Merge tag 'v4.4.274' into toradex_vf_4.4-next

Linux 4.4.274
author: Marcel Ziswiler <marcel.ziswiler@toradex.com> 2021-07-07 01:19:43 +0200
committer: Marcel Ziswiler <marcel.ziswiler@toradex.com> 2021-07-07 01:19:43 +0200
commit: d900385139e5aa8d584dee92c87bb85d0226253e (patch)
tree: 26aa082f242221c535f2d8aa03b0c314c713e8ea /net/ipv4/icmp.c
parent: 56168452b2a2fa8b4efc664d9fcb08536486a1ba (diff)
parent: 200ecf5055dfba12b9bff6984830a7cdddee8ab1 (diff)
1 files changed, 5 insertions, 2 deletions
diff --git a/net/ipv4/icmp.c b/net/ipv4/icmp.c
index 9a9f49b55abd..c16c199d9cd9 100644
--- a/net/ipv4/icmp.c
+++ b/net/ipv4/icmp.c
@@ -246,7 +246,7 @@ static struct {
 /**
  * icmp_global_allow - Are we allowed to send one more ICMP message ?
  *
- * Uses a token bucket to limit our ICMP messages to sysctl_icmp_msgs_per_sec.
+ * Uses a token bucket to limit our ICMP messages to ~sysctl_icmp_msgs_per_sec.
  * Returns false if we reached the limit and can not send another packet.
  * Note: called with BH disabled
  */
@@ -274,7 +274,10 @@ bool icmp_global_allow(void)
 	}
 	credit = min_t(u32, icmp_global.credit + incr, sysctl_icmp_msgs_burst);
 	if (credit) {
-		credit--;
+		/* We want to use a credit of one in average, but need to randomize
+		 * it for security reasons.
+		 */
+		credit = max_t(int, credit - prandom_u32_max(3), 0);
 		rc = true;
 	}
 	WRITE_ONCE(icmp_global.credit, credit);
author	Marcel Ziswiler <marcel.ziswiler@toradex.com>	2021-07-07 01:19:43 +0200
committer	Marcel Ziswiler <marcel.ziswiler@toradex.com>	2021-07-07 01:19:43 +0200
commit	d900385139e5aa8d584dee92c87bb85d0226253e (patch)
tree	26aa082f242221c535f2d8aa03b0c314c713e8ea /net/ipv4/icmp.c
parent	56168452b2a2fa8b4efc664d9fcb08536486a1ba (diff)
parent	200ecf5055dfba12b9bff6984830a7cdddee8ab1 (diff)