kybaaz/linux-xiaomi-chiron
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions
linux-xiaomi-chiron/include
History
王贇 b193e15ac6 net: prevent user from passing illegal stab size 
We observed below report when playing with netlink sock:

  UBSAN: shift-out-of-bounds in net/sched/sch_api.c:580:10
  shift exponent 249 is too large for 32-bit type
  CPU: 0 PID: 685 Comm: a.out Not tainted
  Call Trace:
   dump_stack_lvl+0x8d/0xcf
   ubsan_epilogue+0xa/0x4e
   __ubsan_handle_shift_out_of_bounds+0x161/0x182
   __qdisc_calculate_pkt_len+0xf0/0x190
   __dev_queue_xmit+0x2ed/0x15b0

it seems like kernel won't check the stab log value passing from
user, and will use the insane value later to calculate pkt_len.

This patch just add a check on the size/cell_log to avoid insane
calculation.

Reported-by: Abaci <abaci@linux.alibaba.com>
Signed-off-by: Michael Wang <yun.wang@linux.alibaba.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
2021-09-26 11:09:07 +01:00
..
acpi Merge branches 'pm-cpufreq', 'pm-sleep' and 'pm-em' 2021-09-10 20:26:08 +02:00
asm-generic pci_iounmap'2: Electric Boogaloo: try to make sense of it all 2021-09-19 17:13:35 -07:00
clocksource drivers: hv: Decouple Hyper-V clock/timer code from VMbus drivers 2021-07-19 09:24:28 +00:00
crypto Merge branch 'linus' of git://git.kernel.org/pub/scm/linux/kernel/git/herbert/crypto-2.6 2021-08-30 12:57:10 -07:00
drm drm/ttm: Include pagemap.h from ttm_tt.h 2021-08-16 14:44:05 +02:00
dt-bindings linux-watchdog 5.15-rc1 tag 2021-09-07 13:52:46 -07:00
keys
kunit
kvm
linux Networking fixes for 5.15-rc3. 2021-09-23 10:30:31 -07:00
math-emu math-emu: Fix fall-through warning 2021-07-13 13:57:44 -05:00
media media: v4l: subdev: Add pre_streamon and post_streamoff callbacks 2021-08-04 14:43:51 +02:00
memory
misc
net net: prevent user from passing illegal stab size 2021-09-26 11:09:07 +01:00
pcmcia
ras
rdma Merge branch 'sg_nents' into rdma.git for-next 2021-08-30 09:49:59 -03:00
scsi scsi: core: Remove scsi_cmnd.tag 2021-08-17 22:28:39 -04:00
soc Merge branches 'clk-nvidia', 'clk-rockchip', 'clk-at91' and 'clk-vc5' into clk-next 2021-09-01 15:26:58 -07:00
sound ASoC: Updates for v5.15 2021-08-30 14:57:03 +02:00
target scsi: target: Allows backend drivers to fail with specific sense codes 2021-08-17 22:28:40 -04:00
trace AFS fixes 2021-09-20 15:49:02 -07:00
uapi 5 smb3client fixes: two deferred close fixes (for bugs found with xfstests 478 and 461) and a deferred close improvement in rename, and two trivial fixes for incorrect Linux comment formatting pointed out by automated tools 2021-09-20 15:30:29 -07:00
vdso
video
xen