android/android_kernel_samsung_sm8650
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
android_kernel_samsung_sm8650/net/ipv6
History
Willem de Bruijn 4a06fa67c4 ip: on queued skb use skb_header_pointer instead of pskb_may_pull 
Commit 2efd4fca703a ("ip: in cmsg IP(V6)_ORIGDSTADDR call
pskb_may_pull") avoided a read beyond the end of the skb linear
segment by calling pskb_may_pull.

That function can trigger a BUG_ON in pskb_expand_head if the skb is
shared, which it is when when peeking. It can also return ENOMEM.

Avoid both by switching to safer skb_header_pointer.

Fixes: 2efd4fca703a ("ip: in cmsg IP(V6)_ORIGDSTADDR call pskb_may_pull")
Reported-by: syzbot <syzkaller@googlegroups.com>
Suggested-by: Eric Dumazet <edumazet@google.com>
Signed-off-by: Willem de Bruijn <willemb@google.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
2019-01-10 09:27:20 -05:00
..
ila
ila: remove blank lines at EOF
2018-07-24 14:10:42 -07:00
netfilter
Merge git://git.kernel.org/pub/scm/linux/kernel/git/pablo/nf-next
2018-12-20 18:20:26 -08:00
addrconf_core.c
net/ipv6: Add helper to return path MTU based on fib result
2018-05-22 10:51:09 +02:00
addrconf.c
netlink: fixup regression in RTM_GETADDR
2019-01-04 12:47:06 -08:00
addrlabel.c
net/ipv6: Update ip6addrlbl_dump for strict data checking
2018-10-08 10:39:05 -07:00
af_inet6.c
ipv6: Take rcu_read_lock in __inet6_bind for mapped addresses
2019-01-05 14:17:07 -08:00
ah6.c
Merge git://git.kernel.org/pub/scm/linux/kernel/git/davem/net-next
2017-11-15 11:56:19 -08:00
anycast.c
net/ipv6: compute anycast address hash only if dev is null
2018-11-08 17:04:43 -08:00
calipso.c
ipv6: make ipv6_renew_options() interrupt/kernel safe
2018-07-05 20:15:26 +09:00
datagram.c
ip: on queued skb use skb_header_pointer instead of pskb_may_pull
2019-01-10 09:27:20 -05:00
esp6_offload.c
net: use skb_sec_path helper in more places
2018-12-19 11:21:37 -08:00
esp6.c
net: use skb_sec_path helper in more places
2018-12-19 11:21:37 -08:00
exthdrs_core.c
net: ipv6: Fix typo in ipv6_find_hdr() documentation
2018-05-07 23:50:27 -04:00
exthdrs_offload.c
ipv6: fix exthdrs offload registration in out_rt path
2015-09-02 15:31:00 -07:00
exthdrs.c
ipv6: make ipv6_renew_options() interrupt/kernel safe
2018-07-05 20:15:26 +09:00
fib6_notifier.c
net: Add module reference to FIB notifiers
2017-09-01 20:33:42 -07:00
fib6_rules.c
net/ipv6: Add fib6_lookup
2018-05-11 00:10:56 +02:00
fou6.c
fou6: Prevent unbounded recursion in GUE error handler
2019-01-04 13:06:07 -08:00
icmp.c
ipv6: make icmp6_send() robust against null skb->dev
2019-01-04 13:40:03 -08:00
inet6_connection_sock.c
Merge git://git.kernel.org/pub/scm/linux/kernel/git/davem/net
2017-01-28 10:33:06 -05:00
inet6_hashtables.c
net: tcp6: prefer listeners bound to an address
2018-12-14 15:55:20 -08:00
ip6_checksum.c
net: udp: fix handling of CHECKSUM_COMPLETE packets
2018-10-24 14:18:16 -07:00
ip6_fib.c
ipv6: Fix dump of specific table with strict checking
2019-01-02 20:15:43 -08:00
ip6_flowlabel.c
ipv6: fold sockcm_cookie into ipcm6_cookie
2018-07-07 10:58:49 +09:00
ip6_gre.c
ip: validate header length on virtual device xmit
2019-01-01 12:05:02 -08:00
ip6_icmp.c
License cleanup: add SPDX GPL-2.0 license identifier to files with no license
2017-11-02 11:10:55 +01:00
ip6_input.c
Merge git://git.kernel.org/pub/scm/linux/kernel/git/davem/net
2018-12-09 21:43:31 -08:00
ip6_offload.c
net: use indirect call wrappers at GRO transport layer
2018-12-15 13:23:02 -08:00
ip6_offload.h
udp: Add GRO functions to UDP socket
2016-04-07 16:53:29 -04:00
ip6_output.c
Merge git://git.kernel.org/pub/scm/linux/kernel/git/davem/net
2018-12-20 11:53:36 -08:00
ip6_tunnel.c
ip: validate header length on virtual device xmit
2019-01-01 12:05:02 -08:00
ip6_udp_tunnel.c
Merge git://git.kernel.org/pub/scm/linux/kernel/git/davem/net
2018-12-20 11:53:36 -08:00
ip6_vti.c
ip: validate header length on virtual device xmit
2019-01-01 12:05:02 -08:00
ip6mr.c
ip: validate header length on virtual device xmit
2019-01-01 12:05:02 -08:00
ipcomp6.c
net: inet: Support UID-based routing in IP protocols.
2016-11-04 14:45:23 -04:00
ipv6_sockglue.c
ipv6: allow ping to link-local address in VRF
2018-11-07 16:12:39 -08:00
Kconfig
net: remove blank lines at end of file
2018-07-24 14:10:43 -07:00
Makefile
License cleanup: add SPDX GPL-2.0 license identifier to files with no license
2017-11-02 11:10:55 +01:00
mcast_snoop.c
net: fix wrong skb_get() usage / crash in IGMP/MLD parsing code
2015-08-13 17:08:39 -07:00
mcast.c
Merge git://git.kernel.org/pub/scm/linux/kernel/git/davem/net
2018-10-19 11:03:06 -07:00
mip6.c
ktime: Get rid of ktime_equal()
2016-12-25 17:21:23 +01:00
ndisc.c
ipv6/ndisc: Preserve IPv6 control buffer if protocol error handlers are called
2018-10-26 15:58:06 -07:00
netfilter.c
netfilter: ipv6: Preserve link scope traffic original oif
2018-11-27 00:12:20 +01:00
output_core.c
net: accept UFO datagrams from tuntap and packet
2017-11-24 01:37:35 +09:00
ping.c
ipv6: fold sockcm_cookie into ipcm6_cookie
2018-07-07 10:58:49 +09:00
proc.c
proc: introduce proc_create_net_single
2018-05-16 07:24:30 +02:00
protocol.c
net: Add sysctl to toggle early demux for tcp and udp
2017-03-24 13:17:07 -07:00
raw.c
Merge git://git.kernel.org/pub/scm/linux/kernel/git/davem/net
2018-12-20 11:53:36 -08:00
reassembly.c
ipv6: fix typo in net/ipv6/reassembly.c
2018-12-30 13:02:46 -08:00
route.c
ipv6: route: Fix return value of ip6_neigh_lookup() on neigh_create() error
2019-01-02 10:29:20 -08:00
seg6_hmac.c
Merge ra.kernel.org:/pub/scm/linux/kernel/git/davem/net
2018-07-03 10:29:26 +09:00
seg6_iptunnel.c
ipv6: sr: properly initialize flowi6 prior passing to ip6_route_output
2018-12-07 12:22:39 -08:00
seg6_local.c
bpf: add End.DT6 action to bpf_lwt_seg6_action helper
2018-07-31 09:22:48 +02:00
seg6.c
rhashtable: split rhashtable.h
2018-06-22 13:43:27 +09:00
sit.c
ip: validate header length on virtual device xmit
2019-01-01 12:05:02 -08:00
syncookies.c
net/ipv4: disable SMC TCP option with SYN Cookies
2018-03-25 20:53:54 -04:00
sysctl_net_ipv6.c
ipv6: sr: Compute flowlabel for outer IPv6 header of seg6 encap mode
2018-04-25 13:02:15 -04:00
tcp_ipv6.c
ipv6: Fix handling of LLA with VRF and sockets bound to VRF
2018-12-15 11:36:14 -08:00
tcpv6_offload.c
net: use indirect call wrappers at GRO transport layer
2018-12-15 13:23:02 -08:00
tunnel6.c
net: Convert protocol error handlers from void to int
2018-11-08 17:13:08 -08:00
udp_impl.h
net: Convert protocol error handlers from void to int
2018-11-08 17:13:08 -08:00
udp_offload.c
net: use indirect call wrappers at GRO transport layer
2018-12-15 13:23:02 -08:00
udp.c
bpf: Fix [::] -> [::1] rewrite in sys_sendmsg
2019-01-04 20:23:33 -08:00
udplite.c
net: Convert protocol error handlers from void to int
2018-11-08 17:13:08 -08:00
xfrm6_input.c
net: use skb_sec_path helper in more places
2018-12-19 11:21:37 -08:00
xfrm6_mode_beet.c
networking: make skb_pull & friends return void pointers
2017-06-16 11:48:39 -04:00
xfrm6_mode_ro.c
ipv6: xfrm: use 64-bit timestamps
2018-07-11 15:26:35 +02:00
xfrm6_mode_transport.c
xfrm: reset transport header back to network header after all input transforms ahave been applied
2018-09-04 10:26:30 +02:00
xfrm6_mode_tunnel.c
xfrm: Verify MAC header exists before overwriting eth_hdr(skb)->h_proto
2018-03-07 10:54:29 +01:00
xfrm6_output.c
xfrm6: call kfree_skb when skb is toobig
2018-09-03 07:37:57 +02:00
xfrm6_policy.c
xfrm6: remove BUG_ON from xfrm6_dst_ifdown
2018-11-22 07:55:48 +01:00
xfrm6_protocol.c
net: Convert protocol error handlers from void to int
2018-11-08 17:13:08 -08:00
xfrm6_state.c
xfrm: remove VLA usage in __xfrm6_sort()
2018-04-26 07:51:48 +02:00
xfrm6_tunnel.c
xfrm6_tunnel: Fix spi check in __xfrm6_tunnel_alloc_spi
2018-12-19 12:33:17 +01:00