Ksawlii/kernel_samsung_a53x
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions
kernel_samsung_a53x/net/ipv4
History
Willem de Bruijn e1d2f5465e BACKPORT: gso: fix udp gso fraglist segmentation after pull from frag_list 
Detect gso fraglist skbs with corrupted geometry (see below) and
pass these to skb_segment instead of skb_segment_list, as the first
can segment them correctly.

Valid SKB_GSO_FRAGLIST skbs
- consist of two or more segments
- the head_skb holds the protocol headers plus first gso_size
- one or more frag_list skbs hold exactly one segment
- all but the last must be gso_size

Optional datapath hooks such as NAT and BPF (bpf_skb_pull_data) can
modify these skbs, breaking these invariants.

In extreme cases they pull all data into skb linear. For UDP, this
causes a NULL ptr deref in __udpv4_gso_segment_list_csum at
udp_hdr(seg->next)->dest.

Detect invalid geometry due to pull, by checking head_skb size.
Don't just drop, as this may blackhole a destination. Convert to be
able to pass to regular skb_segment.

Link: https://lore.kernel.org/netdev/20240428142913.18666-1-shiming.cheng@mediatek.com/
Fixes: 9fd1ff5d2ac7 ("udp: Support UDP fraglist GRO/GSO.")
Signed-off-by: Willem de Bruijn <willemb@google.com>
Cc: stable@vger.kernel.org
Link: https://patch.msgid.link/20241001171752.107580-1-willemdebruijn.kernel@gmail.com
Signed-off-by: Jakub Kicinski <kuba@kernel.org>

Bug: 373245346
Bug: 333849117
Change-Id: I5a317e002f149cf9d399dce9bf87cd649a24da19
(cherry picked from commit a1e40ac5b5e9077fe1f7ae0eb88034db0f9ae1ab)
Signed-off-by: Lena Wang <lena.wang@mediatek.corp-partner.google.com>
(cherry picked from commit 42c2d1ea7c1bf984372f0ca1711d91165cbb87a6)
(cherry picked from commit 7376b8e51c4ddaa8e36b2b33d6ac3392135183b1)
2025-01-19 00:09:57 +01:00
..
bpfilter Import A536BXXU9EXDC 2024-06-15 16:02:09 -03:00
netfilter Revert "netfilter: nf_tables: prevent nf_skb_duplicated corruption" 2024-11-24 00:23:12 +01:00
af_inet.c net: inet: do not leave a dangling sk pointer in inet_create() 2024-12-17 13:24:30 +01:00
ah4.c Import A536BXXU9EXDC 2024-06-15 16:02:09 -03:00
arp.c arp: Prevent overflow in arp_req_get(). 2024-11-18 22:25:42 +01:00
bpf_tcp_ca.c Import A536BXXU9EXDC 2024-06-15 16:02:09 -03:00
cipso_ipv4.c cipso: fix total option length computation 2024-11-19 14:19:08 +01:00
datagram.c Import A536BXXU9EXDC 2024-06-15 16:02:09 -03:00
devinet.c Revert "ipv4: Check !in_dev earlier for ioctl(SIOCSIFADDR)." 2024-11-24 00:23:08 +01:00
esp4.c Revert "net: esp: cleanup esp_output_tail_tcp() in case of unsupported ESPINTCP" 2024-11-24 00:23:57 +01:00
esp4_offload.c Import A536BXXU9EXDC 2024-06-15 16:02:09 -03:00
fib_frontend.c Revert "ipv4: Mask upper DSCP bits and ECN bits in NETLINK_FIB_LOOKUP family" 2024-11-24 00:23:08 +01:00
fib_lookup.h Import A536BXXU9EXDC 2024-06-15 16:02:09 -03:00
fib_notifier.c Import A536BXXU9EXDC 2024-06-15 16:02:09 -03:00
fib_rules.c Import A536BXXU9EXDC 2024-06-15 16:02:09 -03:00
fib_semantics.c net: Add l3mdev index to flow struct and avoid oif reset for port devices 2024-11-23 23:21:52 +01:00
fib_trie.c net: Add l3mdev index to flow struct and avoid oif reset for port devices 2024-11-23 23:21:52 +01:00
fou.c Revert "fou: remove sparse errors" 2024-11-24 00:23:41 +01:00
gre_demux.c Import A536BXXU9EXDC 2024-06-15 16:02:09 -03:00
gre_offload.c Revert "gro: remove rcu_read_lock/rcu_read_unlock from gro_receive handlers" 2024-11-24 00:23:41 +01:00
icmp.c Import A536BXXU9EXDC 2024-06-15 16:02:09 -03:00
igmp.c bpf: net: Change do_ip_getsockopt() to take the sockptr_t argument 2024-11-19 08:44:49 +01:00
inet_connection_sock.c tcp: properly terminate timers for kernel sockets 2024-11-19 09:22:44 +01:00
inet_diag.c inet_diag: Initialize pad field in struct inet_diag_req_v2 2024-11-19 14:19:41 +01:00
inet_fragment.c Revert "inet: inet_defrag: prevent sk release while still in use" 2024-11-24 00:23:32 +01:00
inet_hashtables.c Revert "net: set SOCK_RCU_FREE before inserting socket into hashtable" 2024-11-24 00:23:47 +01:00
inet_timewait_sock.c tcp: Fix NEW_SYN_RECV handling in inet_twsk_purge() 2024-11-19 11:32:40 +01:00
inetpeer.c Import A536BXXU9EXDC 2024-06-15 16:02:09 -03:00
ip_forward.c Import A536BXXU9EXDC 2024-06-15 16:02:09 -03:00
ip_fragment.c Revert "inet: inet_defrag: prevent sk release while still in use" 2024-11-24 00:23:32 +01:00
ip_gre.c Revert "ipv4: ip_gre: Fix drops of small packets in ipgre_xmit" 2024-11-24 00:23:12 +01:00
ip_input.c Import A536BXXU9EXDC 2024-06-15 16:02:09 -03:00
ip_options.c Import A536BXXU9EXDC 2024-06-15 16:02:09 -03:00
ip_output.c net: ipv4: fix a memleak in ip_setup_cork 2024-11-18 12:13:22 +01:00
ip_sockglue.c bpf: net: Change do_ip_getsockopt() to take the sockptr_t argument 2024-11-19 08:44:49 +01:00
ip_tunnel.c net: Handle l3mdev in ip_tunnel_init_flow 2024-11-23 23:21:53 +01:00
ip_tunnel_core.c tunnels: fix out of bounds access when building IPv6 PMTU error 2024-11-18 12:13:24 +01:00
ip_vti.c Import A536BXXU9EXDC 2024-06-15 16:02:09 -03:00
ipcomp.c Import A536BXXU9EXDC 2024-06-15 16:02:09 -03:00
ipconfig.c Import A536BXXU9EXDC 2024-06-15 16:02:09 -03:00
ipip.c Import A536BXXU9EXDC 2024-06-15 16:02:09 -03:00
ipmr.c ipmr: fix tables suspicious RCU usage 2024-12-17 13:24:16 +01:00
ipmr_base.c ipmr: Fix access to mfc_cache_list without lock held 2024-12-17 13:23:58 +01:00
Kconfig Revert "net: tcp: bbrplus for 5.10" 2025-01-17 22:17:46 +01:00
Makefile Revert "net: tcp: bbrplus for 5.10" 2025-01-17 22:17:46 +01:00
metrics.c Import A536BXXU9EXDC 2024-06-15 16:02:09 -03:00
netfilter.c Import A536BXXU9EXDC 2024-06-15 16:02:09 -03:00
netlink.c Import A536BXXU9EXDC 2024-06-15 16:02:09 -03:00
nexthop.c Revert "net: nexthop: Initialize all fields in dumped nexthops" 2024-11-24 00:23:55 +01:00
ping.c Import A536BXXU9EXDC 2024-06-15 16:02:09 -03:00
proc.c Import A536BXXU9EXDC 2024-06-15 16:02:09 -03:00
protocol.c Import A536BXXU9EXDC 2024-06-15 16:02:09 -03:00
raw.c Import A536BXXU9EXDC 2024-06-15 16:02:09 -03:00
raw_diag.c Import A536BXXU9EXDC 2024-06-15 16:02:09 -03:00
route.c Revert "ipv4: Fix incorrect source address in Record Route option" 2024-11-24 00:23:56 +01:00
syncookies.c tcp: fix cookie_init_timestamp() overflows 2024-11-18 11:42:50 +01:00
sysctl_net_ipv4.c tcp: add sysctls for TCP PLB parameters 2024-12-18 15:08:12 +01:00
tcp.c Revert "tcp: add rcv_wnd and plb_rehash to TCP_INFO" 2024-12-18 15:32:40 +01:00
tcp_bbr.c Revert "tcp: add accessors to read/set tp->snd_cwnd" 2024-12-18 15:30:18 +01:00
tcp_bic.c Revert "tcp: add accessors to read/set tp->snd_cwnd" 2024-12-18 15:30:18 +01:00
tcp_bpf.c tcp_bpf: Charge receive socket buffer in bpf_tcp_ingress() 2025-01-15 16:29:48 +01:00
tcp_cdg.c Revert "tcp: add accessors to read/set tp->snd_cwnd" 2024-12-18 15:30:18 +01:00
tcp_cong.c Revert "net-tcp: add fast_ack_mode=1: skip rwin check in tcp_fast_ack_mode__tcp_ack_snd_check()" 2024-12-18 15:32:27 +01:00
tcp_cubic.c Revert "tcp: add accessors to read/set tp->snd_cwnd" 2024-12-18 15:30:18 +01:00
tcp_dctcp.c Revert "tcp: add accessors to read/set tp->snd_cwnd" 2024-12-18 15:30:18 +01:00
tcp_dctcp.h Import A536BXXU9EXDC 2024-06-15 16:02:09 -03:00
tcp_diag.c Import A536BXXU9EXDC 2024-06-15 16:02:09 -03:00
tcp_fastopen.c Import A536BXXU9EXDC 2024-06-15 16:02:09 -03:00
tcp_highspeed.c Revert "tcp: add accessors to read/set tp->snd_cwnd" 2024-12-18 15:30:18 +01:00
tcp_htcp.c Revert "tcp: add accessors to read/set tp->snd_cwnd" 2024-12-18 15:30:18 +01:00
tcp_hybla.c Revert "tcp: add accessors to read/set tp->snd_cwnd" 2024-12-18 15:30:18 +01:00
tcp_illinois.c Revert "tcp: add accessors to read/set tp->snd_cwnd" 2024-12-18 15:30:18 +01:00
tcp_input.c Revert "tcp: tracking packets with CE marks in BW rate sample" 2024-12-18 15:36:41 +01:00
tcp_ipv4.c Revert "tcp: add accessors to read/set tp->snd_cwnd" 2024-12-18 15:30:18 +01:00
tcp_lp.c Revert "tcp: add accessors to read/set tp->snd_cwnd" 2024-12-18 15:30:18 +01:00
tcp_metrics.c Revert "tcp: add accessors to read/set tp->snd_cwnd" 2024-12-18 15:30:18 +01:00
tcp_minisocks.c Revert "tcp: introduce per-route feature RTAX_FEATURE_ECN_LOW" 2024-12-18 15:36:29 +01:00
tcp_nv.c Revert "tcp: add accessors to read/set tp->snd_cwnd" 2024-12-18 15:30:18 +01:00
tcp_offload.c Import A536BXXU9EXDC 2024-06-15 16:02:09 -03:00
tcp_output.c Revert "net: tcp: bbrplus for 5.10" 2025-01-17 22:17:46 +01:00
tcp_rate.c Revert "tcp: tracking packets with CE marks in BW rate sample" 2024-12-18 15:36:41 +01:00
tcp_recovery.c tcp: fix excessive TLP and RACK timeouts from HZ rounding 2024-11-08 11:26:10 +01:00
tcp_scalable.c Revert "tcp: add accessors to read/set tp->snd_cwnd" 2024-12-18 15:30:18 +01:00
tcp_timer.c net-tcp_bbr: broaden app-limited rate sample detection 2024-12-18 15:07:30 +01:00
tcp_ulp.c Import A536BXXU9EXDC 2024-06-15 16:02:09 -03:00
tcp_vegas.c Revert "tcp: add accessors to read/set tp->snd_cwnd" 2024-12-18 15:30:18 +01:00
tcp_vegas.h Import A536BXXU9EXDC 2024-06-15 16:02:09 -03:00
tcp_veno.c Revert "tcp: add accessors to read/set tp->snd_cwnd" 2024-12-18 15:30:18 +01:00
tcp_westwood.c Revert "tcp: add accessors to read/set tp->snd_cwnd" 2024-12-18 15:30:18 +01:00
tcp_yeah.c Revert "tcp: add accessors to read/set tp->snd_cwnd" 2024-12-18 15:30:18 +01:00
tunnel4.c Import A536BXXU9EXDC 2024-06-15 16:02:09 -03:00
udp.c udp: Set SOCK_RCU_FREE earlier in udp_lib_get_port(). 2024-11-19 14:19:43 +01:00
udp_bpf.c Import A536BXXU9EXDC 2024-06-15 16:02:09 -03:00
udp_diag.c Import A536BXXU9EXDC 2024-06-15 16:02:09 -03:00
udp_impl.h Import A536BXXU9EXDC 2024-06-15 16:02:09 -03:00
udp_offload.c BACKPORT: gso: fix udp gso fraglist segmentation after pull from frag_list 2025-01-19 00:09:57 +01:00
udp_tunnel_core.c Import A536BXXU9EXDC 2024-06-15 16:02:09 -03:00
udp_tunnel_nic.c Import A536BXXU9EXDC 2024-06-15 16:02:09 -03:00
udp_tunnel_stub.c Import A536BXXU9EXDC 2024-06-15 16:02:09 -03:00
udplite.c Import A536BXXU9EXDC 2024-06-15 16:02:09 -03:00
xfrm4_input.c xfrm: Preserve vlan tags for transport mode software GRO 2024-11-19 11:32:45 +01:00
xfrm4_output.c Import A536BXXU9EXDC 2024-06-15 16:02:09 -03:00
xfrm4_policy.c xfrm: respect ip protocols rules criteria when performing dst lookups 2024-11-23 23:22:00 +01:00
xfrm4_protocol.c Import A536BXXU9EXDC 2024-06-15 16:02:09 -03:00
xfrm4_state.c Import A536BXXU9EXDC 2024-06-15 16:02:09 -03:00
xfrm4_tunnel.c Import A536BXXU9EXDC 2024-06-15 16:02:09 -03:00