android/android_kernel_samsung_sm8650
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
d17cc6885c
android_kernel_samsung_sm8650/net
History
Chris Lew 482c42cf37 net: qrtr: Update data_len when padding large skbs 
When the skb is greater than 16kb and needs to by padded, qrtr attempts
to manually pad the trailing bytes to be zeroed out and word aligned.

The padding of the page was happening correctly, but the bookkeeping on
the skb was not accurate. When skb->len was updated to account for the
new padding but skb->data_len was not, this made all skb functions
think the linear portion (skb->len - skb_data_len) was longer than it
actually was. This caused a pattern where skb_copy_bits() would copy
out of bounds on the linear section and shift the trailing bits into
the padded section.

Before padding without updating data_len.
 [  104.825620] qrtr: 00003e80: 66 d3 a0 e1 b6 04 e4 43 b7 aa f0 40 fb eb 38 dc
 [  104.825622] qrtr: 00003e90: f1 91 85 e5 17 26 2a a2 11 49 bc cc bd f3 d3 23
 [  104.825624] qrtr: 00003ea0: c6.

Adter padding without updating data_len.
 [  104.860041] qrtr: 00003e80: 66 d3 a0 e1 b6 04 e4 43 b7 aa f0 40 fb eb 38 dc
 [  104.860042] qrtr: 00003e90: f1 91 85 e5 17 26 2a a2 11 49 bc cc bd 00 00 00
 [  104.860043] qrtr: 00003ea0: f3 d3 23 c6.

Change-Id: I6c1c944ecf696360ada263046b0e0af1bfdeb505
Signed-off-by: Chris Lew <quic_clew@quicinc.com>
2022-11-02 16:05:05 -07:00
..
6lowpan net: 6lowpan: constify lowpan_nhc structures 2022-06-09 21:53:28 +02:00
9p iov_iter stuff, part 2, rebased 2022-08-08 20:04:35 -07:00
802
8021q Merge git://git.kernel.org/pub/scm/linux/kernel/git/netdev/net 2022-07-14 15:27:35 -07:00
appletalk net: remove noblock parameter from skb_recv_datagram() 2022-04-06 13:45:26 +01:00
atm net: SO_RCVMARK socket option for SO_MARK with recvmsg() 2022-04-28 13:08:15 -07:00
ax25 net: avoid overflow when rose /proc displays timer information. 2022-08-05 19:00:02 -07:00
batman-adv batman-adv: Fix hang up with small MTU hard-interface 2022-08-20 14:17:45 +02:00
bluetooth Bluetooth: hci_sync: Fix hci_read_buffer_size_sync 2022-09-02 14:01:28 -07:00
bpf bpf: Allow calling bpf_prog_test kfuncs in tracing programs 2022-08-09 18:46:11 -07:00
bpfilter uaccess: remove CONFIG_SET_FS 2022-02-25 09:36:06 +01:00
bridge netfilter: ebtables: fix memory leak when blob is malformed 2022-09-20 23:50:03 +02:00
caif caif: Fix bitmap data type in "struct caifsock" 2022-07-22 12:51:45 +01:00
can can: j1939: j1939_session_destroy(): fix memory leak of skbs 2022-08-09 09:05:06 +02:00
ceph libceph: clean up ceph_osdc_start_request prototype 2022-08-03 14:05:39 +02:00
core Merge c3e0e1e23c ("Merge tag 'irq_urgent_for_v6.0' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip") into android-mainline 2022-09-29 14:59:36 +02:00
dcb net: dcb: disable softirqs in dcbnl_flush_dev() 2022-03-03 08:01:55 -08:00
dccp dccp: put dccp_qpolicy_full() and dccp_qpolicy_push() in the same lock 2022-08-01 12:11:56 -07:00
decnet dn_route: replace "jiffies-now>0" with "jiffies!=now" 2022-07-29 20:12:49 -07:00
dns_resolver
dsa net: dsa: hellcreek: Print warning only once 2022-08-31 19:54:04 -07:00
ethernet net: ethernet: set default assignment identifier to NET_NAME_ENUM 2022-04-07 21:04:03 -07:00
ethtool net: delete extra space and tab in blank line 2022-07-25 19:38:31 -07:00
hsr treewide: Replace GPLv2 boilerplate/reference with SPDX - gpl-2.0_30.RULE (part 2) 2022-06-10 14:51:35 +02:00
ieee802154 net/ieee802154: fix uninit value bug in dgram_sendmsg 2022-09-16 10:53:55 +01:00
ife
ipv4 Merge a63f2e7cb1 ("Merge tag 'arm64-fixes' of git://git.kernel.org/pub/scm/linux/kernel/git/arm64/linux") into android-mainline 2022-09-24 12:29:55 +02:00
ipv6 Merge a63f2e7cb1 ("Merge tag 'arm64-fixes' of git://git.kernel.org/pub/scm/linux/kernel/git/arm64/linux") into android-mainline 2022-09-24 12:29:55 +02:00
iucv net: keep sk->sk_forward_alloc as small as possible 2022-06-10 16:21:27 -07:00
kcm kcm: fix strp_init() order and cleanup 2022-08-31 12:16:44 -07:00
key Merge branch 'master' of git://git.kernel.org/pub/scm/linux/kernel/git/klassert/ipsec 2022-08-24 12:51:50 +01:00
l2tp l2tp: l2tp_debugfs: fix Clang -Wformat warnings 2022-07-08 12:14:36 +01:00
l3mdev l3mdev: l3mdev_master_upper_ifindex_by_index_rcu should be using netdev_master_upper_dev_get_rcu 2022-04-15 14:27:24 -07:00
lapb
llc net: rename reference+tracking helpers 2022-06-09 21:52:55 -07:00
mac80211 A few late-comer fixes: 2022-09-27 16:52:45 -07:00
mac802154 net: mac802154: Fix a condition in the receive path 2022-08-29 11:10:22 +02:00
mctp Networking changes for 5.19. 2022-05-25 12:22:58 -07:00
mpls net: Use u64_stats_fetch_begin_irq() for stats fetch. 2022-08-29 13:02:27 +01:00
mptcp mptcp: fix unreleased socket in accept queue 2022-09-28 19:05:21 -07:00
ncsi net/ncsi: use proper "mellanox" DT vendor prefix 2022-06-23 20:51:06 -07:00
netfilter Merge a63f2e7cb1 ("Merge tag 'arm64-fixes' of git://git.kernel.org/pub/scm/linux/kernel/git/arm64/linux") into android-mainline 2022-09-24 12:29:55 +02:00
netlabel netlabel: fix typo in comment 2022-08-10 09:24:41 +01:00
netlink net: genl: fix error path memory leak in policy dumping 2022-08-18 10:20:48 -07:00
netrom net: remove noblock parameter from skb_recv_datagram() 2022-04-06 13:45:26 +01:00
nfc net: nfc: Directly use ida_alloc()/free() 2022-05-28 15:28:47 +01:00
nsh
openvswitch openvswitch: fix memory leak at failed datapath creation 2022-08-26 19:26:30 -07:00
packet net/af_packet: check len when min_header_len equals to 0 2022-07-29 12:09:27 +01:00
phonet net: remove noblock parameter from recvmsg() entities 2022-04-12 15:00:25 +02:00
psample
qrtr net: qrtr: Update data_len when padding large skbs 2022-11-02 16:05:05 -07:00
rds rds: add missing barrier to release_refill 2022-08-12 10:46:01 +01:00
rfkill rfkill: make new event layout opt-in 2022-03-18 13:09:17 +02:00
rose rose: check NULL rose_loopback_neigh->loopback 2022-08-22 14:24:54 +01:00
rxrpc rxrpc: Remove rxrpc_get_reply_time() which is no longer used 2022-09-01 11:44:13 +01:00
sched net: sched: act_ct: fix possible refcount leak in tcf_ct_init() 2022-09-26 12:40:39 -07:00
sctp Merge git://git.kernel.org/pub/scm/linux/kernel/git/netdev/net 2022-07-28 18:21:16 -07:00
smc net/smc: Stop the CLC flow if no link to map buffers on 2022-09-22 12:53:53 +02:00
strparser strparser: pad sk_skb_cb to avoid straddling cachelines 2022-07-08 18:38:44 -07:00
sunrpc NFS client bugfixes for Linux 6.0 2022-09-12 17:53:46 -04:00
switchdev net: rename reference+tracking helpers 2022-06-09 21:52:55 -07:00
tipc tipc: fix shift wrapping bug in map_get() 2022-09-02 12:26:29 +01:00
tls tls: rx: react to strparser initialization errors 2022-08-17 10:24:00 +01:00
unix Merge https://git.kernel.org/pub/scm/linux/kernel/git/bpf/bpf-next 2022-07-09 12:24:16 -07:00
vmw_vsock Merge tag 'v6.0-rc1' into android-mainline 2022-08-25 12:19:15 +02:00
wireless wifi: cfg80211: fix MCS divisor value 2022-09-27 10:26:55 +02:00
x25 net/x25: fix call timeouts in blocking connects 2022-08-08 20:48:51 -07:00
xdp xsk: Fix corrupted packets for XDP_SHARED_UMEM 2022-08-15 17:26:07 +02:00
xfrm Linux 6.0-rc3 2022-08-29 13:10:43 +02:00
compat.c net: clear msg_get_inq in __get_compat_msghdr() 2022-09-20 08:23:20 -07:00
devres.c
Kconfig page_pool: Add allocation stats 2022-03-03 09:55:28 +00:00
Kconfig.debug net: CONFIG_DEBUG_NET depends on CONFIG_NET 2022-06-02 10:15:05 -07:00
Makefile
OWNERS
socket.c net: Fix a data-race around sysctl_somaxconn. 2022-08-24 13:46:58 +01:00
sysctl_net.c
TEST_MAPPING