michal Kubecek <mkubecek@suse.cz>
Date: Fri, 7 Jun 2019 18:05:46 +0200
Subject: kabi: drop LINUX_MIB_TCPWQUEUETOOBIG snmp counter
Patch-mainline: Never, kabi workaround
References: bsc#1137586 CVE-2019-11478
patches.fixes/tcp-tcp_fragment-should-apply-sane-memory-limits.patch adds
LINUX_MIB_TCPWQUEUETOOBIG snmp attribute which breaks kABI. As it is only
a diagnostic aid and is not essential for the actual security fix, drop
the snmp counter and leave only the check.
Signed-off-by: Michal Kubecek <mkubecek@suse.cz>
---
include/uapi/linux/snmp.h | 1 -
net/ipv4/proc.c | 1 -
net/ipv4/tcp_output.c | 4 +---
3 files changed, 1 insertion(+), 5 deletions(-)
--- a/include/uapi/linux/snmp.h
+++ b/include/uapi/linux/snmp.h
@@ -275,7 +275,6 @@ enum
LINUX_MIB_TCPKEEPALIVE, /* TCPKeepAlive */
LINUX_MIB_TCPMTUPFAIL, /* TCPMTUPFail */
LINUX_MIB_TCPMTUPSUCCESS, /* TCPMTUPSuccess */
- LINUX_MIB_TCPWQUEUETOOBIG, /* TCPWqueueTooBig */
__LINUX_MIB_MAX
};
--- a/net/ipv4/proc.c
+++ b/net/ipv4/proc.c
@@ -297,7 +297,6 @@ static const struct snmp_mib snmp4_net_list[] = {
SNMP_MIB_ITEM("TCPKeepAlive", LINUX_MIB_TCPKEEPALIVE),
SNMP_MIB_ITEM("TCPMTUPFail", LINUX_MIB_TCPMTUPFAIL),
SNMP_MIB_ITEM("TCPMTUPSuccess", LINUX_MIB_TCPMTUPSUCCESS),
- SNMP_MIB_ITEM("TCPWqueueTooBig", LINUX_MIB_TCPWQUEUETOOBIG),
SNMP_MIB_SENTINEL
};
--- a/net/ipv4/tcp_output.c
+++ b/net/ipv4/tcp_output.c
@@ -1273,10 +1273,8 @@ int tcp_fragment(struct sock *sk, struct sk_buff *skb, u32 len,
if (nsize < 0)
nsize = 0;
- if (unlikely((sk->sk_wmem_queued >> 1) > sk->sk_sndbuf)) {
- NET_INC_STATS(sock_net(sk), LINUX_MIB_TCPWQUEUETOOBIG);
+ if (unlikely((sk->sk_wmem_queued >> 1) > sk->sk_sndbuf))
return -ENOMEM;
- }
if (skb_unclone(skb, gfp))
return -ENOMEM;