Kernel/linux-next
1
0
Fork 0
mirror of https://git.kernel.org/pub/scm/linux/kernel/git/next/linux-next.git synced 2025-01-12 00:38:55 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity
linux-next/net/core
History
Eric Dumazet 2d5311e4e8 filter: add a security check at install time 
We added some security checks in commit 57fe93b374a6
(filter: make sure filters dont read uninitialized memory) to close a
potential leak of kernel information to user.

This added a potential extra cost at run time, while we can perform a
check of the filter itself, to make sure a malicious user doesnt try to
abuse us.

This patch adds a check_loads() function, whole unique purpose is to
make this check, allocating a temporary array of mask. We scan the
filter and propagate a bitmask information, telling us if a load M(K) is
allowed because a previous store M(K) is guaranteed. (So that
sk_run_filter() can possibly not read unitialized memory)

Note: this can uncover application bug, denying a filter attach,
previously allowed.

Signed-off-by: Eric Dumazet <eric.dumazet@gmail.com>
Cc: Dan Rosenberg <drosenberg@vsecurity.com>
Cc: Changli Gao <xiaosuo@gmail.com>
Acked-by: Changli Gao <xiaosuo@gmail.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
2010-12-06 12:59:09 -08:00
..
datagram.c
Merge git://git.kernel.org/pub/scm/linux/kernel/git/davem/net-next-2.6
2010-10-23 11:47:02 -07:00
dev_addr_lists.c
net: include linux/proc_fs.h in dev_addr_lists.c
2010-04-07 16:46:36 -07:00
dev.c
net: Fix too optimistic NETIF_F_HW_CSUM features
2010-12-06 12:59:04 -08:00
drop_monitor.c
drop_monitor: use genl_register_family_with_ops()
2010-07-26 20:59:42 -07:00
dst.c
net/dst: dst_dev_event() called after other notifiers
2010-11-09 12:17:16 -08:00
ethtool.c
net: Fix too optimistic NETIF_F_HW_CSUM features
2010-12-06 12:59:04 -08:00
fib_rules.c
fib_rules: __rcu annotates ctarget
2010-10-27 11:37:32 -07:00
filter.c
filter: add a security check at install time
2010-12-06 12:59:09 -08:00
flow.c
net: return operator cleanup
2010-09-23 14:33:39 -07:00
gen_estimator.c
pkt_sched: remov unnecessary bh_disable
2010-09-10 12:47:59 -07:00
gen_stats.c
net/core: EXPORT_SYMBOL cleanups
2010-07-12 12:57:55 -07:00
iovec.c
net: Limit socket I/O iovec total length to INT_MAX.
2010-10-28 11:47:52 -07:00
kmap_skb.h
[PATCH] severing skbuff.h -> highmem.h
2006-12-04 02:00:29 -05:00
link_watch.c
net/core: EXPORT_SYMBOL cleanups
2010-07-12 12:57:55 -07:00
Makefile
net: support time stamping in phy devices.
2010-07-18 19:15:26 -07:00
neighbour.c
net/neighbour: cancel_delayed_work() + flush_scheduled_work() -> cancel_delayed_work_sync()
2010-10-21 04:25:48 -07:00
net_namespace.c
net_ns: add __rcu annotations
2010-10-25 14:18:27 -07:00
net-sysfs.c
net sched: use xps information for qdisc NUMA affinity
2010-12-01 12:47:42 -08:00
net-sysfs.h
xps: Add CONFIG_XPS
2010-11-28 18:24:14 -08:00
net-traces.c
netdev: Add tracepoints to netdev layer
2010-09-07 17:51:33 +02:00
netevent.c
net/core: EXPORT_SYMBOL cleanups
2010-07-12 12:57:55 -07:00
netpoll.c
net: add netif_tx_queue_frozen_or_stopped
2010-11-28 10:47:18 -08:00
pktgen.c
net: add netif_tx_queue_frozen_or_stopped
2010-11-28 10:47:18 -08:00
request_sock.c
tcp: Add timewait recycling bits to ipv6 connect code.
2010-12-02 12:14:29 -08:00
rtnetlink.c
rtnl: make link af-specific updates atomic
2010-11-27 22:56:08 -08:00
scm.c
scm: lower SCM_MAX_FD
2010-11-24 11:16:43 -08:00
skbuff.c
net: don't reallocate skb->head unless the current one hasn't the needed extra size or is shared
2010-12-03 10:59:47 -08:00
sock.c
net: avoid limits overflow
2010-11-10 12:12:00 -08:00
stream.c
net: Fix the condition passed to sk_wait_event()
2010-10-03 20:41:32 -07:00
sysctl_net_core.c
rps: add __rcu annotations
2010-10-25 14:18:27 -07:00
timestamping.c
filter: optimize sk_run_filter
2010-11-19 09:49:59 -08:00
user_dma.c
net/core/user_dma.c: Use frag list abstraction interfaces.
2009-06-09 00:19:10 -07:00
utils.c
net: return operator cleanup
2010-09-23 14:33:39 -07:00