linux_dsm_epyc7002/net/core
Kees Cook 6f9a093b66 net: filter: fix upper BPF instruction limit
The original checks (via sk_chk_filter) for instruction count uses ">",
not ">=", so changing this in sk_convert_filter has the potential to break
existing seccomp filters that used exactly BPF_MAXINSNS many instructions.

Fixes: bd4cf0ed33 ("net: filter: rework/optimize internal BPF interpreter's instruction set")
Signed-off-by: Kees Cook <keescook@chromium.org>
Cc: stable@vger.kernel.org # v3.15+
Acked-by: Daniel Borkmann <dborkman@redhat.com>
Acked-by: Alexei Starovoitov <ast@plumgrid.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
2014-06-18 17:04:15 -07:00
..
datagram.c net: Fix save software checksum complete 2014-06-15 01:00:49 -07:00
dev_addr_lists.c net: Add support for device specific address syncing 2014-06-02 10:40:54 -07:00
dev_ioctl.c net_tstamp: Add SIOCGHWTSTAMP ioctl to match SIOCSHWTSTAMP 2013-11-19 19:07:21 +00:00
dev.c Merge git://git.kernel.org/pub/scm/linux/kernel/git/davem/net-next 2014-06-12 14:27:40 -07:00
drop_monitor.c net: drop_monitor: fix the value of maxattr 2013-12-09 21:10:38 -05:00
dst.c ipv4: add a sock pointer to dst->output() path. 2014-04-15 13:47:15 -04:00
ethtool.c ethtool: Check that reserved fields of struct ethtool_rxfh are 0 2014-06-03 02:43:16 +01:00
fib_rules.c net: fix 'ip rule' iif/oif device rename 2014-02-09 19:02:52 -08:00
filter.c net: filter: fix upper BPF instruction limit 2014-06-18 17:04:15 -07:00
flow_dissector.c net: Rename skb->rxhash to skb->hash 2014-03-26 15:58:20 -04:00
flow.c CPU hotplug notifiers registration fixes for 3.15-rc1 2014-04-07 14:55:46 -07:00
gen_estimator.c net_sched: add 64bit rate estimators 2013-06-11 02:51:03 -07:00
gen_stats.c net_sched: add 64bit rate estimators 2013-06-11 02:51:03 -07:00
iovec.c net: rework recvmsg handler msg_name and msg_namelen logic 2013-11-20 21:52:30 -05:00
link_watch.c arch: Mass conversion of smp_mb__*() 2014-04-18 14:20:48 +02:00
Makefile net: Add a software TSO helper API 2014-05-22 14:57:15 -04:00
neighbour.c neigh: set nud_state to NUD_INCOMPLETE when probing router reachability 2014-05-13 12:43:05 -04:00
net_namespace.c Merge git://git.kernel.org/pub/scm/linux/kernel/git/davem/net 2014-05-24 00:32:30 -04:00
net-procfs.c rps: selective flow shedding during softnet overflow 2013-05-20 13:48:04 -07:00
net-sysfs.c net: return actual error on register_queue_kobjects 2014-06-18 16:58:40 -07:00
net-sysfs.h net: netdev_kobject_init: annotate with __init 2014-01-05 20:27:54 -05:00
net-traces.c net: Add export.h for EXPORT_SYMBOL/THIS_MODULE to non-modules 2011-10-31 19:30:30 -04:00
netclassid_cgroup.c cgroup: remove css_parent() 2014-05-16 13:22:48 -04:00
netevent.c net: Add export.h for EXPORT_SYMBOL/THIS_MODULE to non-modules 2011-10-31 19:30:30 -04:00
netpoll.c netpoll: Use skb_irq_freeable to make zap_completion_queue safe. 2014-04-01 17:53:36 -04:00
netprio_cgroup.c cgroup: remove css_parent() 2014-05-16 13:22:48 -04:00
pktgen.c pktgen: Use seq_puts() where seq_printf() is not needed 2014-05-16 17:30:30 -04:00
ptp_classifier.c net: filter: let unattached filters use sock_fprog_kern 2014-05-23 16:48:05 -04:00
request_sock.c net: remove unnecessary return's 2014-02-13 18:33:38 -05:00
rtnetlink.c rtnetlink: fix userspace API breakage for iproute2 < v3.9.0 2014-06-12 11:07:42 -07:00
scm.c Merge branch 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/ebiederm/user-namespace 2013-09-07 14:35:32 -07:00
secure_seq.c inetpeer: get rid of ip_id_count 2014-06-02 11:00:41 -07:00
skbuff.c net: Fix save software checksum complete 2014-06-15 01:00:49 -07:00
sock_diag.c net: Move the permission check in sock_diag_put_filterinfo to packet_diag_dump 2014-04-24 13:44:53 -04:00
sock.c net: Split sk_no_check into sk_no_check_{rx,tx} 2014-05-23 16:28:53 -04:00
stream.c net: replace macros net_random and net_srandom with direct calls to prandom 2014-01-14 15:15:25 -08:00
sysctl_net_core.c rps: NUMA flow limit allocations 2013-12-19 19:00:07 -05:00
timestamping.c net: ptp: move PTP classifier in its own file 2014-04-01 16:43:18 -04:00
tso.c net: tso: Export symbols for modular build 2014-05-30 15:52:03 -07:00
user_dma.c net: Add export.h for EXPORT_SYMBOL/THIS_MODULE to non-modules 2011-10-31 19:30:30 -04:00
utils.c net: avoid dependency of net_get_random_once on nop patching 2014-05-14 00:37:34 -04:00