[lucid/fsl-imx51 CVE 02/12] tcp: use limited socket backlog CVE-2010-4251

[Andy Whitcroft]

From: Zhu Yi <yi.zhu at intel.com>

BugLink: http://bugs.launchpad.net/bugs/807462

Make tcp adapt to the limited socket backlog change.

Cc: "David S. Miller" <davem at davemloft.net>
Cc: Alexey Kuznetsov <kuznet at ms2.inr.ac.ru>
Cc: "Pekka Savola (ipv6)" <pekkas at netcore.fi>
Cc: Patrick McHardy <kaber at trash.net>
Signed-off-by: Zhu Yi <yi.zhu at intel.com>
Acked-by: Eric Dumazet <eric.dumazet at gmail.com>
Signed-off-by: David S. Miller <davem at davemloft.net>
(cherry picked from commit 6b03a53a5ab7ccf2d5d69f96cf1c739c4d2a8fb9)

Signed-off-by: Paolo Pisati <paolo.pisati at canonical.com>
Signed-off-by: Tim Gardner <tim.gardner at canonical.com>
Signed-off-by: Andy Whitcroft <apw at canonical.com>
---
 net/ipv4/tcp_ipv4.c |    6 ++++--
 net/ipv6/tcp_ipv6.c |    6 ++++--
 2 files changed, 8 insertions(+), 4 deletions(-)

diff --git a/net/ipv4/tcp_ipv4.c b/net/ipv4/tcp_ipv4.c
index 6d88219..92db108 100644
--- a/net/ipv4/tcp_ipv4.c
+++ b/net/ipv4/tcp_ipv4.c
@@ -1596,8 +1596,10 @@ process:
 			if (!tcp_prequeue(sk, skb))
 				ret = tcp_v4_do_rcv(sk, skb);
 		}
-	} else
-		sk_add_backlog(sk, skb);
+	} else if (sk_add_backlog_limited(sk, skb)) {
+		bh_unlock_sock(sk);
+		goto discard_and_relse;
+	}
 	bh_unlock_sock(sk);
 
 	sock_put(sk);
diff --git a/net/ipv6/tcp_ipv6.c b/net/ipv6/tcp_ipv6.c
index d849dd5..f73e6b9 100644
--- a/net/ipv6/tcp_ipv6.c
+++ b/net/ipv6/tcp_ipv6.c
@@ -1684,8 +1684,10 @@ process:
 			if (!tcp_prequeue(sk, skb))
 				ret = tcp_v6_do_rcv(sk, skb);
 		}
-	} else
-		sk_add_backlog(sk, skb);
+	} else if (sk_add_backlog_limited(sk, skb)) {
+		bh_unlock_sock(sk);
+		goto discard_and_relse;
+	}
 	bh_unlock_sock(sk);
 
 	sock_put(sk);
-- 
1.7.4.1