evie/android_kernel_oneplus_msm8998
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions
android_kernel_oneplus_msm8998/net
History
Eric Dumazet 68b87a2b4a tcp: take care of truncations done by sk_filter() 
With syzkaller help, Marco Grassi found a bug in TCP stack,
crashing in tcp_collapse()

Root cause is that sk_filter() can truncate the incoming skb,
but TCP stack was not really expecting this to happen.
It probably was expecting a simple DROP or ACCEPT behavior.

We first need to make sure no part of TCP header could be removed.
Then we need to adjust TCP_SKB_CB(skb)->end_seq

Many thanks to syzkaller team and Marco for giving us a reproducer.

CRs-Fixed: 1089895
Change-Id: I84185558fa6e80b13d7d0078bda9d75143680941
Signed-off-by: Eric Dumazet <edumazet@google.com>
Reported-by: Marco Grassi <marco.gra@gmail.com>
Reported-by: Vladis Dronov <vdronov@redhat.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
Git-commit: ac6e780070e30e4c35bd395acfe9191e6268bdd3
Git-repo: git://git.kernel.org/pub/scm/linux/kernel/git/next/linux-next.git
[subashab@codeaurora.org: resolve trivial merge conflicts]
Signed-off-by: Subash Abhinov Kasiviswanathan <subashab@codeaurora.org>
2016-11-15 14:54:51 -07:00
..
6lowpan 6lowpan: put mcast compression in an own function 2015-10-21 00:49:25 +02:00
9p IB/cma: Add support for network namespaces 2015-10-28 12:32:48 -04:00
802 net: Kill dev_rebuild_header 2015-03-02 16:43:41 -05:00
8021q vlan: Do not put vlan headers back on bridge and macvlan ports 2015-11-17 14:38:35 -05:00
appletalk net: Pass kern from net_proto_family.create to sk_alloc 2015-05-11 10:50:17 -04:00
atm atm: deal with setting entry before mkip was called 2015-09-17 22:13:32 -07:00
ax25 AX.25: Close socket connection on session completion 2016-07-11 09:31:12 -07:00
batman-adv Revert "Merge remote-tracking branch 'msm-4.4/tmp-510d0a3f' into msm-4.4" 2016-08-26 14:34:05 -07:00
bluetooth Merge remote-tracking branch 'msm-4.4/tmp-2bf7955' into msm-4.4 2016-07-22 16:45:32 -07:00
bridge Merge remote-tracking branch 'msm-4.4/tmp-510d0a3f' into msm-4.4 2016-10-21 18:00:55 -07:00
caif net: rename SOCK_ASYNC_NOSPACE and SOCK_ASYNC_WAITDATA 2015-12-01 15:45:05 -05:00
can can: avoid using timeval for uapi 2015-10-13 17:42:34 +02:00
ceph libceph: don't spam dmesg with stray reply warnings 2016-03-03 15:07:26 -08:00
core rose: limit sk_filter trim to payload 2016-11-15 14:54:51 -07:00
dcb net/dcb: make dcbnl.c explicitly non-modular 2015-10-09 07:52:27 -07:00
dccp tcp/dccp: remove obsolete WARN_ON() in icmp handlers 2016-04-20 15:42:04 +09:00
decnet Revert "Merge remote-tracking branch 'msm-4.4/tmp-510d0a3f' into msm-4.4" 2016-08-26 14:34:05 -07:00
dns_resolver net: dns_resolver: convert time_t to time64_t 2015-11-18 16:27:46 -05:00
dsa net: dsa: use switchdev obj for VLAN add/del ops 2015-11-01 15:56:11 -05:00
ethernet net: help compiler generate better code in eth_get_headlen 2015-09-28 22:51:15 -07:00
hsr net/hsr: fix a warning message 2015-11-23 14:56:15 -05:00
ieee802154 net: fix percpu memory leaks 2015-11-02 22:47:14 -05:00
ipc_router net: ipc_router: fix NULL pointer de-reference issue 2016-09-21 19:06:28 +05:30
ipv4 tcp: take care of truncations done by sk_filter() 2016-11-15 14:54:51 -07:00
ipv6 tcp: take care of truncations done by sk_filter() 2016-11-15 14:54:51 -07:00
ipx net: Pass kern from net_proto_family.create to sk_alloc 2015-05-11 10:50:17 -04:00
irda net: add validation for the socket syscall protocol argument 2015-12-14 16:09:30 -05:00
iucv af_iucv: Validate socket address length in iucv_sock_bind() 2016-03-03 15:07:03 -08:00
key af_key: fix two typos 2015-10-23 03:05:19 -07:00
l2tp l2tp: fix configuration passed to setup_udp_tunnel_sock() 2016-06-24 10:18:17 -07:00
l3mdev net: Add netif_is_l3_slave 2015-10-07 04:27:43 -07:00
lapb lapb: move EXPORT_SYMBOL after functions. 2014-10-24 15:51:42 -04:00
llc Revert "Merge remote-tracking branch 'msm-4.4/tmp-510d0a3f' into msm-4.4" 2016-08-26 14:34:05 -07:00
mac80211 Merge "Merge remote-tracking branch 'msm4.4/tmp-da9a92f' into msm-4.4" 2016-11-04 22:22:00 -07:00
mac802154 mac802154: llsec: use kzfree 2015-10-21 00:49:24 +02:00
mpls mpls: find_outdev: check for err ptr in addition to NULL check 2016-04-20 15:42:07 +09:00
netfilter nf: IDLETIMER: Fix use after free condition during work 2016-11-14 12:08:11 -07:00
netlabel netlink: implement nla_put_in_addr and nla_put_in6_addr 2015-03-31 13:58:35 -04:00
netlink Merge remote-tracking branch 'msm4.4/tmp-da9a92f' into msm-4.4 2016-10-28 10:48:35 -07:00
netrom netfilter: Remove spurios included of netfilter.h 2015-06-18 21:14:32 +02:00
nfc net: rename SOCK_ASYNC_NOSPACE and SOCK_ASYNC_WAITDATA 2015-12-01 15:45:05 -05:00
openvswitch Revert "Merge remote-tracking branch 'msm-4.4/tmp-510d0a3f' into msm-4.4" 2016-08-26 14:34:05 -07:00
packet Revert "Merge remote-tracking branch 'msm-4.4/tmp-510d0a3f' into msm-4.4" 2016-08-26 14:34:05 -07:00
phonet phonet: properly unshare skbs in phonet_rcv() 2016-01-31 11:29:00 -08:00
rds RDS: fix race condition when sending a message on unbound socket 2015-11-24 17:20:09 -05:00
rfkill Merge remote-tracking branch 'origin/tmp-917a9a9133a6' into lsk 2016-07-12 11:40:49 -07:00
rmnet_data net: rmnet_data: Handle buffer bloat for TCP scenarios 2016-11-14 12:49:05 -07:00
rose rose: limit sk_filter trim to payload 2016-11-15 14:54:51 -07:00
rxrpc net: rename SOCK_ASYNC_NOSPACE and SOCK_ASYNC_WAITDATA 2015-12-01 15:45:05 -05:00
sched Merge remote-tracking branch 'msm4.4/tmp-da9a92f' into msm-4.4 2016-10-28 10:48:35 -07:00
sctp sctp: lack the check for ports in sctp_v6_cmp_addr 2016-04-20 15:41:58 +09:00
sunrpc Revert "Merge remote-tracking branch 'msm-4.4/tmp-510d0a3f' into msm-4.4" 2016-08-26 14:34:05 -07:00
switchdev switchdev: pass pointer to fib_info instead of copy 2016-06-24 10:18:16 -07:00
tipc tipc: fix nametable publication field in nl compat 2016-06-24 10:18:16 -07:00
unix af_unix: fix hard linked sockets on overlay 2016-07-27 09:47:33 -07:00
vmw_vsock Revert "Merge remote-tracking branch 'msm-4.4/tmp-510d0a3f' into msm-4.4" 2016-08-26 14:34:05 -07:00
wimax net:wimax: Fix doucble word "the the" in networking.xml 2015-08-09 22:43:52 -07:00
wireless Merge "Merge remote-tracking branch 'msm4.4/tmp-da9a92f' into msm-4.4" 2016-11-04 22:22:00 -07:00
x25 Revert "Merge remote-tracking branch 'msm-4.4/tmp-510d0a3f' into msm-4.4" 2016-08-26 14:34:05 -07:00
xfrm net: Revert upstream changes which break routing in tunnel scenarios 2016-07-21 10:58:54 -06:00
compat.c net: switch importing msghdr from userland to {compat_,}import_iovec() 2015-04-09 00:02:26 -04:00
Kconfig Revert "net: activity_stats: Add statistics for network transmission activity" 2016-07-28 19:47:52 -07:00
Makefile Revert "net: activity_stats: Add statistics for network transmission activity" 2016-07-28 19:47:52 -07:00
socket.c Merge remote-tracking branch 'msm-4.4/tmp-2bf7955' into msm-4.4 2016-07-22 16:45:32 -07:00
sysctl_net.c net: sysctl: fix a kmemleak warning 2015-10-23 06:22:08 -07:00