armbian/linux
0
0
Fork 0
mirror of https://github.com/armbian/linux.git synced 2026-01-06 10:13:00 -08:00
Code Issues Packages Projects Releases Wiki Activity
Files
dfb704f96cd190239e7b86b09810a136cf25506e
linux/include/net
History
Eric Dumazet 225a24ae97 tcp: take care of truncations done by sk_filter() 
[ Upstream commit ac6e780070e30e4c35bd395acfe9191e6268bdd3 ]

With syzkaller help, Marco Grassi found a bug in TCP stack,
crashing in tcp_collapse()

Root cause is that sk_filter() can truncate the incoming skb,
but TCP stack was not really expecting this to happen.
It probably was expecting a simple DROP or ACCEPT behavior.

We first need to make sure no part of TCP header could be removed.
Then we need to adjust TCP_SKB_CB(skb)->end_seq

Many thanks to syzkaller team and Marco for giving us a reproducer.

Signed-off-by: Eric Dumazet <edumazet@google.com>
Reported-by: Marco Grassi <marco.gra@gmail.com>
Reported-by: Vladis Dronov <vdronov@redhat.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
2016-11-21 10:06:40 +01:00
..
9p
9p: switch p9_client_read() to passing struct iov_iter *
2015-04-11 22:28:27 -04:00
bluetooth
Bluetooth: L2CAP: Fix returning correct LE CoC response codes
2015-11-05 04:04:00 +01:00
caif
caif: fix a signedness bug in cfpkt_iterate()
2015-02-20 17:35:14 -05:00
irda
iucv
s390/iucv: do not use arrays as argument
2015-09-21 16:03:04 -07:00
netfilter
netfilter: nf_tables: add clone interface to expression operations
2015-11-10 23:47:32 +01:00
netns
Revert "ipv4/icmp: redirect messages can use the ingress daddr as source"
2015-10-14 06:01:07 -07:00
nfc
NFC: nci: non-static functions can not be inline
2015-10-28 06:44:45 +01:00
phonet
sctp
sctp: start t5 timer only when peer rwnd is 0 and local state is SHUTDOWN_PENDING
2015-12-06 22:31:51 -05:00
tc_act
act_connmark: Remember the struct net instead of guessing it.
2015-09-18 21:59:31 +02:00
6lowpan.h
6lowpan: remove lowpan_is_addr_broadcast
2015-10-21 00:49:25 +02:00
act_api.h
net_sched: make tcf_hash_destroy() static
2015-08-26 11:01:44 -07:00
addrconf.h
ipv6: remove unused neigh parameter from ndisc functions
2015-09-24 12:26:08 -07:00
af_ieee802154.h
ieee802154: af_ieee802154: fix typo in comment.
2015-09-17 13:20:05 +02:00
af_rxrpc.h
af_unix.h
af_unix: split 'u->readlock' into two: 'iolock' and 'bindlock'
2016-09-30 10:18:36 +02:00
af_vsock.h
VSOCK: define VSOCK_SS_LISTEN once only
2015-11-01 12:14:47 -05:00
ah.h
arp.h
neigh: Factor out ___neigh_lookup_noref
2015-03-04 00:23:23 -05:00
atmclip.h
ax25.h
ax25: Stop using sock->sk_protinfo.
2015-06-28 16:55:44 -07:00
ax88796.h
bond_3ad.h
bonding: simplify / unify event handling code for 3ad mode.
2015-11-02 22:52:24 -05:00
bond_alb.h
bond_options.h
bonding: convert num_grat_arp to the new bonding option API
2015-07-27 01:05:24 -07:00
bonding.h
bonding: fix bond_get_stats()
2016-04-20 15:42:04 +09:00
busy_poll.h
cfg80211-wext.h
cfg80211.h
cfg80211/mac80211: clarify RSSI CQM reporting requirements
2015-11-03 10:54:58 +01:00
cfg802154.h
nl802154: add support for security layer
2015-09-30 13:16:44 +02:00
checksum.h
net: Add inet_proto_csum_replace_by_diff utility function
2015-08-17 21:33:06 -07:00
cipso_ipv4.h
cipso: don't use IPCB() to locate the CIPSO IP option
2015-02-11 14:46:37 -05:00
cls_cgroup.h
cls_cgroup: factor out classid retrieval
2015-07-20 12:41:30 -07:00
codel.h
net_sched: update hierarchical backlog too
2016-05-18 17:06:39 -07:00
compat.h
net: switch importing msghdr from userland to {compat_,}import_iovec()
2015-04-09 00:02:26 -04:00
datalink.h
dcbevent.h
dcbnl.h
net/dcb: Add IEEE QCN attribute
2015-03-06 21:50:02 -05:00
dn_dev.h
dn_fib.h
dn_neigh.h
netfilter: Pass net into okfn
2015-09-17 17:18:37 -07:00
dn_nsp.h
dn_route.h
dn.h
dsa.h
net: dsa: use switchdev obj for VLAN add/del ops
2015-11-01 15:56:11 -05:00
dsfield.h
dst_metadata.h
gro: Make GRO aware of lightweight tunnels.
2016-03-03 15:07:04 -08:00
dst_ops.h
ipv4, ipv6: Pass net into __ip_local_out and __ip6_local_out
2015-10-08 04:27:02 -07:00
dst.h
net: fix IP early demux races
2015-12-14 23:52:00 -05:00
esp.h
ethoc.h
net/ethoc: support big-endian register layout
2015-09-23 15:33:15 -07:00
fib_rules.h
net: ipv6: use common fib_default_rule_pref
2015-09-09 14:19:50 -07:00
firewire.h
flow_dissector.h
flow_dissector: Don't use bit fields.
2015-09-01 16:46:08 -07:00
flow.h
net: Rename FLOWI_FLAG_VRFSRC to FLOWI_FLAG_L3MDEV_SRC
2015-10-07 04:27:42 -07:00
flowcache.h
fou.h
garp.h
gen_stats.h
genetlink.h
genetlink: simplify genl_notify
2015-09-24 12:25:23 -07:00
geneve.h
geneve: Consolidate Geneve functionality in single module.
2015-08-27 15:42:48 -07:00
gre.h
gre: Remove support for sharing GRE protocol hook.
2015-08-10 14:03:54 -07:00
gro_cells.h
gro_cells: remove spinlock protecting receive queues
2015-08-31 15:17:17 -07:00
gue.h
icmp.h
ieee80211_radiotap.h
ieee802154_netdev.h
nl802154: add support for security layer
2015-09-30 13:16:44 +02:00
if_inet6.h
ipv6: do retries on stable privacy addresses
2015-03-23 22:12:09 -04:00
inet6_connection_sock.h
ipv6: remove obsolete inet6 functions
2015-10-03 04:32:42 -07:00
inet6_hashtables.h
ipv6: get rid of __inet6_hash()
2015-03-18 22:00:35 -04:00
inet_common.h
net: avoid NULL deref in inet_ctl_sock_destroy()
2015-11-02 22:46:09 -05:00
inet_connection_sock.h
tcp/dccp: fix another race at listener dismantle
2016-03-03 15:07:07 -08:00
inet_ecn.h
ipv6: update skb->csum when CE mark is propagated
2016-01-31 11:29:01 -08:00
inet_frag.h
net: fix percpu memory leaks
2015-11-02 22:47:14 -05:00
inet_hashtables.h
tcp/dccp: fix hashdance race for passive sessions
2015-10-23 05:42:21 -07:00
inet_sock.h
xfrm: take care of request sockets
2015-12-07 17:07:33 -05:00
inet_timewait_sock.h
Merge git://git.kernel.org/pub/scm/linux/kernel/git/davem/net
2015-10-20 06:08:27 -07:00
inetpeer.h
inet: tcp: fix inetpeer_set_addr_v4()
2015-12-16 00:14:12 -05:00
ip6_checksum.h
ip6_fib.h
ipv6: Check rt->dst.from for the DST_NOCACHE route
2015-11-15 17:12:37 -05:00
ip6_route.h
ipv6: enforce flowi6_oif usage in ip6_dst_lookup_tail()
2016-03-03 15:07:05 -08:00
ip6_tunnel.h
ip6_tunnel: Clear IP6CB in ip6tunnel_xmit()
2016-11-21 10:06:39 +01:00
ip_fib.h
route: check and remove route cache when we get route
2016-03-03 15:07:07 -08:00
ip_tunnels.h
tunnels: Remove encapsulation offloads on decap.
2016-10-31 04:13:59 -06:00
ip_vs.h
ipvs: drop first packet to redirect conntrack
2016-05-11 11:21:09 +02:00
ip.h
udp: fix IP_CHECKSUM handling
2016-11-15 07:46:39 +01:00
ipcomp.h
ipconfig.h
ipv6.h
ipv6: add complete rcu protection around np->opt
2015-12-02 23:37:16 -05:00
ipx.h
iw_handler.h
cfg80211/wext: fix message ordering
2016-03-16 08:42:59 -07:00
l3mdev.h
net: Propagate lookup failure in l3mdev_get_saddr to caller
2016-01-04 22:58:30 -05:00
lapb.h
lib80211.h
llc_c_ac.h
llc_c_ev.h
llc_c_st.h
llc_conn.h
net: Pass kern from net_proto_family.create to sk_alloc
2015-05-11 10:50:17 -04:00
llc_if.h
llc_pdu.h
llc_s_ac.h
llc_s_ev.h
llc_s_st.h
llc_sap.h
llc.h
lwtunnel.h
dst: Pass net into dst->output
2015-10-08 04:27:03 -07:00
mac80211.h
mac80211: always set the buf_size in AddBA req to 64
2015-11-20 11:39:40 +01:00
mac802154.h
6lowpan: cleanup lowpan_header_decompress
2015-10-21 00:49:24 +02:00
mip6.h
mld.h
mpls_iptunnel.h
mpls: multipath route support
2015-10-23 06:26:42 -07:00
mpls.h
mrp.h
ndisc.h
Revert "ipv6: ndisc: inherit metadata dst when creating ndisc requests"
2015-12-01 15:07:59 -05:00
neighbour.h
net: add explicit logging and stat for neighbour table overflow
2015-08-10 13:46:21 -07:00
net_namespace.h
netfilter: nfacct: per network namespace support
2015-08-07 11:50:56 +02:00
net_ratelimit.h
netevent.h
netlabel.h
netlink.h
netlink: add nla_get for le32 and le64
2015-09-30 13:16:44 +02:00
netprio_cgroup.h
netrom.h
nexthop.h
nl802154.h
nl802154: add support for security layer
2015-09-30 13:16:44 +02:00
p8022.h
ping.h
net: Remove iocb argument from sendmsg and recvmsg
2015-03-02 13:06:31 -05:00
pkt_cls.h
pkt_sched.h
net: sched: consolidate tc_classify{,_compat}
2015-08-27 14:18:48 -07:00
protocol.h
psnap.h
raw.h
rawv6.h
red.h
regulatory.h
request_sock.h
tcp/dccp: fix race at listener dismantle phase
2015-10-16 00:52:19 -07:00
rose.h
route.h
net: Propagate lookup failure in l3mdev_get_saddr to caller
2016-01-04 22:58:30 -05:00
rtnetlink.h
netlink: Rightsize IFLA_AF_SPEC size calculation
2015-10-21 19:15:20 -07:00
sch_generic.h
net/sched: act_vlan: Push skb->data to mac_header prior calling skb_vlan_*() functions
2016-11-15 07:46:37 +01:00
scm.h
unix: correctly track in-flight fds in sending process user_struct
2016-03-03 15:07:05 -08:00
secure_seq.h
slhc_vj.h
snmp.h
sock.h
net: avoid sk_forward_alloc overflows
2016-11-15 07:46:36 +01:00
Space.h
stp.h
switchdev.h
switchdev: pass pointer to fib_info instead of copy
2016-06-24 10:18:16 -07:00
tcp_memcontrol.h
tcp_states.h
inet: add TCP_NEW_SYN_RECV state
2015-03-12 22:58:12 -04:00
tcp.h
tcp: take care of truncations done by sk_filter()
2016-11-21 10:06:40 +01:00
timewait_sock.h
inet: remove BUG_ON() in twsk_destructor()
2015-07-09 15:12:20 -07:00
transp_v6.h
tso.h
net: tso: add support for IPv6
2015-10-26 22:24:22 -07:00
udp_tunnel.h
vxlan: do not receive IPv4 packets on IPv6 socket
2015-08-29 13:07:54 -07:00
udp.h
net: Remove iocb argument from sendmsg and recvmsg
2015-03-02 13:06:31 -05:00
udplite.h
vsock_addr.h
vxlan.h
vxlan: fix incorrect RCO bit in VXLAN header
2015-12-05 18:15:29 -05:00
wext.h
wimax.h
x25.h
x25device.h
xfrm.h
xfrm: add rcu protection to sk->sk_policy[]
2015-12-11 19:22:06 -05:00