leandrof/linux
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
74957cbfb7
linux/net/core
History
Eric Dumazet 1dfe82ebd7 net: fix possible out-of-bound read in skb_network_protocol() 
skb mac header is not necessarily set at the time skb_network_protocol()
is called. Use skb->data instead.

BUG: KASAN: slab-out-of-bounds in skb_network_protocol+0x46b/0x4b0 net/core/dev.c:2739
Read of size 2 at addr ffff8801b3097a0b by task syz-executor5/14242

CPU: 1 PID: 14242 Comm: syz-executor5 Not tainted 4.16.0-rc6+ #280
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
Call Trace:
 __dump_stack lib/dump_stack.c:17 [inline]
 dump_stack+0x194/0x24d lib/dump_stack.c:53
 print_address_description+0x73/0x250 mm/kasan/report.c:256
 kasan_report_error mm/kasan/report.c:354 [inline]
 kasan_report+0x23c/0x360 mm/kasan/report.c:412
 __asan_report_load_n_noabort+0xf/0x20 mm/kasan/report.c:443
 skb_network_protocol+0x46b/0x4b0 net/core/dev.c:2739
 harmonize_features net/core/dev.c:2924 [inline]
 netif_skb_features+0x509/0x9b0 net/core/dev.c:3011
 validate_xmit_skb+0x81/0xb00 net/core/dev.c:3084
 validate_xmit_skb_list+0xbf/0x120 net/core/dev.c:3142
 packet_direct_xmit+0x117/0x790 net/packet/af_packet.c:256
 packet_snd net/packet/af_packet.c:2944 [inline]
 packet_sendmsg+0x3aed/0x60b0 net/packet/af_packet.c:2969
 sock_sendmsg_nosec net/socket.c:629 [inline]
 sock_sendmsg+0xca/0x110 net/socket.c:639
 ___sys_sendmsg+0x767/0x8b0 net/socket.c:2047
 __sys_sendmsg+0xe5/0x210 net/socket.c:2081

Fixes: 19acc32725 ("gso: Handle Trans-Ether-Bridging protocol in skb_network_protocol()")
Signed-off-by: Eric Dumazet <edumazet@google.com>
Cc: Pravin B Shelar <pshelar@ovn.org>
Reported-by: Reported-by: syzbot <syzkaller@googlegroups.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
2018-03-27 10:53:27 -04:00
..
datagram.c vfs: do bulk POLL* -> EPOLL* replacement 2018-02-11 14:34:03 -08:00
dev_addr_lists.c
dev_ioctl.c net: don't unnecessarily load kernel modules in dev_ioctl() 2018-03-07 15:12:58 -05:00
dev.c net: fix possible out-of-bound read in skb_network_protocol() 2018-03-27 10:53:27 -04:00
devlink.c devlink: Remove redundant free on error path 2018-03-20 10:59:29 -04:00
drop_monitor.c treewide: setup_timer() -> timer_setup() 2017-11-21 15:57:07 -08:00
dst_cache.c
dst.c net: Remove dst->next 2017-11-30 09:54:27 -05:00
ethtool.c net: ethtool: don't ignore return from driver get_fecparam method 2018-03-01 21:41:06 -05:00
fib_notifier.c net: Protect iterations over net::fib_notifier_ops in fib_seq_sum() 2017-11-15 14:01:30 +09:00
fib_rules.c fib_rules: exit_net cleanup check added 2017-11-14 15:45:53 +09:00
filter.c bpf: fix bpf_skb_adjust_net/bpf_skb_proto_xlat to deal with gso sctp skbs 2018-03-03 13:01:11 -08:00
flow_dissector.c Merge git://git.kernel.org/pub/scm/linux/kernel/git/davem/net 2018-01-19 22:59:33 -05:00
gen_estimator.c net_sched: gen_estimator: fix broken estimators based on percpu stats 2018-02-23 12:35:46 -05:00
gen_stats.c net: sched: add support for TCQ_F_NOLOCK subqueues to sch_mq 2017-12-08 13:32:26 -05:00
gro_cells.c License cleanup: add SPDX GPL-2.0 license identifier to files with no license 2017-11-02 11:10:55 +01:00
hwbm.c
link_watch.c net: link_watch: mark bonding link events urgent 2018-01-23 19:43:30 -05:00
lwt_bpf.c bpf: rename bpf_compute_data_end into bpf_compute_data_pointers 2017-09-26 13:36:44 -07:00
lwtunnel.c
Makefile xdp: base API for new XDP rx-queue info concept 2018-01-05 15:21:20 -08:00
neighbour.c Merge git://git.kernel.org/pub/scm/linux/kernel/git/davem/net 2018-01-17 00:10:42 -05:00
net_namespace.c net: Move net:netns_ids destruction out of rtnl_lock() and document locking scheme 2018-01-25 11:15:35 -05:00
net-procfs.c net: delete /proc THIS_MODULE references 2018-01-16 15:01:33 -05:00
net-sysfs.c net: introduce helper dev_change_tx_queue_len() 2018-01-29 12:42:15 -05:00
net-sysfs.h License cleanup: add SPDX GPL-2.0 license identifier to files with no license 2017-11-02 11:10:55 +01:00
net-traces.c Merge git://git.kernel.org/pub/scm/linux/kernel/git/davem/net 2017-11-04 09:26:51 +09:00
netclassid_cgroup.c
netevent.c
netpoll.c netpoll: Use lockdep to assert IRQs are disabled/enabled 2017-11-08 11:13:54 +01:00
netprio_cgroup.c net: remove duplicate includes 2017-12-13 13:18:46 -05:00
pktgen.c pktgen: Clean read user supplied flag mess 2018-01-24 15:03:36 -05:00
ptp_classifier.c
request_sock.c
rtnetlink.c rtnetlink: require unique netns identifier 2018-02-08 14:33:20 -05:00
scm.c
secure_seq.c
skbuff.c skbuff: Fix not waking applications when errors are enqueued 2018-03-16 12:35:33 -04:00
sock_diag.c sock_diag: request _diag module only when the family or proto has been registered 2018-03-12 11:03:42 -04:00
sock_reuseport.c soreuseport: fix mem leak in reuseport_add_sock() 2018-02-02 19:47:03 -05:00
sock.c sock_diag: request _diag module only when the family or proto has been registered 2018-03-12 11:03:42 -04:00
stream.c vfs: do bulk POLL* -> EPOLL* replacement 2018-02-11 14:34:03 -08:00
sysctl_net_core.c bpf: restrict access to core bpf sysctls 2018-01-19 18:37:00 -08:00
timestamping.c
tso.c License cleanup: add SPDX GPL-2.0 license identifier to files with no license 2017-11-02 11:10:55 +01:00
utils.c
xdp.c xdp/qede: setup xdp_rxq_info and intro xdp_rxq_info_is_reg 2018-01-05 15:21:21 -08:00