Dominique Martinet 2d75014407 9p/net: put a lower bound on msize ... commit 574d356b7a02c7e1b01a1d9cba8a26b3c2888f45 upstream. If the requested msize is too small (either from command line argument or from the server version reply), we won't get any work done. If it's *really* too small, nothing will work, and this got caught by syzbot recently (on a new kmem_cache_create_usercopy() call) Just set a minimum msize to 4k in both code paths, until someone complains they have a use-case for a smaller msize. We need to check in both mount option and server reply individually because the msize for the first version request would be unchecked with just a global check on clnt->msize. Link: http://lkml.kernel.org/r/1541407968-31350-1-git-send-email-asmadeus@codewreck.org Reported-by: syzbot+0c1d61e4db7db94102ca@syzkaller.appspotmail.com Signed-off-by: Dominique Martinet <dominique.martinet@cea.fr> Cc: Eric Van Hensbergen <ericvh@gmail.com> Cc: Latchesar Ionkov <lucho@ionkov.net> Cc: stable@vger.kernel.org Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>		2019-01-13 10:05:33 +01:00
..
6lowpan	6lowpan: iphc: reset mac_header after decompress to fix panic	2018-10-10 08:52:04 +02:00
9p	9p/net: put a lower bound on msize	2019-01-13 10:05:33 +01:00
802
8021q	vlan: also check phy_driver ts_info for vlan's real device	2018-04-13 19:50:25 +02:00
appletalk
atm	net: atm: Fix potential Spectre v1	2018-05-16 10:06:51 +02:00
ax25	ax25: fix a use-after-free in ax25_fillin_cb()	2019-01-13 10:05:27 +01:00
batman-adv	batman-adv: Expand merged fragment buffer for full packet	2018-12-13 09:21:34 +01:00
bluetooth	Bluetooth: SMP: fix crash in unpairing	2018-11-10 07:41:33 -08:00
bridge	net: bridge: remove ipv6 zero address check in mcast queries	2018-11-10 07:41:41 -08:00
caif	net: caif: Add a missing rcu_read_unlock() in caif_flow_cb	2018-09-05 09:18:34 +02:00
can	can: af_can: canfd_rcv(): replace WARN_ONCE by pr_warn_once	2018-01-31 12:06:08 +01:00
ceph	mm: replace get_user_pages_unlocked() write/force parameters with gup_flags	2018-12-17 21:55:16 +01:00
core	sock: Make sock->sk_stamp thread-safe	2019-01-13 10:05:28 +01:00
dcb	net: dcb: For wild-card lookups, use priority -1, not 0	2018-09-19 22:48:58 +02:00
dccp	dccp: fix undefined behavior with 'cwnd' shift in ccid2_cwnd_restart()	2018-08-22 07:48:35 +02:00
decnet	dn_getsockoptdecnet: move nf_{get/set}sockopt outside sock lock	2018-02-25 11:03:38 +01:00
dns_resolver	KEYS: DNS: fix parsing multiple options	2018-07-22 14:25:54 +02:00
dsa	net: dsa: Do not suspend/resume closed slave_dev	2018-08-06 16:24:41 +02:00
ethernet	net: introduce device min_header_len	2017-02-18 16:39:27 +01:00
hsr	net/hsr: fix a warning message	2015-11-23 14:56:15 -05:00
ieee802154	ieee802154: lowpan_header_create check must check daddr	2019-01-13 10:05:27 +01:00
ipv4	ipv4: Fix potential Spectre v1 vulnerability	2019-01-13 10:05:27 +01:00
ipv6	ipv6: explicitly initialize udp6_addr in udp_sock_create6()	2019-01-13 10:05:27 +01:00
ipx	ipx: call ipxitf_put() in ioctl error path	2017-05-25 14:30:13 +02:00
irda	irda: Only insert new objects into the global database via setsockopt	2018-09-15 09:40:40 +02:00
iucv	af_iucv: Move sockaddr length checks to before accessing sa_family in bind and connect handlers	2018-11-10 07:41:35 -08:00
key	af_key: Always verify length of provided sadb_key	2018-06-16 09:54:25 +02:00
l2tp	l2tp: hold tunnel socket when handling control frames in l2tp_ip and l2tp_ip6	2018-11-10 07:41:43 -08:00
l3mdev
lapb
llc	llc: do not use sk_eat_skb()	2018-12-01 09:46:34 +01:00
mac80211	mac80211: Fix condition validating WMM IE	2018-12-21 14:09:51 +01:00
mac802154	net: mac802154: tx: expand tailroom if necessary	2018-09-09 20:04:32 +02:00
mpls	mpls, nospec: Sanitize array index in mpls_label_ok()	2018-03-11 16:19:47 +01:00
netfilter	netfilter: nf_tables: fix oops when inserting an element into a verdict map	2018-12-01 09:46:40 +01:00
netlabel	netlabel: check for IPV4MASK in addrinfo_get	2018-10-20 09:52:36 +02:00
netlink	netlink: Don't shift on 64 for ngroups	2018-08-09 12:19:28 +02:00
netrom	netrom: fix locking in nr_find_socket()	2019-01-13 10:05:28 +01:00
nfc	NFC: Fix possible memory corruption when handling SHDLC I-Frame commands	2018-09-29 03:08:51 -07:00
openvswitch	openvswitch: Don't swap table in nlattr_set() after OVS_ATTR_NESTED is found	2018-05-26 08:48:47 +02:00
packet	packet: validate address length if non-zero	2019-01-13 10:05:28 +01:00
phonet	phonet: properly unshare skbs in phonet_rcv()	2016-01-31 11:29:00 -08:00
rds	rds: avoid unenecessary cong_update in loop transport	2018-07-22 14:25:54 +02:00
rfkill	rfkill: gpio: fix memory leak in probe error path	2018-05-16 10:06:51 +02:00
rose
rxrpc	rxrpc: check return value of skb_to_sgvec always	2018-04-13 19:50:23 +02:00
sched	net: Prevent invalid access to skb->prev in __qdisc_drop_all	2018-12-17 21:55:09 +01:00
sctp	sctp: initialize sin6_flowinfo for ipv6 addrs in sctp_inet6addr_event	2019-01-13 10:05:28 +01:00
sunrpc	sunrpc: use SVC_NET() in svcauth_gss_* functions	2019-01-13 10:05:32 +01:00
switchdev	switchdev: pass pointer to fib_info instead of copy	2016-06-24 10:18:16 -07:00
tipc	tipc: add policy for TIPC_NLA_NET_ADDR	2018-04-29 07:50:06 +02:00
unix	net: drop write-only stack variable	2018-11-10 07:41:34 -08:00
vmw_vsock	VSOCK: Send reset control packet when socket is partially bound	2019-01-13 10:05:28 +01:00
wimax
wireless	cfg80211: reg: Init wiphy_idx in regulatory_hint_core()	2018-11-10 07:41:33 -08:00
x25	net: x25: fix one potential use-after-free issue	2018-04-13 19:50:07 +02:00
xfrm	xfrm: Fix bucket count reported to userspace	2019-01-13 10:05:31 +01:00
compat.c	sock: Make sock->sk_stamp thread-safe	2019-01-13 10:05:28 +01:00
Kconfig	Make DST_CACHE a silent config option	2018-02-25 11:03:37 +01:00
Makefile
socket.c	net: socket: fix a missing-check bug	2018-11-10 07:41:41 -08:00
sysctl_net.c	net: Use ns_capable_noaudit() when determining net sysctl permissions	2016-09-15 08:27:50 +02:00