Ksawlii/kernel_samsung_a53x
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions
kernel_samsung_a53x/net/ipv4
History
Eric Dumazet 7742eb3f5f net: ip_tunnel: make sure to pull inner header in ip_tunnel_rcv() 
[ Upstream commit b0ec2abf98267f14d032102551581c833b0659d3 ]

Apply the same fix than ones found in :

8d975c15c0cd ("ip6_tunnel: make sure to pull inner header in __ip6_tnl_rcv()")
1ca1ba465e55 ("geneve: make sure to pull inner header in geneve_rx()")

We have to save skb->network_header in a temporary variable
in order to be able to recompute the network_header pointer
after a pskb_inet_may_pull() call.

pskb_inet_may_pull() makes sure the needed headers are in skb->head.

syzbot reported:
BUG: KMSAN: uninit-value in __INET_ECN_decapsulate include/net/inet_ecn.h:253 [inline]
 BUG: KMSAN: uninit-value in INET_ECN_decapsulate include/net/inet_ecn.h:275 [inline]
 BUG: KMSAN: uninit-value in IP_ECN_decapsulate include/net/inet_ecn.h:302 [inline]
 BUG: KMSAN: uninit-value in ip_tunnel_rcv+0xed9/0x2ed0 net/ipv4/ip_tunnel.c:409
  __INET_ECN_decapsulate include/net/inet_ecn.h:253 [inline]
  INET_ECN_decapsulate include/net/inet_ecn.h:275 [inline]
  IP_ECN_decapsulate include/net/inet_ecn.h:302 [inline]
  ip_tunnel_rcv+0xed9/0x2ed0 net/ipv4/ip_tunnel.c:409
  __ipgre_rcv+0x9bc/0xbc0 net/ipv4/ip_gre.c:389
  ipgre_rcv net/ipv4/ip_gre.c:411 [inline]
  gre_rcv+0x423/0x19f0 net/ipv4/ip_gre.c:447
  gre_rcv+0x2a4/0x390 net/ipv4/gre_demux.c:163
  ip_protocol_deliver_rcu+0x264/0x1300 net/ipv4/ip_input.c:205
  ip_local_deliver_finish+0x2b8/0x440 net/ipv4/ip_input.c:233
  NF_HOOK include/linux/netfilter.h:314 [inline]
  ip_local_deliver+0x21f/0x490 net/ipv4/ip_input.c:254
  dst_input include/net/dst.h:461 [inline]
  ip_rcv_finish net/ipv4/ip_input.c:449 [inline]
  NF_HOOK include/linux/netfilter.h:314 [inline]
  ip_rcv+0x46f/0x760 net/ipv4/ip_input.c:569
  __netif_receive_skb_one_core net/core/dev.c:5534 [inline]
  __netif_receive_skb+0x1a6/0x5a0 net/core/dev.c:5648
  netif_receive_skb_internal net/core/dev.c:5734 [inline]
  netif_receive_skb+0x58/0x660 net/core/dev.c:5793
  tun_rx_batched+0x3ee/0x980 drivers/net/tun.c:1556
  tun_get_user+0x53b9/0x66e0 drivers/net/tun.c:2009
  tun_chr_write_iter+0x3af/0x5d0 drivers/net/tun.c:2055
  call_write_iter include/linux/fs.h:2087 [inline]
  new_sync_write fs/read_write.c:497 [inline]
  vfs_write+0xb6b/0x1520 fs/read_write.c:590
  ksys_write+0x20f/0x4c0 fs/read_write.c:643
  __do_sys_write fs/read_write.c:655 [inline]
  __se_sys_write fs/read_write.c:652 [inline]
  __x64_sys_write+0x93/0xd0 fs/read_write.c:652
  do_syscall_x64 arch/x86/entry/common.c:52 [inline]
  do_syscall_64+0xcf/0x1e0 arch/x86/entry/common.c:83
 entry_SYSCALL_64_after_hwframe+0x63/0x6b

Uninit was created at:
  __alloc_pages+0x9a6/0xe00 mm/page_alloc.c:4590
  alloc_pages_mpol+0x62b/0x9d0 mm/mempolicy.c:2133
  alloc_pages+0x1be/0x1e0 mm/mempolicy.c:2204
  skb_page_frag_refill+0x2bf/0x7c0 net/core/sock.c:2909
  tun_build_skb drivers/net/tun.c:1686 [inline]
  tun_get_user+0xe0a/0x66e0 drivers/net/tun.c:1826
  tun_chr_write_iter+0x3af/0x5d0 drivers/net/tun.c:2055
  call_write_iter include/linux/fs.h:2087 [inline]
  new_sync_write fs/read_write.c:497 [inline]
  vfs_write+0xb6b/0x1520 fs/read_write.c:590
  ksys_write+0x20f/0x4c0 fs/read_write.c:643
  __do_sys_write fs/read_write.c:655 [inline]
  __se_sys_write fs/read_write.c:652 [inline]
  __x64_sys_write+0x93/0xd0 fs/read_write.c:652
  do_syscall_x64 arch/x86/entry/common.c:52 [inline]
  do_syscall_64+0xcf/0x1e0 arch/x86/entry/common.c:83
 entry_SYSCALL_64_after_hwframe+0x63/0x6b

Fixes: c54419321455 ("GRE: Refactor GRE tunneling code.")
Reported-by: syzbot <syzkaller@googlegroups.com>
Signed-off-by: Eric Dumazet <edumazet@google.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
Signed-off-by: Sasha Levin <sashal@kernel.org>
2024-11-19 08:44:49 +01:00
..
bpfilter Import A536BXXU9EXDC 2024-06-15 16:02:09 -03:00
netfilter Import A536BXXU9EXDC 2024-06-15 16:02:09 -03:00
af_inet.c inet: read sk->sk_family once in inet_recv_error() 2024-11-18 12:13:25 +01:00
ah4.c Import A536BXXU9EXDC 2024-06-15 16:02:09 -03:00
arp.c arp: Prevent overflow in arp_req_get(). 2024-11-18 22:25:42 +01:00
bpf_tcp_ca.c Import A536BXXU9EXDC 2024-06-15 16:02:09 -03:00
cipso_ipv4.c Import A536BXXU9EXDC 2024-06-15 16:02:09 -03:00
datagram.c Import A536BXXU9EXDC 2024-06-15 16:02:09 -03:00
devinet.c ipv4: properly combine dev_base_seq and ipv4.dev_addr_genid 2024-11-18 22:25:41 +01:00
esp4.c net: ipv4: fix return value check in esp_remove_trailer 2024-11-08 11:26:10 +01:00
esp4_offload.c Import A536BXXU9EXDC 2024-06-15 16:02:09 -03:00
fib_frontend.c Import A536BXXU9EXDC 2024-06-15 16:02:09 -03:00
fib_lookup.h Import A536BXXU9EXDC 2024-06-15 16:02:09 -03:00
fib_notifier.c Import A536BXXU9EXDC 2024-06-15 16:02:09 -03:00
fib_rules.c Import A536BXXU9EXDC 2024-06-15 16:02:09 -03:00
fib_semantics.c ipv4/fib: send notify when delete source address routes 2024-11-08 11:26:17 +01:00
fib_trie.c ipv4/fib: send notify when delete source address routes 2024-11-08 11:26:17 +01:00
fou.c Import A536BXXU9EXDC 2024-06-15 16:02:09 -03:00
gre_demux.c Import A536BXXU9EXDC 2024-06-15 16:02:09 -03:00
gre_offload.c Import A536BXXU9EXDC 2024-06-15 16:02:09 -03:00
icmp.c Import A536BXXU9EXDC 2024-06-15 16:02:09 -03:00
igmp.c ipv4: igmp: fix refcnt uaf issue when receiving igmp query packet 2024-11-18 12:11:10 +01:00
inet_connection_sock.c tcp: make sure init the accept_queue's spinlocks once 2024-11-18 12:12:59 +01:00
inet_diag.c inet_diag: annotate data-races around inet_diag_table[] 2024-11-19 08:44:38 +01:00
inet_fragment.c Import A536BXXU9EXDC 2024-06-15 16:02:09 -03:00
inet_hashtables.c Import A536BXXU9EXDC 2024-06-15 16:02:09 -03:00
inet_timewait_sock.c Import A536BXXU9EXDC 2024-06-15 16:02:09 -03:00
inetpeer.c Import A536BXXU9EXDC 2024-06-15 16:02:09 -03:00
ip_forward.c Import A536BXXU9EXDC 2024-06-15 16:02:09 -03:00
ip_fragment.c Import A536BXXU9EXDC 2024-06-15 16:02:09 -03:00
ip_gre.c ipv4: ip_gre: Avoid skb_pull() failure in ipgre_xmit() 2024-11-18 12:11:39 +01:00
ip_input.c Import A536BXXU9EXDC 2024-06-15 16:02:09 -03:00
ip_options.c Import A536BXXU9EXDC 2024-06-15 16:02:09 -03:00
ip_output.c net: ipv4: fix a memleak in ip_setup_cork 2024-11-18 12:13:22 +01:00
ip_sockglue.c Import A536BXXU9EXDC 2024-06-15 16:02:09 -03:00
ip_tunnel.c net: ip_tunnel: make sure to pull inner header in ip_tunnel_rcv() 2024-11-19 08:44:49 +01:00
ip_tunnel_core.c tunnels: fix out of bounds access when building IPv6 PMTU error 2024-11-18 12:13:24 +01:00
ip_vti.c Import A536BXXU9EXDC 2024-06-15 16:02:09 -03:00
ipcomp.c Import A536BXXU9EXDC 2024-06-15 16:02:09 -03:00
ipconfig.c Import A536BXXU9EXDC 2024-06-15 16:02:09 -03:00
ipip.c Import A536BXXU9EXDC 2024-06-15 16:02:09 -03:00
ipmr.c Import A536BXXU9EXDC 2024-06-15 16:02:09 -03:00
ipmr_base.c Import A536BXXU9EXDC 2024-06-15 16:02:09 -03:00
Kconfig Import A536BXXU9EXDC 2024-06-15 16:02:09 -03:00
Makefile Import A536BXXU9EXDC 2024-06-15 16:02:09 -03:00
metrics.c Import A536BXXU9EXDC 2024-06-15 16:02:09 -03:00
netfilter.c Import A536BXXU9EXDC 2024-06-15 16:02:09 -03:00
netlink.c Import A536BXXU9EXDC 2024-06-15 16:02:09 -03:00
nexthop.c Import A536BXXU9EXDC 2024-06-15 16:02:09 -03:00
ping.c Import A536BXXU9EXDC 2024-06-15 16:02:09 -03:00
proc.c Import A536BXXU9EXDC 2024-06-15 16:02:09 -03:00
protocol.c Import A536BXXU9EXDC 2024-06-15 16:02:09 -03:00
raw.c Import A536BXXU9EXDC 2024-06-15 16:02:09 -03:00
raw_diag.c Import A536BXXU9EXDC 2024-06-15 16:02:09 -03:00
route.c ipv4: Correct/silence an endian warning in __ip_do_redirect 2024-11-18 12:10:55 +01:00
syncookies.c tcp: fix cookie_init_timestamp() overflows 2024-11-18 11:42:50 +01:00
sysctl_net_ipv4.c Import A536BXXU9EXDC 2024-06-15 16:02:09 -03:00
tcp.c tcp: add sanity checks to rx zerocopy 2024-11-18 12:13:22 +01:00
tcp_bbr.c Import A536BXXU9EXDC 2024-06-15 16:02:09 -03:00
tcp_bic.c Import A536BXXU9EXDC 2024-06-15 16:02:09 -03:00
tcp_bpf.c Import A536BXXU9EXDC 2024-06-15 16:02:09 -03:00
tcp_cdg.c Import A536BXXU9EXDC 2024-06-15 16:02:09 -03:00
tcp_cong.c Import A536BXXU9EXDC 2024-06-15 16:02:09 -03:00
tcp_cubic.c Import A536BXXU9EXDC 2024-06-15 16:02:09 -03:00
tcp_dctcp.c Import A536BXXU9EXDC 2024-06-15 16:02:09 -03:00
tcp_dctcp.h Import A536BXXU9EXDC 2024-06-15 16:02:09 -03:00
tcp_diag.c Import A536BXXU9EXDC 2024-06-15 16:02:09 -03:00
tcp_fastopen.c Import A536BXXU9EXDC 2024-06-15 16:02:09 -03:00
tcp_highspeed.c Import A536BXXU9EXDC 2024-06-15 16:02:09 -03:00
tcp_htcp.c Import A536BXXU9EXDC 2024-06-15 16:02:09 -03:00
tcp_hybla.c Import A536BXXU9EXDC 2024-06-15 16:02:09 -03:00
tcp_illinois.c Import A536BXXU9EXDC 2024-06-15 16:02:09 -03:00
tcp_input.c tcp: do not accept ACK of bytes we never sent 2024-11-18 12:11:39 +01:00
tcp_ipv4.c tcp: Enable ECN negotiation by default 2024-11-17 17:42:51 +01:00
tcp_lp.c Import A536BXXU9EXDC 2024-06-15 16:02:09 -03:00
tcp_metrics.c tcp_metrics: do not create an entry from tcp_init_metrics() 2024-11-18 11:42:49 +01:00
tcp_minisocks.c Import A536BXXU9EXDC 2024-06-15 16:02:09 -03:00
tcp_nv.c Import A536BXXU9EXDC 2024-06-15 16:02:09 -03:00
tcp_offload.c Import A536BXXU9EXDC 2024-06-15 16:02:09 -03:00
tcp_output.c net: Remove acked SYN flag from packet in the transmit queue correctly 2024-11-18 12:11:49 +01:00
tcp_rate.c Import A536BXXU9EXDC 2024-06-15 16:02:09 -03:00
tcp_recovery.c tcp: fix excessive TLP and RACK timeouts from HZ rounding 2024-11-08 11:26:10 +01:00
tcp_scalable.c Import A536BXXU9EXDC 2024-06-15 16:02:09 -03:00
tcp_timer.c Import A536BXXU9EXDC 2024-06-15 16:02:09 -03:00
tcp_ulp.c Import A536BXXU9EXDC 2024-06-15 16:02:09 -03:00
tcp_vegas.c Import A536BXXU9EXDC 2024-06-15 16:02:09 -03:00
tcp_vegas.h Import A536BXXU9EXDC 2024-06-15 16:02:09 -03:00
tcp_veno.c Import A536BXXU9EXDC 2024-06-15 16:02:09 -03:00
tcp_westwood.c Import A536BXXU9EXDC 2024-06-15 16:02:09 -03:00
tcp_yeah.c Import A536BXXU9EXDC 2024-06-15 16:02:09 -03:00
tunnel4.c Import A536BXXU9EXDC 2024-06-15 16:02:09 -03:00
udp.c udp: add missing WRITE_ONCE() around up->encap_rcv 2024-11-18 11:42:47 +01:00
udp_bpf.c Import A536BXXU9EXDC 2024-06-15 16:02:09 -03:00
udp_diag.c Import A536BXXU9EXDC 2024-06-15 16:02:09 -03:00
udp_impl.h Import A536BXXU9EXDC 2024-06-15 16:02:09 -03:00
udp_offload.c Import A536BXXU9EXDC 2024-06-15 16:02:09 -03:00
udp_tunnel_core.c Import A536BXXU9EXDC 2024-06-15 16:02:09 -03:00
udp_tunnel_nic.c Import A536BXXU9EXDC 2024-06-15 16:02:09 -03:00
udp_tunnel_stub.c Import A536BXXU9EXDC 2024-06-15 16:02:09 -03:00
udplite.c Import A536BXXU9EXDC 2024-06-15 16:02:09 -03:00
xfrm4_input.c Import A536BXXU9EXDC 2024-06-15 16:02:09 -03:00
xfrm4_output.c Import A536BXXU9EXDC 2024-06-15 16:02:09 -03:00
xfrm4_policy.c Import A536BXXU9EXDC 2024-06-15 16:02:09 -03:00
xfrm4_protocol.c Import A536BXXU9EXDC 2024-06-15 16:02:09 -03:00
xfrm4_state.c Import A536BXXU9EXDC 2024-06-15 16:02:09 -03:00
xfrm4_tunnel.c Import A536BXXU9EXDC 2024-06-15 16:02:09 -03:00