linux_dsm_epyc7002/net/ipv6
Willem de Bruijn cb9f1b7838 ip: validate header length on virtual device xmit
KMSAN detected read beyond end of buffer in vti and sit devices when
passing truncated packets with PF_PACKET. The issue affects additional
ip tunnel devices.

Extend commit 76c0ddd8c3 ("ip6_tunnel: be careful when accessing the
inner header") and commit ccfec9e5cb ("ip_tunnel: be careful when
accessing the inner header").

Move the check to a separate helper and call at the start of each
ndo_start_xmit function in net/ipv4 and net/ipv6.

Minor changes:
- convert dev_kfree_skb to kfree_skb on error path,
  as dev_kfree_skb calls consume_skb which is not for error paths.
- use pskb_network_may_pull even though that is pedantic here,
  as the same as pskb_may_pull for devices without llheaders.
- do not cache ipv6 hdrs if used only once
  (unsafe across pskb_may_pull, was more relevant to earlier patch)

Reported-by: syzbot <syzkaller@googlegroups.com>
Signed-off-by: Willem de Bruijn <willemb@google.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
2019-01-01 12:05:02 -08:00
..
ila ila: remove blank lines at EOF 2018-07-24 14:10:42 -07:00
netfilter Merge git://git.kernel.org/pub/scm/linux/kernel/git/pablo/nf-next 2018-12-20 18:20:26 -08:00
addrconf_core.c net/ipv6: Add helper to return path MTU based on fib result 2018-05-22 10:51:09 +02:00
addrconf.c net/ipv6: Fix a test against 'ipv6_find_idev()' return value 2018-12-30 12:31:17 -08:00
addrlabel.c net/ipv6: Update ip6addrlbl_dump for strict data checking 2018-10-08 10:39:05 -07:00
af_inet6.c net/ipv6: Add anycast addresses to a global hashtable 2018-11-02 23:54:56 -07:00
ah6.c Merge git://git.kernel.org/pub/scm/linux/kernel/git/davem/net-next 2017-11-15 11:56:19 -08:00
anycast.c net/ipv6: compute anycast address hash only if dev is null 2018-11-08 17:04:43 -08:00
calipso.c ipv6: make ipv6_renew_options() interrupt/kernel safe 2018-07-05 20:15:26 +09:00
datagram.c net: ensure unbound datagram socket to be chosen when not in a VRF 2018-11-07 16:12:38 -08:00
esp6_offload.c net: use skb_sec_path helper in more places 2018-12-19 11:21:37 -08:00
esp6.c net: use skb_sec_path helper in more places 2018-12-19 11:21:37 -08:00
exthdrs_core.c net: ipv6: Fix typo in ipv6_find_hdr() documentation 2018-05-07 23:50:27 -04:00
exthdrs_offload.c ipv6: fix exthdrs offload registration in out_rt path 2015-09-02 15:31:00 -07:00
exthdrs.c ipv6: make ipv6_renew_options() interrupt/kernel safe 2018-07-05 20:15:26 +09:00
fib6_notifier.c net: Add module reference to FIB notifiers 2017-09-01 20:33:42 -07:00
fib6_rules.c net/ipv6: Add fib6_lookup 2018-05-11 00:10:56 +02:00
fou6.c fou, fou6: ICMP error handlers for FoU and GUE 2018-11-08 17:13:08 -08:00
icmp.c net: Convert protocol error handlers from void to int 2018-11-08 17:13:08 -08:00
inet6_connection_sock.c Merge git://git.kernel.org/pub/scm/linux/kernel/git/davem/net 2017-01-28 10:33:06 -05:00
inet6_hashtables.c net: tcp6: prefer listeners bound to an address 2018-12-14 15:55:20 -08:00
ip6_checksum.c net: udp: fix handling of CHECKSUM_COMPLETE packets 2018-10-24 14:18:16 -07:00
ip6_fib.c ipv6: properly check return value in inet6_dump_all() 2018-11-05 17:04:54 -08:00
ip6_flowlabel.c ipv6: fold sockcm_cookie into ipcm6_cookie 2018-07-07 10:58:49 +09:00
ip6_gre.c ip: validate header length on virtual device xmit 2019-01-01 12:05:02 -08:00
ip6_icmp.c License cleanup: add SPDX GPL-2.0 license identifier to files with no license 2017-11-02 11:10:55 +01:00
ip6_input.c Merge git://git.kernel.org/pub/scm/linux/kernel/git/davem/net 2018-12-09 21:43:31 -08:00
ip6_offload.c net: use indirect call wrappers at GRO transport layer 2018-12-15 13:23:02 -08:00
ip6_offload.h udp: Add GRO functions to UDP socket 2016-04-07 16:53:29 -04:00
ip6_output.c Merge git://git.kernel.org/pub/scm/linux/kernel/git/davem/net 2018-12-20 11:53:36 -08:00
ip6_tunnel.c ip: validate header length on virtual device xmit 2019-01-01 12:05:02 -08:00
ip6_udp_tunnel.c Merge git://git.kernel.org/pub/scm/linux/kernel/git/davem/net 2018-12-20 11:53:36 -08:00
ip6_vti.c ip: validate header length on virtual device xmit 2019-01-01 12:05:02 -08:00
ip6mr.c ip: validate header length on virtual device xmit 2019-01-01 12:05:02 -08:00
ipcomp6.c net: inet: Support UID-based routing in IP protocols. 2016-11-04 14:45:23 -04:00
ipv6_sockglue.c ipv6: allow ping to link-local address in VRF 2018-11-07 16:12:39 -08:00
Kconfig net: remove blank lines at end of file 2018-07-24 14:10:43 -07:00
Makefile License cleanup: add SPDX GPL-2.0 license identifier to files with no license 2017-11-02 11:10:55 +01:00
mcast_snoop.c net: fix wrong skb_get() usage / crash in IGMP/MLD parsing code 2015-08-13 17:08:39 -07:00
mcast.c Merge git://git.kernel.org/pub/scm/linux/kernel/git/davem/net 2018-10-19 11:03:06 -07:00
mip6.c ktime: Get rid of ktime_equal() 2016-12-25 17:21:23 +01:00
ndisc.c ipv6/ndisc: Preserve IPv6 control buffer if protocol error handlers are called 2018-10-26 15:58:06 -07:00
netfilter.c netfilter: ipv6: Preserve link scope traffic original oif 2018-11-27 00:12:20 +01:00
output_core.c net: accept UFO datagrams from tuntap and packet 2017-11-24 01:37:35 +09:00
ping.c ipv6: fold sockcm_cookie into ipcm6_cookie 2018-07-07 10:58:49 +09:00
proc.c proc: introduce proc_create_net_single 2018-05-16 07:24:30 +02:00
protocol.c net: Add sysctl to toggle early demux for tcp and udp 2017-03-24 13:17:07 -07:00
raw.c Merge git://git.kernel.org/pub/scm/linux/kernel/git/davem/net 2018-12-20 11:53:36 -08:00
reassembly.c ipv6: fix typo in net/ipv6/reassembly.c 2018-12-30 13:02:46 -08:00
route.c ipv6/route: Add a missing check on proc_dointvec 2018-12-27 16:18:03 -08:00
seg6_hmac.c Merge ra.kernel.org:/pub/scm/linux/kernel/git/davem/net 2018-07-03 10:29:26 +09:00
seg6_iptunnel.c ipv6: sr: properly initialize flowi6 prior passing to ip6_route_output 2018-12-07 12:22:39 -08:00
seg6_local.c bpf: add End.DT6 action to bpf_lwt_seg6_action helper 2018-07-31 09:22:48 +02:00
seg6.c rhashtable: split rhashtable.h 2018-06-22 13:43:27 +09:00
sit.c ip: validate header length on virtual device xmit 2019-01-01 12:05:02 -08:00
syncookies.c net/ipv4: disable SMC TCP option with SYN Cookies 2018-03-25 20:53:54 -04:00
sysctl_net_ipv6.c ipv6: sr: Compute flowlabel for outer IPv6 header of seg6 encap mode 2018-04-25 13:02:15 -04:00
tcp_ipv6.c ipv6: Fix handling of LLA with VRF and sockets bound to VRF 2018-12-15 11:36:14 -08:00
tcpv6_offload.c net: use indirect call wrappers at GRO transport layer 2018-12-15 13:23:02 -08:00
tunnel6.c net: Convert protocol error handlers from void to int 2018-11-08 17:13:08 -08:00
udp_impl.h net: Convert protocol error handlers from void to int 2018-11-08 17:13:08 -08:00
udp_offload.c net: use indirect call wrappers at GRO transport layer 2018-12-15 13:23:02 -08:00
udp.c net: udp6: prefer listeners bound to an address 2018-12-14 15:55:20 -08:00
udplite.c net: Convert protocol error handlers from void to int 2018-11-08 17:13:08 -08:00
xfrm6_input.c net: use skb_sec_path helper in more places 2018-12-19 11:21:37 -08:00
xfrm6_mode_beet.c networking: make skb_pull & friends return void pointers 2017-06-16 11:48:39 -04:00
xfrm6_mode_ro.c ipv6: xfrm: use 64-bit timestamps 2018-07-11 15:26:35 +02:00
xfrm6_mode_transport.c xfrm: reset transport header back to network header after all input transforms ahave been applied 2018-09-04 10:26:30 +02:00
xfrm6_mode_tunnel.c xfrm: Verify MAC header exists before overwriting eth_hdr(skb)->h_proto 2018-03-07 10:54:29 +01:00
xfrm6_output.c xfrm6: call kfree_skb when skb is toobig 2018-09-03 07:37:57 +02:00
xfrm6_policy.c xfrm6: remove BUG_ON from xfrm6_dst_ifdown 2018-11-22 07:55:48 +01:00
xfrm6_protocol.c net: Convert protocol error handlers from void to int 2018-11-08 17:13:08 -08:00
xfrm6_state.c xfrm: remove VLA usage in __xfrm6_sort() 2018-04-26 07:51:48 +02:00
xfrm6_tunnel.c xfrm6_tunnel: Fix spi check in __xfrm6_tunnel_alloc_spi 2018-12-19 12:33:17 +01:00