evie/android_kernel_oneplus_msm8998
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions
android_kernel_oneplus_msm8998/net/ipv6
History
Eric Dumazet 68b87a2b4a tcp: take care of truncations done by sk_filter() 
With syzkaller help, Marco Grassi found a bug in TCP stack,
crashing in tcp_collapse()

Root cause is that sk_filter() can truncate the incoming skb,
but TCP stack was not really expecting this to happen.
It probably was expecting a simple DROP or ACCEPT behavior.

We first need to make sure no part of TCP header could be removed.
Then we need to adjust TCP_SKB_CB(skb)->end_seq

Many thanks to syzkaller team and Marco for giving us a reproducer.

CRs-Fixed: 1089895
Change-Id: I84185558fa6e80b13d7d0078bda9d75143680941
Signed-off-by: Eric Dumazet <edumazet@google.com>
Reported-by: Marco Grassi <marco.gra@gmail.com>
Reported-by: Vladis Dronov <vdronov@redhat.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
Git-commit: ac6e780070e30e4c35bd395acfe9191e6268bdd3
Git-repo: git://git.kernel.org/pub/scm/linux/kernel/git/next/linux-next.git
[subashab@codeaurora.org: resolve trivial merge conflicts]
Signed-off-by: Subash Abhinov Kasiviswanathan <subashab@codeaurora.org>
2016-11-15 14:54:51 -07:00
..
netfilter Merge "netfilter: x_tables: validate e->target_offset early" 2016-09-30 18:23:30 -07:00
addrconf.c Merge remote-tracking branch 'origin/tmp-917a9a9133a6' into lsk 2016-07-12 11:40:49 -07:00
addrconf_core.c
addrlabel.c
af_inet6.c Revert "net: socket ioctl to reset connections matching local address" 2016-05-19 12:32:41 +05:30
ah6.c
anycast.c
datagram.c Merge remote-tracking branch 'origin/tmp-917a9a9133a6' into lsk 2016-07-12 11:40:49 -07:00
esp6.c
exthdrs.c
exthdrs_core.c Merge remote-tracking branch 'msm-4.4/tmp-2bf7955' into msm-4.4 2016-07-22 16:45:32 -07:00
exthdrs_offload.c
fib6_rules.c
icmp.c
ila.c
inet6_connection_sock.c
inet6_hashtables.c
ip6_checksum.c
ip6_fib.c ipv6: Fix mem leak in rt6i_pcpu 2016-07-27 09:47:31 -07:00
ip6_flowlabel.c
ip6_gre.c
ip6_icmp.c
ip6_input.c
ip6_offload.c ipv4/GRO: Make GRO conform to RFC 6864 2016-08-26 15:05:01 -07:00
ip6_offload.h
ip6_output.c Merge remote-tracking branch 'msm4.4/tmp-da9a92f' into msm-4.4 2016-10-28 10:48:35 -07:00
ip6_tunnel.c
ip6_udp_tunnel.c
ip6_vti.c
ip6mr.c ipmr/ip6mr: Initialize the last assert time of mfc entries. 2016-07-11 09:31:11 -07:00
ipcomp6.c
ipv6_sockglue.c
Kconfig
Makefile
mcast.c
mcast_snoop.c
mip6.c
ndisc.c
netfilter.c
output_core.c
ping.c
proc.c
protocol.c
raw.c
reassembly.c Revert "Merge remote-tracking branch 'msm-4.4/tmp-510d0a3f' into msm-4.4" 2016-08-26 14:34:05 -07:00
route.c Merge remote-tracking branch 'msm-4.4/tmp-510d0a3f' into msm-4.4 2016-10-21 18:00:55 -07:00
sit.c sit: correct IP protocol used in ipip6_err 2016-07-11 09:31:11 -07:00
syncookies.c
sysctl_net_ipv6.c
tcp_ipv6.c tcp: take care of truncations done by sk_filter() 2016-11-15 14:54:51 -07:00
tcpv6_offload.c
tunnel6.c
udp.c Merge remote-tracking branch 'msm-4.4/tmp-2bf7955' into msm-4.4 2016-07-22 16:45:32 -07:00
udp_impl.h
udp_offload.c
udplite.c
xfrm6_input.c
xfrm6_mode_beet.c
xfrm6_mode_ro.c
xfrm6_mode_transport.c
xfrm6_mode_tunnel.c
xfrm6_output.c
xfrm6_policy.c net: Revert upstream changes which break routing in tunnel scenarios 2016-07-21 10:58:54 -06:00
xfrm6_protocol.c
xfrm6_state.c
xfrm6_tunnel.c