Kernel/linux
1
0
Fork 0
mirror of https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git synced 2025-01-15 09:34:17 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity
linux/include/net
History
Taehee Yoo 67a9c94317 net: validate lwtstate->data before returning from skb_tunnel_info() 
skb_tunnel_info() returns pointer of lwtstate->data as ip_tunnel_info
type without validation. lwtstate->data can have various types such as
mpls_iptunnel_encap, etc and these are not compatible.
So skb_tunnel_info() should validate before returning that pointer.

Splat looks like:
BUG: KASAN: slab-out-of-bounds in vxlan_get_route+0x418/0x4b0 [vxlan]
Read of size 2 at addr ffff888106ec2698 by task ping/811

CPU: 1 PID: 811 Comm: ping Not tainted 5.13.0+ #1195
Call Trace:
 dump_stack_lvl+0x56/0x7b
 print_address_description.constprop.8.cold.13+0x13/0x2ee
 ? vxlan_get_route+0x418/0x4b0 [vxlan]
 ? vxlan_get_route+0x418/0x4b0 [vxlan]
 kasan_report.cold.14+0x83/0xdf
 ? vxlan_get_route+0x418/0x4b0 [vxlan]
 vxlan_get_route+0x418/0x4b0 [vxlan]
 [ ... ]
 vxlan_xmit_one+0x148b/0x32b0 [vxlan]
 [ ... ]
 vxlan_xmit+0x25c5/0x4780 [vxlan]
 [ ... ]
 dev_hard_start_xmit+0x1ae/0x6e0
 __dev_queue_xmit+0x1f39/0x31a0
 [ ... ]
 neigh_xmit+0x2f9/0x940
 mpls_xmit+0x911/0x1600 [mpls_iptunnel]
 lwtunnel_xmit+0x18f/0x450
 ip_finish_output2+0x867/0x2040
 [ ... ]

Fixes: 61adedf3e3f1 ("route: move lwtunnel state to dst_entry")
Signed-off-by: Taehee Yoo <ap420073@gmail.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
2021-07-09 13:55:53 -07:00
..
9p
9p: apply review requests for fid refcounting
2020-11-19 17:21:34 +01:00
bluetooth
Bluetooth: Fix Set Extended (Scan Response) Data
2021-06-26 07:12:44 +02:00
caif
net: remove the caif_hsi driver
2021-07-01 13:19:48 -07:00
iucv
net/af_iucv: don't track individual TX skbs for TRANS_HIPER sockets
2021-01-28 20:36:21 -08:00
netfilter
netfilter: conntrack: nf_ct_gre_keymap_flush() removal
2021-07-02 02:07:01 +02:00
netns
netfilter: conntrack: add new sysctl to disable RST check
2021-07-06 14:15:12 +02:00
nfc
NFC: nci: fix memory leak in nci_allocate_device
2021-05-17 13:56:29 -07:00
phonet
treewide: Replace GPLv2 boilerplate/reference with SPDX - rule 336
2019-06-05 17:37:07 +02:00
sctp
sctp: move 198 addresses from unusable to private scope
2021-07-01 11:47:13 -07:00
tc_act
net/sched: act_vlan: Fix modify to allow 0
2021-06-01 16:54:42 -07:00
6lowpan.h
6lowpan: Replace zero-length array with flexible-array member
2020-02-28 14:51:30 +01:00
act_api.h
net: sched: fix err handler in tcf_action_init()
2021-04-08 13:47:33 -07:00
addrconf.h
net: bridge: mcast: fix broken length + header check for MRDv6 Adv.
2021-04-27 14:02:06 -07:00
af_ieee802154.h
treewide: Replace GPLv2 boilerplate/reference with SPDX - rule 174
2019-05-30 11:26:41 -07:00
af_rxrpc.h
afs: Don't truncate iter during data fetch
2021-04-23 10:17:26 +01:00
af_unix.h
unix: uses an atomic type for scm files accounting
2020-02-28 12:12:53 -08:00
af_vsock.h
af_vsock: rest of SEQPACKET support
2021-06-11 13:32:46 -07:00
ah.h
arp.h
net: avoid potential false sharing in neighbor related code
2019-11-06 16:14:48 -08:00
atmclip.h
ax25.h
ax25: fix possible use-after-free
2019-01-23 11:18:00 -08:00
ax88796.h
treewide: Replace GPLv2 boilerplate/reference with SPDX - rule 500
2019-06-19 17:09:55 +02:00
bareudp.h
bareudp: Reverted support to enable & disable rx metadata collection
2020-07-21 18:30:47 -07:00
bond_3ad.h
treewide: Replace GPLv2 boilerplate/reference with SPDX - rule 90
2019-05-24 17:37:53 +02:00
bond_alb.h
bonding/alb: Add helper functions to get the xmit slave
2020-05-01 12:15:37 -07:00
bond_options.h
bonding: add an option to specify a delay between peer notifications
2019-07-04 12:30:48 -07:00
bonding.h
bonding: Add struct bond_ipesc to manage SA
2021-07-06 10:36:59 -07:00
bpf_sk_storage.h
bpf: struct sock is declared twice in bpf_sk_storage header
2021-03-26 17:43:55 +01:00
busy_poll.h
net: annotate data race around sk_ll_usec
2021-07-01 11:23:50 -07:00
calipso.h
treewide: Replace GPLv2 boilerplate/reference with SPDX - rule 13
2019-05-21 11:28:45 +02:00
cfg80211-wext.h
treewide: Replace GPLv2 boilerplate/reference with SPDX - rule 500
2019-06-19 17:09:55 +02:00
cfg80211.h
Lots of changes:
2021-06-28 13:06:12 -07:00
cfg802154.h
cfg802154: Replace zero-length array with flexible-array member
2020-02-29 14:39:08 +01:00
checksum.h
saner calling conventions for csum_and_copy_..._user()
2020-08-20 15:45:15 -04:00
cipso_ipv4.h
cipso: Remove unused inline functions
2020-07-15 07:45:24 -07:00
cls_cgroup.h
bpf: Allow to retrieve cgroup v1 classid from v2 hooks
2020-03-27 19:40:38 -07:00
codel_impl.h
codel_qdisc.h
codel.h
compat.h
compat: always include linux/compat.h from net/compat.h
2020-11-23 13:31:54 -08:00
datalink.h
dcbevent.h
treewide: Replace GPLv2 boilerplate/reference with SPDX - rule 201
2019-05-30 11:29:52 -07:00
dcbnl.h
treewide: Replace GPLv2 boilerplate/reference with SPDX - rule 201
2019-05-30 11:29:52 -07:00
devlink.h
net: core: devlink: add dropped stats traps field
2021-06-14 13:04:25 -07:00
dn_dev.h
dn_fib.h
net: dn_fib: Replace zero-length array with flexible-array member
2020-02-29 21:52:20 -08:00
dn_neigh.h
dn_nsp.h
treewide: Replace GPLv2 boilerplate/reference with SPDX - rule 24
2019-05-21 11:52:39 +02:00
dn_route.h
treewide: Replace GPLv2 boilerplate/reference with SPDX - rule 24
2019-05-21 11:52:39 +02:00
dn.h
dsa.h
net: dsa: reference count the FDB addresses at the cross-chip notifier level
2021-06-29 10:46:23 -07:00
dsfield.h
ipv6: Annotate bitwise IPv6 dsfield pointer cast
2019-12-16 16:09:44 -08:00
dst_cache.h
net: core: dst_cache_set_ip6: Rename 'addr' parameter to 'saddr' for consistency
2018-03-05 12:52:45 -05:00
dst_metadata.h
net: validate lwtstate->data before returning from skb_tunnel_info()
2021-07-09 13:55:53 -07:00
dst_ops.h
net/dst: use a smaller percpu_counter batch for dst entries accounting
2020-05-08 21:33:33 -07:00
dst.h
net: Consolidate common blackhole dst ops
2021-03-10 12:24:18 -08:00
erspan.h
erspan: Add type I version 0 support.
2020-05-05 13:23:29 -07:00
esp.h
ESP: Export esp_output_fill_trailer function
2020-02-19 13:52:32 +01:00
espintcp.h
xfrm: espintcp: save and call old ->sk_destruct
2020-04-20 07:34:16 +02:00
ethoc.h
treewide: Replace GPLv2 boilerplate/reference with SPDX - rule 500
2019-06-19 17:09:55 +02:00
failover.h
net: Introduce generic failover module
2018-05-28 22:59:54 -04:00
fib_notifier.h
ipv6: Remove old route notifications and convert listeners
2019-12-24 22:37:30 -08:00
fib_rules.h
fib: use indirect call wrappers in the most common fib_rules_ops
2020-07-28 17:42:31 -07:00
firewire.h
flow_dissector.h
flow_dissector: constify raw input data argument
2021-03-14 14:46:32 -07:00
flow_offload.h
flow_offload: action should not be NULL when it is referenced
2021-06-28 14:24:06 -07:00
flow.h
flow: remove spi key from flowi struct
2021-04-19 12:25:11 +02:00
fou.h
fq_impl.h
net/fq_impl: do not maintain a backlog-sorted list of flows
2021-01-21 13:33:45 +01:00
fq.h
net/fq_impl: do not maintain a backlog-sorted list of flows
2021-01-21 13:33:45 +01:00
garp.h
treewide: Use sizeof_field() macro
2019-12-09 10:36:44 -08:00
gen_stats.h
net_sched: extend packet counter to 64bit
2019-11-05 18:20:55 -08:00
genetlink.h
mptcp: avoid lock_fast usage in accept path
2021-02-12 16:31:46 -08:00
geneve.h
net: Move the definition of the default Geneve udp port to public header file
2019-03-22 12:09:31 -07:00
gre.h
ip_gre: add csum offload support for gre header
2021-01-29 20:39:14 -08:00
gro_cells.h
gro.h
gro: add combined call_gro_receive() + INDIRECT_CALL_INET() helper
2021-03-18 19:51:12 -07:00
gtp.h
gue.h
GUE: Fix a typo
2020-06-22 21:12:44 -07:00
hwbm.h
net: hwbm: if CONFIG_NET_HWBM unset, make stub functions static
2019-10-25 16:24:32 -07:00
icmp.h
ipv6: ICMPV6: add response to ICMPV6 RFC 8335 PROBE messages
2021-06-28 14:29:45 -07:00
ieee80211_radiotap.h
mac80211: add radiotap flag to assure frames are not reordered
2020-11-06 11:01:01 +01:00
ieee802154_netdev.h
treewide: Replace GPLv2 boilerplate/reference with SPDX - rule 174
2019-05-30 11:26:41 -07:00
if_inet6.h
mld: add mc_lock for protecting per-interface mld data
2021-03-26 15:14:56 -07:00
ife.h
net: ife: drop include of module.h from net/ife.h
2019-04-22 21:50:53 -07:00
ila.h
treewide: Replace GPLv2 boilerplate/reference with SPDX - rule 152
2019-05-30 11:26:32 -07:00
inet6_connection_sock.h
treewide: Replace GPLv2 boilerplate/reference with SPDX - rule 152
2019-05-30 11:26:32 -07:00
inet6_hashtables.h
net: Track socket refcounts in skb_steal_sock()
2020-03-30 13:45:04 -07:00
inet_common.h
bpf: Allow rewriting to ports under ip_unprivileged_port_start
2021-01-27 18:18:15 -08:00
inet_connection_sock.h
tcp: change ICSK_CA_PRIV_SIZE definition
2021-06-29 11:54:36 -07:00
inet_ecn.h
inet_ecn: Use csum16_add() helper for IP_ECN_set_* helpers
2020-12-14 18:38:58 -08:00
inet_frag.h
inet: frags: batch fqdir destroy works
2020-12-12 15:08:54 -08:00
inet_hashtables.h
tcp: fix race condition when creating child sockets from syncookies
2020-11-23 16:32:33 -08:00
inet_sock.h
inet: remove inet_sk_copy_descendant()
2020-08-26 07:33:19 -07:00
inet_timewait_sock.h
tcp: honor SO_PRIORITY in TIME_WAIT state
2019-09-27 12:05:02 +02:00
inetpeer.h
net: ipv4: use a dedicated counter for icmp_v4 redirect packets
2019-02-08 21:50:15 -08:00
ip6_checksum.h
tcp: remove indirect calls for icsk->icsk_af_ops->send_check
2020-06-20 17:47:53 -07:00
ip6_fib.h
IPv6: Add "offload failed" indication to routes
2021-02-08 16:47:03 -08:00
ip6_route.h
net: ipv6: fix return value of ip6_skb_dst_mtu
2021-07-02 11:57:01 -07:00
ip6_tunnel.h
ip6_tunnel: allow not to count pkts on tstats by passing dev as NULL
2019-06-18 20:48:45 -04:00
ip_fib.h
ipv4: Add a sysctl to control multipath hash fields
2021-05-18 13:27:32 -07:00
ip_tunnels.h
Merge https://git.kernel.org/pub/scm/linux/kernel/git/netdev/net
2020-11-19 19:08:46 -08:00
ip_vs.h
netfilter: move handlers to net/ip_vs.h
2021-02-04 18:37:57 -08:00
ip.h
net: lwtunnel: handle MTU calculation in forwading
2021-06-28 12:42:14 -07:00
ipcomp.h
ipconfig.h
ipv6_frag.h
ipv6: Remove dependency of ipv6_frag_thdr_truncated on ipv6 module
2020-11-19 10:49:50 -08:00
ipv6_stubs.h
ipv6: add ipv6_dev_find to stubs
2021-03-30 13:29:39 -07:00
ipv6.h
ipv6: Add a sysctl to control multipath hash fields
2021-05-18 13:27:32 -07:00
ipx.h
bonding/alb: properly access headers in bond_alb_xmit()
2020-02-05 14:28:09 +01:00
iw_handler.h
net: Spelling s/stucture/structure/
2018-03-27 09:51:23 +02:00
kcm.h
treewide: Replace GPLv2 boilerplate/reference with SPDX - rule 500
2019-06-19 17:09:55 +02:00
l3mdev.h
l3mdev: add infrastructure for table to VRF mapping
2020-06-20 17:22:22 -07:00
lag.h
net: Add lag.h, net_lag_port_dev_txable()
2018-07-11 23:10:19 -07:00
lapb.h
net: lapb: Make "lapb_t1timer_running" able to detect an already running timer
2021-03-23 14:14:50 -07:00
lib80211.h
llc_c_ac.h
llc_c_ev.h
llc_c_st.h
llc_conn.h
llc: fix sk_buff leak in llc_conn_service()
2019-10-08 13:23:05 -07:00
llc_if.h
llc_pdu.h
llc_s_ac.h
llc_s_ev.h
llc_s_st.h
llc_sap.h
llc.h
llc: avoid blocking in llc_sap_close()
2018-09-13 09:04:58 -07:00
lwtunnel.h
net: add net available in build_state
2020-03-29 22:30:57 -07:00
mac80211.h
mac80211: Switch to a virtual time-based airtime scheduler
2021-06-23 18:12:00 +02:00
mac802154.h
treewide: Replace GPLv2 boilerplate/reference with SPDX - rule 174
2019-05-30 11:26:41 -07:00
macsec.h
net: macsec: fix the length used to copy the key for offloading
2021-06-24 12:41:12 -07:00
mip6.h
net: mip6: Replace zero-length array with flexible-array member
2020-03-02 11:16:27 -08:00
mld.h
mld: add new workqueues for process mld events
2021-03-26 15:14:56 -07:00
mpls_iptunnel.h
net: mpls: Replace zero-length array with flexible-array member
2020-02-28 12:08:37 -08:00
mpls.h
net: Make mpls_entry_encode() available for generic users
2020-05-29 21:20:20 -07:00
mptcp.h
mptcp: add allow_join_id0 in mptcp_out_options
2021-06-22 14:36:01 -07:00
mrp.h
treewide: Use sizeof_field() macro
2019-12-09 10:36:44 -08:00
ncsi.h
ndisc.h
ipv6: ndisc: adjust ndisc_ifinfo_sysctl_change prototype
2020-08-24 06:40:07 -07:00
neighbour.h
net: Exempt multicast addresses from five-second neighbor lifetime
2020-11-13 14:24:39 -08:00
net_failover.h
net: Introduce net_failover driver
2018-05-28 22:59:54 -04:00
net_namespace.h
Merge git://git.kernel.org/pub/scm/linux/kernel/git/netdev/net
2021-06-18 19:47:02 -07:00
net_ratelimit.h
netevent.h
net: ipv4: Notify about changes to ip_forward_update_priority
2018-08-01 09:52:30 -07:00
netlabel.h
treewide: Replace GPLv2 boilerplate/reference with SPDX - rule 13
2019-05-21 11:28:45 +02:00
netlink.h
treewide: rename nla_strlcpy to nla_strscpy.
2020-11-16 08:08:54 -08:00
netprio_cgroup.h
netprio: use css ID instead of cgroup ID
2019-11-12 08:18:03 -08:00
netrom.h
net: netrom: Fix error cleanup path of nr_proto_init
2019-04-11 13:59:49 -07:00
nexthop.h
nexthop: Rename artifacts related to legacy multipath nexthop groups
2021-03-28 17:53:39 -07:00
nl802154.h
nsh.h
p8022.h
page_pool.h
page_pool: Allow drivers to hint on SKB recycling
2021-06-07 14:11:47 -07:00
pie.h
pie: realign comment
2020-03-04 13:25:55 -08:00
ping.h
treewide: Replace GPLv2 boilerplate/reference with SPDX - rule 152
2019-05-30 11:26:32 -07:00
pkt_cls.h
net: zero-initialize tc skb extension on allocation
2021-05-25 15:36:42 -07:00
pkt_sched.h
net: sched: fix tx action rescheduling issue during deactivation
2021-05-14 15:05:46 -07:00
pptp.h
protocol.h
net: Remove the member netns_ok
2021-05-17 15:29:35 -07:00
psample.h
psample: Add additional metadata attributes
2021-03-14 15:00:43 -07:00
psnap.h
raw.h
treewide: Replace GPLv2 boilerplate/reference with SPDX - rule 152
2019-05-30 11:26:32 -07:00
rawv6.h
red.h
sch_red: fix off-by-one checks in red_check_params()
2021-03-25 17:40:43 -07:00
regulatory.h
net/wireless: regulatory.h: drop duplicate word in comment
2020-07-31 09:24:23 +02:00
request_sock.h
tcp: bpf: Optionally store mac header in TCP_SAVE_SYN
2020-08-24 14:35:00 -07:00
rose.h
proc: introduce proc_create_seq{,_data}
2018-05-16 07:23:35 +02:00
route.h
lsm,selinux: pass flowi_common instead of flowi to the LSM hooks
2020-11-23 18:36:21 -05:00
rpl.h
net: ipv6: Use struct_size() helper and kcalloc()
2020-06-23 20:27:09 -07:00
rsi_91x.h
Bluetooth: btrsi: add new rsi bluetooth driver
2018-03-13 18:37:02 +02:00
rtnetlink.h
rtnetlink: add alloc() method to rtnl_link_ops
2021-06-12 13:16:45 -07:00
rtnh.h
net: Rename net/nexthop.h net/rtnh.h
2019-04-22 21:47:25 -07:00
sch_generic.h
Merge git://git.kernel.org/pub/scm/linux/kernel/git/netdev/net
2021-06-29 15:45:27 -07:00
scm.h
fs: Move __scm_install_fd() to __receive_fd()
2020-07-13 11:03:44 -07:00
secure_seq.h
seg6_hmac.h
treewide: Replace GPLv2 boilerplate/reference with SPDX - rule 152
2019-05-30 11:26:32 -07:00
seg6_local.h
treewide: Replace GPLv2 boilerplate/reference with SPDX - rule 152
2019-05-30 11:26:32 -07:00
seg6.h
seg6: fix seg6_validate_srh() to avoid slab-out-of-bounds
2020-06-04 15:39:32 -07:00
selftests.h
net: selftest: fix build issue if INET is disabled
2021-04-28 14:06:45 -07:00
slhc_vj.h
slip: Check if rstate is initialized before uncompressing
2018-04-11 10:33:46 -04:00
smc.h
net/smc: introduce CHID callback for ISM devices
2020-09-28 15:19:03 -07:00
snmp.h
net/tls: add skeleton of MIB statistics
2019-10-05 16:29:00 -07:00
sock_reuseport.h
tcp: Add reuseport_migrate_sock() to select a new listener.
2021-06-15 18:01:05 +02:00
sock.h
net: sock: extend SO_TIMESTAMPING for PHC binding
2021-07-01 13:08:18 -07:00
Space.h
net/mac89x0: Convert to platform_driver
2018-03-01 21:21:36 -05:00
stp.h
strparser.h
treewide: Replace GPLv2 boilerplate/reference with SPDX - rule 500
2019-06-19 17:09:55 +02:00
switchdev.h
net: switchdev: add a context void pointer to struct switchdev_notifier_info
2021-06-28 14:09:03 -07:00
tcp_states.h
treewide: Replace GPLv2 boilerplate/reference with SPDX - rule 152
2019-05-30 11:26:32 -07:00
tcp.h
tcp: consistently disable header prediction for mptcp
2021-07-01 13:22:40 -07:00
timewait_sock.h
treewide: Replace GPLv2 boilerplate/reference with SPDX - rule 152
2019-05-30 11:26:32 -07:00
tipc.h
flow_dissector: do not rely on implicit casts
2018-05-08 00:02:41 -04:00
tls_toe.h
net/tls: rename tls_hw_* functions tls_toe_*
2019-10-04 14:07:07 -07:00
tls.h
net: sock: introduce sk_error_report
2021-06-29 11:28:21 -07:00
transp_v6.h
tcp: move ipv4_specific to tcp include file
2020-06-23 20:10:15 -07:00
tso.h
net: tso: cache transport header length
2020-06-18 20:46:23 -07:00
tun_proto.h
udp_tunnel.h
udp: call udp_encap_enable for v6 sockets when enabling encap
2021-02-04 18:37:14 -08:00
udp.h
skmsg: Pass psock pointer to ->psock_update_sk_prot()
2021-04-12 17:34:27 +02:00
udplite.h
udplite: fix partial checksum initialization
2018-02-16 15:57:42 -05:00
vsock_addr.h
vsock: remove include/linux/vm_sockets.h file
2019-11-14 18:12:17 -08:00
vxlan.h
net: sched: only keep the available bits when setting vxlan md->gbp
2020-09-14 16:49:39 -07:00
wext.h
lift handling of SIOCIW... out of dev_ioctl()
2018-01-24 19:13:45 -05:00
x25.h
net/x25: add new state X25_STATE_5
2019-12-09 10:28:43 -08:00
x25device.h
xdp_priv.h
page_pool: do not release pool until inflight == 0.
2019-11-16 12:39:10 -08:00
xdp_sock_drv.h
xsk: Introduce batched Tx descriptor interfaces
2020-11-17 22:07:40 +01:00
xdp_sock.h
xdp: Add proper __rcu annotations to redirect map entries
2021-06-24 19:41:15 +02:00
xdp.h
xdp: Extend xdp_redirect_map with broadcast support
2021-05-26 09:46:16 +02:00
xfrm.h
Merge git://git.kernel.org/pub/scm/linux/kernel/git/netdev/net
2021-06-29 15:45:27 -07:00
xsk_buff_pool.h
xsk: Fix missing validation for skb and unaligned mode
2021-06-18 16:57:19 +02:00