android/android_kernel_xiaomi_sm8450
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
android_kernel_xiaomi_sm8450/net
History
Lu Wei 4f23cb2be5 tcp: fix a signed-integer-overflow bug in tcp_add_backlog() 
[ Upstream commit ec791d8149ff60c40ad2074af3b92a39c916a03f ]

The type of sk_rcvbuf and sk_sndbuf in struct sock is int, and
in tcp_add_backlog(), the variable limit is caculated by adding
sk_rcvbuf, sk_sndbuf and 64 * 1024, it may exceed the max value
of int and overflow. This patch reduces the limit budget by
halving the sndbuf to solve this issue since ACK packets are much
smaller than the payload.

Fixes: c9c3321257e1 ("tcp: add tcp_add_backlog()")
Signed-off-by: Lu Wei <luwei32@huawei.com>
Reviewed-by: Eric Dumazet <edumazet@google.com>
Acked-by: Kuniyuki Iwashima <kuniyu@amazon.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
Signed-off-by: Sasha Levin <sashal@kernel.org>
2022-11-03 23:57:52 +09:00
..
6lowpan
6lowpan: iphc: Fix an off-by-one check of array index
2021-09-15 09:50:34 +02:00
9p
net/9p: Initialize the iounit field during fid creation
2022-08-21 15:16:26 +02:00
802
net/802/garp: fix memleak in garp_request_join()
2021-07-31 08:16:11 +02:00
8021q
net: make free_netdev() more lenient with unregistering devices
2022-07-29 17:19:07 +02:00
appletalk
appletalk: Fix skb allocation size in loopback case
2021-04-07 15:00:08 +02:00
atm
net/atm: fix proc_mpc_write incorrect return value
2022-10-30 09:41:16 +01:00
ax25
net: ax25: Fix deadlock caused by skb_recv_datagram in ax25_recvmsg
2022-06-22 14:13:17 +02:00
batman-adv
batman-adv: Don't skb_split skbuffs with frag_list
2022-05-18 10:23:42 +02:00
bluetooth
Bluetooth: L2CAP: Fix user-after-free
2022-10-26 13:25:47 +02:00
bpf
bpf: Don't redirect packets with invalid pkt_len
2022-09-05 10:28:56 +02:00
bpfilter
bpfilter: Specify the log level for the kmsg message
2021-07-14 16:56:29 +02:00
bridge
netfilter: ebtables: fix memory leak when blob is malformed
2022-09-28 11:10:36 +02:00
caif
net-caif: avoid user-triggerable WARN_ON(1)
2021-09-22 12:27:56 +02:00
can
can: j1939: transport: j1939_session_skb_drop_old(): spin_unlock_irqrestore() before kfree_skb()
2022-11-03 23:57:48 +09:00
ceph
libceph: fix potential use-after-free on linger ping and resends
2022-05-25 09:17:56 +02:00
core
net: fix UAF issue in nfqnl_nf_hook_drop() when ops_init() failed
2022-11-03 23:57:52 +09:00
dcb
net: dcb: disable softirqs in dcbnl_flush_dev()
2022-03-08 19:09:37 +01:00
dccp
dccp: put dccp_qpolicy_full() and dccp_qpolicy_push() in the same lock
2022-08-21 15:15:52 +02:00
decnet
net: Fix data-races around sysctl_[rw]mem(_offset)?.
2022-08-31 17:15:19 +02:00
dns_resolver
docs: networking: convert dns_resolver.txt to ReST
2020-04-28 14:39:46 -07:00
dsa
net: dsa: Add missing of_node_put() in dsa_port_link_register_of
2022-05-09 09:05:02 +02:00
ethernet
net: move devres helpers into a separate source file
2020-05-23 16:56:17 -07:00
ethtool
ethtool: do not perform operations on net devices being unregistered
2021-12-17 10:14:41 +01:00
hsr
net: hsr: avoid possible NULL deref in skb_clone()
2022-10-30 09:41:17 +01:00
ieee802154
net: ieee802154: fix error return code in dgram_bind()
2022-11-03 23:57:51 +09:00
ife
ipv4
tcp: fix a signed-integer-overflow bug in tcp_add_backlog()
2022-11-03 23:57:52 +09:00
ipv6
udp: Update reuse->has_conns under reuseport_lock.
2022-10-30 09:41:19 +01:00
iucv
net/af_iucv: remove WARN_ONCE on malformed RX packets
2021-03-07 12:34:05 +01:00
kcm
kcm: annotate data-races around kcm->rx_wait
2022-11-03 23:57:52 +09:00
key
af_key: Do not call xfrm_probe_algs in parallel
2022-08-31 17:15:15 +02:00
l2tp
ipv6: Fix signed integer overflow in l2tp_ip6_sendmsg
2022-06-22 14:13:15 +02:00
l3mdev
l3mdev: l3mdev_master_upper_ifindex_by_index_rcu should be using netdev_master_upper_dev_get_rcu
2022-04-27 13:53:50 +02:00
lapb
net: lapb: Copy the skb before sending a packet
2021-02-10 09:29:14 +01:00
llc
llc: only change llc->dev when bind() succeeds
2022-03-28 09:57:10 +02:00
mac80211
wifi: mac80211: allow bw change during channel switch in mesh
2022-10-26 13:25:19 +02:00
mac802154
mac802154: Fix LQI recording
2022-11-03 23:57:49 +09:00
mpls
net: Use u64_stats_fetch_begin_irq() for stats fetch.
2022-09-08 11:11:40 +02:00
mptcp
net: Fix data-races around sysctl_[rw]mem(_offset)?.
2022-08-31 17:15:19 +02:00
ncsi
net/ncsi: check for error return from call to nla_put_u32
2022-01-05 12:40:32 +01:00
netfilter
netfilter: nf_tables: fix percpu memory leak at nf_tables_addchain()
2022-09-28 11:10:35 +02:00
netlabel
netlabel: fix out-of-bounds memory accesses
2022-04-13 21:01:00 +02:00
netlink
net: genl: fix error path memory leak in policy dumping
2022-08-25 11:38:07 +02:00
netrom
netrom: fix api breakage in nr_setsockopt()
2022-01-27 10:54:03 +01:00
nfc
NFC: NULL out the dev->rfkill to prevent UAF
2022-06-09 10:21:01 +02:00
nsh
treewide: replace '---help---' in Kconfig files with 'help'
2020-06-14 01:57:21 +09:00
openvswitch
openvswitch: Fix overreporting of drops in dropwatch
2022-10-26 13:25:45 +02:00
packet
net/af_packet: check len when min_header_len equals to 0
2022-09-05 10:28:59 +02:00
phonet
phonet: refcount leak in pep_sock_accep
2022-01-11 15:25:01 +01:00
psample
net: psample: Fix netlink skb length with tunnel info
2021-03-07 12:34:07 +01:00
qrtr
qrtr: Convert qrtr_ports from IDR to XArray
2022-08-25 11:38:23 +02:00
rds
net: rds: don't hold sock lock when cancelling work from rds_tcp_reset_callbacks()
2022-10-26 13:25:23 +02:00
rfkill
rfkill: Fix use-after-free in rfkill_resume()
2020-11-12 09:18:06 +01:00
rose
rose: check NULL rose_loopback_neigh->loopback
2022-08-31 17:15:16 +02:00
rxrpc
rxrpc: Fix calc of resend age
2022-09-23 14:16:59 +02:00
sched
net: sched: fix race condition in qdisc_graft()
2022-10-30 09:41:17 +01:00
sctp
sctp: handle the error returned from sctp_auth_asoc_init_active_key
2022-10-26 13:25:23 +02:00
smc
net/smc: Stop the CLC flow if no link to map buffers on
2022-09-28 11:10:36 +02:00
strparser
bpf: sockmap, strparser, and tls are reusing qdisc_skb_cb and colliding
2021-11-18 14:04:27 +01:00
sunrpc
SUNRPC: RPC level errors should set task->tk_rpc_status
2022-08-31 17:15:15 +02:00
switchdev
net: switchdev: don't set port_obj_info->handled true when -EOPNOTSUPP
2021-02-07 15:37:12 +01:00
tipc
tipc: fix a null-ptr-deref in tipc_topsrv_accept
2022-11-03 23:57:51 +09:00
tls
net/tls: Remove the context from the list in tls_device_down
2022-08-03 12:00:46 +02:00
unix
io_uring/af_unix: defer registered files gc to io_uring release
2022-10-26 13:25:55 +02:00
vmw_vsock
vhost/vsock: Use kvmalloc/kvfree for larger packets.
2022-10-26 13:25:22 +02:00
wimax
genetlink: move to smaller ops wherever possible
2020-10-02 19:11:11 -07:00
wireless
wifi: cfg80211: update hidden BSSes to avoid WARN_ON
2022-10-15 07:55:56 +02:00
x25
net/x25: Fix null-ptr-deref caused by x25_disconnect
2022-04-08 14:40:30 +02:00
xdp
xsk: Inherit need_wakeup flag for shared sockets
2022-10-15 07:55:51 +02:00
xfrm
xfrm: Update ipcomp_scratches with NULL when freed
2022-10-26 13:25:46 +02:00
compat.c
net: Return the correct errno code
2021-06-18 10:00:06 +02:00
devres.c
net: devres: rename the release callback of devm_register_netdev()
2020-06-30 15:57:34 -07:00
Kconfig
drop_monitor: Convert to using devlink tracepoint
2020-09-30 18:01:26 -07:00
Makefile
net: move devres helpers into a separate source file
2020-05-23 16:56:17 -07:00
socket.c
net: Fix a data-race around sysctl_somaxconn.
2022-08-31 17:15:21 +02:00
sysctl_net.c