evie/android_kernel_oneplus_msm8998
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions
android_kernel_oneplus_msm8998/net
History
Eric Dumazet 68b87a2b4a tcp: take care of truncations done by sk_filter() 
With syzkaller help, Marco Grassi found a bug in TCP stack,
crashing in tcp_collapse()

Root cause is that sk_filter() can truncate the incoming skb,
but TCP stack was not really expecting this to happen.
It probably was expecting a simple DROP or ACCEPT behavior.

We first need to make sure no part of TCP header could be removed.
Then we need to adjust TCP_SKB_CB(skb)->end_seq

Many thanks to syzkaller team and Marco for giving us a reproducer.

CRs-Fixed: 1089895
Change-Id: I84185558fa6e80b13d7d0078bda9d75143680941
Signed-off-by: Eric Dumazet <edumazet@google.com>
Reported-by: Marco Grassi <marco.gra@gmail.com>
Reported-by: Vladis Dronov <vdronov@redhat.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
Git-commit: ac6e780070e30e4c35bd395acfe9191e6268bdd3
Git-repo: git://git.kernel.org/pub/scm/linux/kernel/git/next/linux-next.git
[subashab@codeaurora.org: resolve trivial merge conflicts]
Signed-off-by: Subash Abhinov Kasiviswanathan <subashab@codeaurora.org>
2016-11-15 14:54:51 -07:00
..
6lowpan
9p
802
8021q
appletalk
atm
ax25 AX.25: Close socket connection on session completion 2016-07-11 09:31:12 -07:00
batman-adv Revert "Merge remote-tracking branch 'msm-4.4/tmp-510d0a3f' into msm-4.4" 2016-08-26 14:34:05 -07:00
bluetooth Merge remote-tracking branch 'msm-4.4/tmp-2bf7955' into msm-4.4 2016-07-22 16:45:32 -07:00
bridge Merge remote-tracking branch 'msm-4.4/tmp-510d0a3f' into msm-4.4 2016-10-21 18:00:55 -07:00
caif
can
ceph
core rose: limit sk_filter trim to payload 2016-11-15 14:54:51 -07:00
dcb
dccp tcp/dccp: remove obsolete WARN_ON() in icmp handlers 2016-04-20 15:42:04 +09:00
decnet Revert "Merge remote-tracking branch 'msm-4.4/tmp-510d0a3f' into msm-4.4" 2016-08-26 14:34:05 -07:00
dns_resolver
dsa
ethernet
hsr
ieee802154
ipc_router net: ipc_router: fix NULL pointer de-reference issue 2016-09-21 19:06:28 +05:30
ipv4 tcp: take care of truncations done by sk_filter() 2016-11-15 14:54:51 -07:00
ipv6 tcp: take care of truncations done by sk_filter() 2016-11-15 14:54:51 -07:00
ipx
irda
iucv
key
l2tp l2tp: fix configuration passed to setup_udp_tunnel_sock() 2016-06-24 10:18:17 -07:00
l3mdev
lapb
llc Revert "Merge remote-tracking branch 'msm-4.4/tmp-510d0a3f' into msm-4.4" 2016-08-26 14:34:05 -07:00
mac80211 Merge "Merge remote-tracking branch 'msm4.4/tmp-da9a92f' into msm-4.4" 2016-11-04 22:22:00 -07:00
mac802154
mpls mpls: find_outdev: check for err ptr in addition to NULL check 2016-04-20 15:42:07 +09:00
netfilter nf: IDLETIMER: Fix use after free condition during work 2016-11-14 12:08:11 -07:00
netlabel
netlink Merge remote-tracking branch 'msm4.4/tmp-da9a92f' into msm-4.4 2016-10-28 10:48:35 -07:00
netrom
nfc
openvswitch Revert "Merge remote-tracking branch 'msm-4.4/tmp-510d0a3f' into msm-4.4" 2016-08-26 14:34:05 -07:00
packet Revert "Merge remote-tracking branch 'msm-4.4/tmp-510d0a3f' into msm-4.4" 2016-08-26 14:34:05 -07:00
phonet
rds
rfkill Merge remote-tracking branch 'origin/tmp-917a9a9133a6' into lsk 2016-07-12 11:40:49 -07:00
rmnet_data net: rmnet_data: Handle buffer bloat for TCP scenarios 2016-11-14 12:49:05 -07:00
rose rose: limit sk_filter trim to payload 2016-11-15 14:54:51 -07:00
rxrpc
sched Merge remote-tracking branch 'msm4.4/tmp-da9a92f' into msm-4.4 2016-10-28 10:48:35 -07:00
sctp sctp: lack the check for ports in sctp_v6_cmp_addr 2016-04-20 15:41:58 +09:00
sunrpc Revert "Merge remote-tracking branch 'msm-4.4/tmp-510d0a3f' into msm-4.4" 2016-08-26 14:34:05 -07:00
switchdev switchdev: pass pointer to fib_info instead of copy 2016-06-24 10:18:16 -07:00
tipc tipc: fix nametable publication field in nl compat 2016-06-24 10:18:16 -07:00
unix af_unix: fix hard linked sockets on overlay 2016-07-27 09:47:33 -07:00
vmw_vsock Revert "Merge remote-tracking branch 'msm-4.4/tmp-510d0a3f' into msm-4.4" 2016-08-26 14:34:05 -07:00
wimax
wireless Merge "Merge remote-tracking branch 'msm4.4/tmp-da9a92f' into msm-4.4" 2016-11-04 22:22:00 -07:00
x25 Revert "Merge remote-tracking branch 'msm-4.4/tmp-510d0a3f' into msm-4.4" 2016-08-26 14:34:05 -07:00
xfrm net: Revert upstream changes which break routing in tunnel scenarios 2016-07-21 10:58:54 -06:00
compat.c
Kconfig Revert "net: activity_stats: Add statistics for network transmission activity" 2016-07-28 19:47:52 -07:00
Makefile Revert "net: activity_stats: Add statistics for network transmission activity" 2016-07-28 19:47:52 -07:00
socket.c Merge remote-tracking branch 'msm-4.4/tmp-2bf7955' into msm-4.4 2016-07-22 16:45:32 -07:00
sysctl_net.c