evie/android_kernel_oneplus_msm8998
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions
android_kernel_oneplus_msm8998/net/ipv4
History
Eric Dumazet 68b87a2b4a tcp: take care of truncations done by sk_filter() 
With syzkaller help, Marco Grassi found a bug in TCP stack,
crashing in tcp_collapse()

Root cause is that sk_filter() can truncate the incoming skb,
but TCP stack was not really expecting this to happen.
It probably was expecting a simple DROP or ACCEPT behavior.

We first need to make sure no part of TCP header could be removed.
Then we need to adjust TCP_SKB_CB(skb)->end_seq

Many thanks to syzkaller team and Marco for giving us a reproducer.

CRs-Fixed: 1089895
Change-Id: I84185558fa6e80b13d7d0078bda9d75143680941
Signed-off-by: Eric Dumazet <edumazet@google.com>
Reported-by: Marco Grassi <marco.gra@gmail.com>
Reported-by: Vladis Dronov <vdronov@redhat.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
Git-commit: ac6e780070e30e4c35bd395acfe9191e6268bdd3
Git-repo: git://git.kernel.org/pub/scm/linux/kernel/git/next/linux-next.git
[subashab@codeaurora.org: resolve trivial merge conflicts]
Signed-off-by: Subash Abhinov Kasiviswanathan <subashab@codeaurora.org>
2016-11-15 14:54:51 -07:00
..
netfilter Merge "netfilter: x_tables: validate e->target_offset early" 2016-09-30 18:23:30 -07:00
af_inet.c Merge remote-tracking branch 'msm4.4/tmp-da9a92f' into msm-4.4 2016-10-28 10:48:35 -07:00
ah4.c ah4: Fix error return in ah_input(). 2015-08-25 13:38:50 -07:00
arp.c Merge git://git.kernel.org/pub/scm/linux/kernel/git/davem/net 2015-10-20 06:08:27 -07:00
cipso_ipv4.c
datagram.c net: Set sk_txhash from a random number 2015-07-29 22:44:04 -07:00
devinet.c Merge remote-tracking branch 'msm-4.4/tmp-2bf7955' into msm-4.4 2016-07-22 16:45:32 -07:00
esp4.c esp: Fix ESN generation under UDP encapsulation 2016-07-11 09:31:11 -07:00
fib_frontend.c Merge remote-tracking branch 'msm-4.4/tmp-510d0a3f' into msm-4.4 2016-10-21 18:00:55 -07:00
fib_lookup.h ipv4: consider TOS in fib_select_default 2015-07-24 22:46:11 -07:00
fib_rules.c net: ipv6: use common fib_default_rule_pref 2015-09-09 14:19:50 -07:00
fib_semantics.c Revert "Merge remote-tracking branch 'msm-4.4/tmp-510d0a3f' into msm-4.4" 2016-08-26 14:34:05 -07:00
fib_trie.c net: initialize variables to avoid UML compilation failure 2016-03-23 21:24:21 -07:00
fou.c fou: clean up socket with kfree_rcu 2015-12-16 19:03:02 -05:00
gre_demux.c gre: Remove support for sharing GRE protocol hook. 2015-08-10 14:03:54 -07:00
gre_offload.c ipv6: gre: support SIT encapsulation 2015-10-26 22:01:18 -07:00
icmp.c Revert "ipv4/icmp: redirect messages can use the ingress daddr as source" 2015-10-14 06:01:07 -07:00
igmp.c mld, igmp: Fix reserved tailroom calculation 2016-04-20 15:41:58 +09:00
inet_connection_sock.c Merge remote-tracking branch 'origin/tmp-917a9a9133a6' into lsk 2016-07-12 11:40:49 -07:00
inet_diag.c net: diag: support v4mapped sockets in inet_diag_find_one_icsk() 2016-04-07 16:49:54 +05:30
inet_fragment.c net: fix percpu memory leaks 2015-11-02 22:47:14 -05:00
inet_hashtables.c tcp/dccp: fix hashdance race for passive sessions 2015-10-23 05:42:21 -07:00
inet_lro.c net lro: extend LRO to use hardware assists 2016-07-11 11:10:08 -07:00
inet_timewait_sock.c tcp/dccp: fix timewait races in timer handling 2015-09-21 16:32:29 -07:00
inetpeer.c net: Add helper function to compare inetpeer addresses 2015-08-28 13:32:36 -07:00
ip_forward.c net: Pass net into dst_output and remove dst_output_okfn 2015-10-08 04:26:54 -07:00
ip_fragment.c inet: frag: Always orphan skbs inside ip_defrag() 2016-03-03 15:07:04 -08:00
ip_gre.c Revert "Merge remote-tracking branch 'msm-4.4/tmp-510d0a3f' into msm-4.4" 2016-08-26 14:34:05 -07:00
ip_input.c ipv4: Pass struct net into ip_defrag and ip_check_defrag 2015-10-12 19:44:16 -07:00
ip_options.c
ip_output.c Merge remote-tracking branch 'msm-4.4/tmp-2bf7955' into msm-4.4 2016-07-22 16:45:32 -07:00
ip_sockglue.c ipv4: fix memory leaks in ip_cmsg_send() callers 2016-03-03 15:07:06 -08:00
ip_tunnel.c vxlan, gre, geneve: Set a large MTU on ovs-created tunnel devices 2016-06-24 10:18:18 -07:00
ip_tunnel_core.c ipv4, ipv6: Pass net into ip_local_out and ip6_local_out 2015-10-08 04:27:02 -07:00
ip_vti.c net: Pass net into dst_output and remove dst_output_okfn 2015-10-08 04:26:54 -07:00
ipcomp.c
ipconfig.c ipconfig: send Client-identifier in DHCP requests 2015-10-18 19:23:52 -07:00
ipip.c ipip: ioctl: Remove superfluous IP-TTL handling. 2015-12-18 16:07:59 -05:00
ipmr.c ipmr/ip6mr: Initialize the last assert time of mfc entries. 2016-07-11 09:31:11 -07:00
Kconfig net: diag: Support destroying TCP sockets. 2016-04-07 16:49:53 +05:30
Makefile sysfs_net_ipv4: Add sysfs-based knobs for controlling TCP window size 2016-02-16 13:51:15 -08:00
netfilter.c ipv4: Pass struct net into ip_route_me_harder 2015-09-29 20:21:32 +02:00
ping.c Merge remote-tracking branch 'origin/tmp-917a9a9133a6' into lsk 2016-07-12 11:40:49 -07:00
proc.c net: track success and failure of TCP PMTU probing 2015-07-21 22:36:33 -07:00
protocol.c
raw.c Merge remote-tracking branch 'origin/tmp-917a9a9133a6' into lsk 2016-07-12 11:40:49 -07:00
route.c Merge remote-tracking branch 'msm-4.4/tmp-510d0a3f' into msm-4.4 2016-10-21 18:00:55 -07:00
syncookies.c net: core: Support UID-based routing. 2016-02-16 13:51:37 -08:00
sysctl_net_ipv4.c WLAN subsystem: Sysctl support for key TCP/IP parameters 2016-07-15 13:35:09 -07:00
sysfs_net_ipv4.c sysfs_net_ipv4: Add sysfs-based knobs for controlling TCP window size 2016-02-16 13:51:15 -08:00
tcp.c Merge remote-tracking branch 'msm4.4/tmp-da9a92f' into msm-4.4 2016-10-28 10:48:35 -07:00
tcp_bic.c
tcp_cdg.c
tcp_cong.c tcp: remove tcp_ecn_make_synack() socket argument 2015-09-25 13:00:38 -07:00
tcp_cubic.c tcp_cubic: do not set epoch_start in the future 2015-09-17 22:35:07 -07:00
tcp_dctcp.c tcp: allow dctcp alpha to drop to zero 2015-10-23 02:46:52 -07:00
tcp_diag.c net: diag: Support destroying TCP sockets. 2016-04-07 16:49:53 +05:30
tcp_fastopen.c tcp/dccp: fix hashdance race for passive sessions 2015-10-23 05:42:21 -07:00
tcp_highspeed.c
tcp_htcp.c
tcp_hybla.c
tcp_illinois.c
tcp_input.c tcp: make challenge acks less predictable 2016-10-10 13:47:41 -07:00
tcp_ipv4.c tcp: take care of truncations done by sk_filter() 2016-11-15 14:54:51 -07:00
tcp_lp.c
tcp_memcontrol.c
tcp_metrics.c tcp: convert cached rtt from usec to jiffies when feeding initial rto 2016-04-20 15:41:56 +09:00
tcp_minisocks.c tcp: fix tcpi_segs_in after connection establishment 2016-04-20 15:42:00 +09:00
tcp_offload.c
tcp_output.c Merge remote-tracking branch 'msm-4.4/tmp-510d0a3f' into msm-4.4 2016-10-21 18:00:55 -07:00
tcp_probe.c
tcp_recovery.c tcp: use RACK to detect losses 2015-10-21 07:00:53 -07:00
tcp_scalable.c
tcp_timer.c WLAN subsystem: Sysctl support for key TCP/IP parameters 2016-07-15 13:35:09 -07:00
tcp_vegas.c
tcp_vegas.h
tcp_veno.c
tcp_westwood.c
tcp_yeah.c tcp_yeah: don't set ssthresh below 2 2016-01-31 11:28:59 -08:00
tunnel4.c
udp.c Merge remote-tracking branch 'msm4.4/tmp-da9a92f' into msm-4.4 2016-10-28 10:48:35 -07:00
udp_diag.c
udp_impl.h
udp_offload.c
udp_tunnel.c tunnel: Clear IPCB(skb)->opt before dst_link_failure called 2016-04-20 15:41:56 +09:00
udplite.c
xfrm4_input.c netfilter: Pass net into okfn 2015-09-17 17:18:37 -07:00
xfrm4_mode_beet.c
xfrm4_mode_transport.c
xfrm4_mode_tunnel.c
xfrm4_output.c Merge git://git.kernel.org/pub/scm/linux/kernel/git/davem/net 2015-10-24 06:54:12 -07:00
xfrm4_policy.c net: Revert upstream changes which break routing in tunnel scenarios 2016-07-21 10:58:54 -06:00
xfrm4_protocol.c
xfrm4_state.c
xfrm4_tunnel.c