redonkable/alistair23-linux
redonkable/alistair23-linux
1
0
Fork 0
Code Releases Activity
alistair23-linux/net
History
Willem de Bruijn cb9f1b7838 ip: validate header length on virtual device xmit 
KMSAN detected read beyond end of buffer in vti and sit devices when
passing truncated packets with PF_PACKET. The issue affects additional
ip tunnel devices.

Extend commit 76c0ddd8c3 ("ip6_tunnel: be careful when accessing the
inner header") and commit ccfec9e5cb ("ip_tunnel: be careful when
accessing the inner header").

Move the check to a separate helper and call at the start of each
ndo_start_xmit function in net/ipv4 and net/ipv6.

Minor changes:
- convert dev_kfree_skb to kfree_skb on error path,
  as dev_kfree_skb calls consume_skb which is not for error paths.
- use pskb_network_may_pull even though that is pedantic here,
  as the same as pskb_may_pull for devices without llheaders.
- do not cache ipv6 hdrs if used only once
  (unsafe across pskb_may_pull, was more relevant to earlier patch)

Reported-by: syzbot <syzkaller@googlegroups.com>
Signed-off-by: Willem de Bruijn <willemb@google.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
2019-01-01 12:05:02 -08:00
..
6lowpan 6lowpan: convert to DEFINE_SHOW_ATTRIBUTE 2018-12-19 00:28:05 +01:00
9p
802
8021q net: core: dev: Add extack argument to dev_change_flags() 2018-12-06 13:26:07 -08:00
appletalk
atm
ax25 ax25: fix a use-after-free in ax25_fillin_cb() 2018-12-30 14:07:54 -08:00
batman-adv Merge git://git.kernel.org/pub/scm/linux/kernel/git/davem/net 2018-11-19 10:55:00 -08:00
bluetooth Merge branch 'linus' of git://git.kernel.org/pub/scm/linux/kernel/git/herbert/crypto-2.6 2018-12-27 13:53:32 -08:00
bpf Merge git://git.kernel.org/pub/scm/linux/kernel/git/bpf/bpf-next 2018-12-10 18:00:43 -08:00
bpfilter
bridge net: convert bridge_nf to use skb extension infrastructure 2018-12-19 11:21:37 -08:00
caif
can net: Revert recent Spectre-v1 patches. 2018-12-23 16:01:35 -08:00
ceph libceph: fall back to sendmsg for slab pages 2018-11-19 17:59:47 +01:00
core sock: Make sock->sk_stamp thread-safe 2019-01-01 09:47:59 -08:00
dcb
dccp net: dccp: fix kernel crash on module load 2018-12-24 15:27:56 -08:00
decnet Merge git://git.kernel.org/pub/scm/linux/kernel/git/davem/net-next 2018-12-27 13:04:52 -08:00
dns_resolver
dsa net: dsa: ksz: Add STP multicast handling 2018-12-16 14:23:33 -08:00
ethernet net: ethernet: provide nvmem_get_mac_address() 2018-12-03 15:40:30 -08:00
hsr
ieee802154 Merge git://git.kernel.org/pub/scm/linux/kernel/git/davem/net 2018-12-24 16:19:56 -08:00
ife
ipv4 ip: validate header length on virtual device xmit 2019-01-01 12:05:02 -08:00
ipv6 ip: validate header length on virtual device xmit 2019-01-01 12:05:02 -08:00
iucv iucv: Remove SKB list assumptions. 2018-11-10 16:55:11 -08:00
kcm
key af_key: fix indentation on declaration statement 2018-11-15 18:09:32 +01:00
l2tp ppp: Move PFC decompression to PPP generic layer 2018-12-20 16:49:30 -08:00
l3mdev l3mdev: add function to retreive upper master 2018-12-03 14:15:26 -08:00
lapb
llc
mac80211 Merge branch 'linus' of git://git.kernel.org/pub/scm/linux/kernel/git/herbert/crypto-2.6 2018-12-27 13:53:32 -08:00
mac802154
mpls
ncsi net/ncsi: Add NCSI Mellanox OEM command 2018-11-27 16:37:20 -08:00
netfilter netfilter: nf_conncount: fix argument order to find_next_bit 2018-12-29 02:45:22 +01:00
netlabel
netlink net: netlink: rename NETLINK_DUMP_STRICT_CHK -> NETLINK_GET_STRICT_CHK 2018-12-14 11:44:31 -08:00
netrom netrom: fix locking in nr_find_socket() 2018-12-30 20:24:16 -08:00
nfc net: Revert recent Spectre-v1 patches. 2018-12-23 16:01:35 -08:00
nsh
openvswitch Merge git://git.kernel.org/pub/scm/linux/kernel/git/davem/net 2018-12-09 21:43:31 -08:00
packet packet: validate address length if non-zero 2018-12-22 15:12:04 -08:00
phonet net: Revert recent Spectre-v1 patches. 2018-12-23 16:01:35 -08:00
psample
qrtr
rds net: rds: remove unnecessary NULL check 2019-01-01 09:54:19 -08:00
rfkill rfkill: gpio: Remove unused include 2018-12-18 13:13:56 +01:00
rose
rxrpc rxrpc: Fix life check 2018-11-15 11:35:40 -08:00
sched Merge git://git.kernel.org/pub/scm/linux/kernel/git/davem/net-next 2018-12-27 13:04:52 -08:00
sctp Merge git://git.kernel.org/pub/scm/linux/kernel/git/davem/net 2018-12-20 11:53:36 -08:00
smc Merge git://git.kernel.org/pub/scm/linux/kernel/git/davem/net 2018-12-20 11:53:36 -08:00
strparser
sunrpc sock: Make sock->sk_stamp thread-safe 2019-01-01 09:47:59 -08:00
switchdev net: switchdev: Add extack to switchdev_handle_port_obj_add() callback 2018-12-12 16:34:22 -08:00
tipc tipc: fix a missing check of genlmsg_put 2018-12-27 16:26:09 -08:00
tls Merge git://git.kernel.org/pub/scm/linux/kernel/git/davem/net 2018-12-21 15:06:20 -08:00
unix
vmw_vsock VSOCK: Send reset control packet when socket is partially bound 2018-12-18 11:53:42 -08:00
wimax
wireless Merge branch 'linus' of git://git.kernel.org/pub/scm/linux/kernel/git/herbert/crypto-2.6 2018-12-27 13:53:32 -08:00
x25 net/x25: handle call collisions 2018-11-29 14:25:36 -08:00
xdp xsk: simplify AF_XDP socket teardown 2018-12-19 21:45:17 +01:00
xfrm Merge git://git.kernel.org/pub/scm/linux/kernel/git/davem/net 2018-12-20 11:53:36 -08:00
compat.c sock: Make sock->sk_stamp thread-safe 2019-01-01 09:47:59 -08:00
Kconfig net: convert bridge_nf to use skb extension infrastructure 2018-12-19 11:21:37 -08:00
Makefile
socket.c socket: do a generic_file_splice_read when proto_ops has no splice_read 2018-11-17 21:34:11 -08:00
sysctl_net.c