kybaaz/linux-xiaomi-chiron
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions
linux-xiaomi-chiron/include/net
History
Magnus Karlsson 2f99619820 xsk: Fix missing validation for skb and unaligned mode 
Fix a missing validation of a Tx descriptor when executing in skb mode
and the umem is in unaligned mode. A descriptor could point to a
buffer straddling the end of the umem, thus effectively tricking the
kernel to read outside the allowed umem region. This could lead to a
kernel crash if that part of memory is not mapped.

In zero-copy mode, the descriptor validation code rejects such
descriptors by checking a bit in the DMA address that tells us if the
next page is physically contiguous or not. For the last page in the
umem, this bit is not set, therefore any descriptor pointing to a
packet straddling this last page boundary will be rejected. However,
the skb path does not use this bit since it copies out data and can do
so to two different pages. (It also does not have the array of DMA
address, so it cannot even store this bit.) The code just returned
that the packet is always physically contiguous. But this is
unfortunately also returned for the last page in the umem, which means
that packets that cross the end of the umem are being allowed, which
they should not be.

Fix this by introducing a check for this in the SKB path only, not
penalizing the zero-copy path.

Fixes: 2b43470add ("xsk: Introduce AF_XDP buffer allocation API")
Signed-off-by: Magnus Karlsson <magnus.karlsson@intel.com>
Signed-off-by: Daniel Borkmann <daniel@iogearbox.net>
Acked-by: Björn Töpel <bjorn@kernel.org>
Link: https://lore.kernel.org/bpf/20210617092255.3487-1-magnus.karlsson@gmail.com
2021-06-18 16:57:19 +02:00
..
9p
bluetooth Bluetooth: Allow Microsoft extension to indicate curve validation 2021-04-08 12:26:34 +02:00
caif net: caif: add proper error handling 2021-06-03 15:05:06 -07:00
iucv net/af_iucv: don't track individual TX skbs for TRANS_HIPER sockets 2021-01-28 20:36:21 -08:00
netfilter netfilter: nf_tables: fix table flag updates 2021-05-24 17:49:57 +02:00
netns netfilter: remove all xt_table anchors from struct net 2021-04-26 03:20:47 +02:00
nfc NFC: nci: fix memory leak in nci_allocate_device 2021-05-17 13:56:29 -07:00
phonet
sctp sctp: do asoc update earlier in sctp_sf_do_dupcook_b 2021-04-30 15:06:34 -07:00
tc_act net/sched: act_police: add support for packet-per-second policing 2021-03-13 14:18:09 -08:00
6lowpan.h
act_api.h net: sched: fix err handler in tcf_action_init() 2021-04-08 13:47:33 -07:00
addrconf.h net: bridge: mcast: fix broken length + header check for MRDv6 Adv. 2021-04-27 14:02:06 -07:00
af_ieee802154.h
af_rxrpc.h afs: Don't truncate iter during data fetch 2021-04-23 10:17:26 +01:00
af_unix.h
af_vsock.h
ah.h
arp.h
atmclip.h
ax25.h
ax88796.h
bareudp.h
bond_3ad.h
bond_alb.h
bond_options.h
bonding.h net/bonding: Declare TLS RX device offload support 2021-01-18 20:48:40 -08:00
bpf_sk_storage.h bpf: struct sock is declared twice in bpf_sk_storage header 2021-03-26 17:43:55 +01:00
busy_poll.h
calipso.h
cfg80211-wext.h
cfg80211.h mac80211: properly handle A-MSDUs that start with an RFC 1042 header 2021-05-11 20:13:03 +02:00
cfg802154.h
checksum.h
cipso_ipv4.h
cls_cgroup.h
codel.h
codel_impl.h
codel_qdisc.h
compat.h
datalink.h
dcbevent.h
dcbnl.h
devlink.h devlink: Extend SF port attributes to have external attribute 2021-04-24 00:58:53 -07:00
dn.h
dn_dev.h
dn_fib.h
dn_neigh.h
dn_nsp.h
dn_route.h
dsa.h net: dsa: free skb->cb usage in core driver 2021-04-27 14:10:15 -07:00
dsfield.h
dst.h net: Consolidate common blackhole dst ops 2021-03-10 12:24:18 -08:00
dst_cache.h
dst_metadata.h
dst_ops.h
erspan.h
esp.h
espintcp.h
ethoc.h
failover.h
fib_notifier.h
fib_rules.h
firewire.h
flow.h flow: remove spi key from flowi struct 2021-04-19 12:25:11 +02:00
flow_dissector.h flow_dissector: constify raw input data argument 2021-03-14 14:46:32 -07:00
flow_offload.h net: flow_offload: add FLOW_ACTION_PPPOE_PUSH 2021-03-24 12:48:39 -07:00
fou.h
fq.h net/fq_impl: do not maintain a backlog-sorted list of flows 2021-01-21 13:33:45 +01:00
fq_impl.h net/fq_impl: do not maintain a backlog-sorted list of flows 2021-01-21 13:33:45 +01:00
garp.h
gen_stats.h
genetlink.h mptcp: avoid lock_fast usage in accept path 2021-02-12 16:31:46 -08:00
geneve.h
gre.h ip_gre: add csum offload support for gre header 2021-01-29 20:39:14 -08:00
gro.h gro: add combined call_gro_receive() + INDIRECT_CALL_INET() helper 2021-03-18 19:51:12 -07:00
gro_cells.h
gtp.h
gue.h
hwbm.h
icmp.h net: icmp: pass zeroed opts from icmp{,v6}_ndo_send before sending 2021-02-23 11:29:52 -08:00
ieee80211_radiotap.h
ieee802154_netdev.h
if_inet6.h mld: add mc_lock for protecting per-interface mld data 2021-03-26 15:14:56 -07:00
ife.h
ila.h
inet6_connection_sock.h
inet6_hashtables.h
inet_common.h bpf: Allow rewriting to ports under ip_unprivileged_port_start 2021-01-27 18:18:15 -08:00
inet_connection_sock.h tcp: relookup sock for RST+ACK packets handled by obsolete req sock 2021-03-15 14:34:29 -07:00
inet_ecn.h inet_ecn: Use csum16_add() helper for IP_ECN_set_* helpers 2020-12-14 18:38:58 -08:00
inet_frag.h inet: frags: batch fqdir destroy works 2020-12-12 15:08:54 -08:00
inet_hashtables.h
inet_sock.h
inet_timewait_sock.h
inetpeer.h
ip.h
ip6_checksum.h
ip6_fib.h IPv6: Add "offload failed" indication to routes 2021-02-08 16:47:03 -08:00
ip6_route.h net: allow user to set metric on default route learned via Router Advertisement 2021-01-26 18:39:45 -08:00
ip6_tunnel.h
ip_fib.h IPv4: Add "offload failed" indication to routes 2021-02-08 16:47:03 -08:00
ip_tunnels.h
ip_vs.h netfilter: move handlers to net/ip_vs.h 2021-02-04 18:37:57 -08:00
ipcomp.h
ipconfig.h
ipv6.h seg6: add support for IPv4 decapsulation in ipv6_srh_rcv() 2021-03-11 16:09:21 -08:00
ipv6_frag.h
ipv6_stubs.h ipv6: add ipv6_dev_find to stubs 2021-03-30 13:29:39 -07:00
ipx.h
iw_handler.h
kcm.h
l3mdev.h
lag.h
lapb.h net: lapb: Make "lapb_t1timer_running" able to detect an already running timer 2021-03-23 14:14:50 -07:00
lib80211.h
llc.h
llc_c_ac.h
llc_c_ev.h
llc_c_st.h
llc_conn.h
llc_if.h
llc_pdu.h
llc_s_ac.h
llc_s_ev.h
llc_s_st.h
llc_sap.h
lwtunnel.h
mac80211.h mac80211: Fix NULL ptr deref for injected rate info 2021-05-31 21:40:17 +02:00
mac802154.h
macsec.h
mip6.h
mld.h mld: add new workqueues for process mld events 2021-03-26 15:14:56 -07:00
mpls.h
mpls_iptunnel.h
mptcp.h mptcp: use mptcp_addr_info in mptcp_out_options 2021-04-07 14:09:39 -07:00
mrp.h
ncsi.h
ndisc.h
neighbour.h
net_failover.h
net_namespace.h net: inline function get_net_ns_by_fd if NET_NS is disabled 2021-06-15 11:00:45 -07:00
net_ratelimit.h
netevent.h
netlabel.h
netlink.h
netprio_cgroup.h
netrom.h
nexthop.h nexthop: Rename artifacts related to legacy multipath nexthop groups 2021-03-28 17:53:39 -07:00
nl802154.h
nsh.h
p8022.h
page_pool.h mm: fix struct page layout on 32-bit systems 2021-05-14 19:41:32 -07:00
pie.h
ping.h
pkt_cls.h net: zero-initialize tc skb extension on allocation 2021-05-25 15:36:42 -07:00
pkt_sched.h net: sched: fix tx action rescheduling issue during deactivation 2021-05-14 15:05:46 -07:00
pptp.h
protocol.h
psample.h psample: Add additional metadata attributes 2021-03-14 15:00:43 -07:00
psnap.h
raw.h
rawv6.h
red.h sch_red: fix off-by-one checks in red_check_params() 2021-03-25 17:40:43 -07:00
regulatory.h
request_sock.h
rose.h
route.h
rpl.h
rsi_91x.h
rtnetlink.h ipv6: report errors for iftoken via netlink extack 2021-04-08 13:52:36 -07:00
rtnh.h
sch_generic.h net: sched: fix packet stuck problem for lockless qdisc 2021-05-14 15:05:46 -07:00
scm.h
secure_seq.h
seg6.h
seg6_hmac.h
seg6_local.h
selftests.h net: selftest: fix build issue if INET is disabled 2021-04-28 14:06:45 -07:00
slhc_vj.h
smc.h
snmp.h
sock.h inet: annotate date races around sk->sk_txhash 2021-06-10 14:12:54 -07:00
sock_reuseport.h
Space.h
stp.h
strparser.h
switchdev.h net: bridge: switchdev: include local flag in FDB notifications 2021-04-16 15:15:45 -07:00
tcp.h skmsg: Pass psock pointer to ->psock_update_sk_prot() 2021-04-12 17:34:27 +02:00
tcp_states.h
timewait_sock.h
tipc.h
tls.h net/tls: Fix use-after-free after the TLS device goes down and up 2021-06-01 15:58:05 -07:00
tls_toe.h
transp_v6.h
tso.h
tun_proto.h
udp.h skmsg: Pass psock pointer to ->psock_update_sk_prot() 2021-04-12 17:34:27 +02:00
udp_tunnel.h udp: call udp_encap_enable for v6 sockets when enabling encap 2021-02-04 18:37:14 -08:00
udplite.h
vsock_addr.h
vxlan.h
wext.h
x25.h
x25device.h
xdp.h net, veth: Alloc skb in bulk for ndo_xdp_xmit 2021-02-04 01:00:07 +01:00
xdp_priv.h
xdp_sock.h bpf, xdp: Make bpf_redirect_map() a map operation 2021-03-10 01:06:34 +01:00
xdp_sock_drv.h
xfrm.h xfrm: Fix NULL pointer dereference on policy lookup 2021-03-24 10:00:24 +01:00
xsk_buff_pool.h xsk: Fix missing validation for skb and unaligned mode 2021-06-18 16:57:19 +02:00