Ksawlii/kernel_samsung_a53x
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions
kernel_samsung_a53x/drivers/net
History
Eric Dumazet fb9e0fde6e ppp_async: limit MRU to 64K 
[ Upstream commit cb88cb53badb8aeb3955ad6ce80b07b598e310b8 ]

syzbot triggered a warning [1] in __alloc_pages():

WARN_ON_ONCE_GFP(order > MAX_PAGE_ORDER, gfp)

Willem fixed a similar issue in commit c0a2a1b0d631 ("ppp: limit MRU to 64K")

Adopt the same sanity check for ppp_async_ioctl(PPPIOCSMRU)

[1]:

 WARNING: CPU: 1 PID: 11 at mm/page_alloc.c:4543 __alloc_pages+0x308/0x698 mm/page_alloc.c:4543
Modules linked in:
CPU: 1 PID: 11 Comm: kworker/u4:0 Not tainted 6.8.0-rc2-syzkaller-g41bccc98fb79 #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 11/17/2023
Workqueue: events_unbound flush_to_ldisc
pstate: 204000c5 (nzCv daIF +PAN -UAO -TCO -DIT -SSBS BTYPE=--)
 pc : __alloc_pages+0x308/0x698 mm/page_alloc.c:4543
 lr : __alloc_pages+0xc8/0x698 mm/page_alloc.c:4537
sp : ffff800093967580
x29: ffff800093967660 x28: ffff8000939675a0 x27: dfff800000000000
x26: ffff70001272ceb4 x25: 0000000000000000 x24: ffff8000939675c0
x23: 0000000000000000 x22: 0000000000060820 x21: 1ffff0001272ceb8
x20: ffff8000939675e0 x19: 0000000000000010 x18: ffff800093967120
x17: ffff800083bded5c x16: ffff80008ac97500 x15: 0000000000000005
x14: 1ffff0001272cebc x13: 0000000000000000 x12: 0000000000000000
x11: ffff70001272cec1 x10: 1ffff0001272cec0 x9 : 0000000000000001
x8 : ffff800091c91000 x7 : 0000000000000000 x6 : 000000000000003f
x5 : 00000000ffffffff x4 : 0000000000000000 x3 : 0000000000000020
x2 : 0000000000000008 x1 : 0000000000000000 x0 : ffff8000939675e0
Call trace:
  __alloc_pages+0x308/0x698 mm/page_alloc.c:4543
  __alloc_pages_node include/linux/gfp.h:238 [inline]
  alloc_pages_node include/linux/gfp.h:261 [inline]
  __kmalloc_large_node+0xbc/0x1fc mm/slub.c:3926
  __do_kmalloc_node mm/slub.c:3969 [inline]
  __kmalloc_node_track_caller+0x418/0x620 mm/slub.c:4001
  kmalloc_reserve+0x17c/0x23c net/core/skbuff.c:590
  __alloc_skb+0x1c8/0x3d8 net/core/skbuff.c:651
  __netdev_alloc_skb+0xb8/0x3e8 net/core/skbuff.c:715
  netdev_alloc_skb include/linux/skbuff.h:3235 [inline]
  dev_alloc_skb include/linux/skbuff.h:3248 [inline]
  ppp_async_input drivers/net/ppp/ppp_async.c:863 [inline]
  ppp_asynctty_receive+0x588/0x186c drivers/net/ppp/ppp_async.c:341
  tty_ldisc_receive_buf+0x12c/0x15c drivers/tty/tty_buffer.c:390
  tty_port_default_receive_buf+0x74/0xac drivers/tty/tty_port.c:37
  receive_buf drivers/tty/tty_buffer.c:444 [inline]
  flush_to_ldisc+0x284/0x6e4 drivers/tty/tty_buffer.c:494
  process_one_work+0x694/0x1204 kernel/workqueue.c:2633
  process_scheduled_works kernel/workqueue.c:2706 [inline]
  worker_thread+0x938/0xef4 kernel/workqueue.c:2787
  kthread+0x288/0x310 kernel/kthread.c:388
  ret_from_fork+0x10/0x20 arch/arm64/kernel/entry.S:860

Fixes: 1da177e4c3f4 ("Linux-2.6.12-rc2")
Reported-and-tested-by: syzbot+c5da1f087c9e4ec6c933@syzkaller.appspotmail.com
Signed-off-by: Eric Dumazet <edumazet@google.com>
Reviewed-by: Willem de Bruijn <willemb@google.com>
Link: https://lore.kernel.org/r/20240205171004.1059724-1-edumazet@google.com
Signed-off-by: Jakub Kicinski <kuba@kernel.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
2024-11-18 12:13:25 +01:00
..
appletalk Import A536BXXU9EXDC 2024-06-15 16:02:09 -03:00
arcnet arcnet: restoring support for multiple Sohard Arcnet cards 2024-11-18 12:11:39 +01:00
bonding bonding: remove print in bond_verify_device_path 2024-11-18 12:13:23 +01:00
caif Import A536BXXU9EXDC 2024-06-15 16:02:09 -03:00
can can: dev: can_restart(): fix race condition between controller restart and netif_carrier_on() 2024-11-18 11:42:49 +01:00
dropdump Import A536BXXU9EXDC 2024-06-15 16:02:09 -03:00
dsa net: dsa: mv88e6xxx: Fix mv88e6352_serdes_get_stats error path 2024-11-18 12:13:14 +01:00
ethernet net: stmmac: xgmac: fix handling of DPP safety error for DMA channels 2024-11-18 12:13:24 +01:00
fddi Import A536BXXU9EXDC 2024-06-15 16:02:09 -03:00
fjes fjes: fix memleaks in fjes_hw_setup 2024-11-18 12:13:01 +01:00
hamradio Import A536BXXU9EXDC 2024-06-15 16:02:09 -03:00
hippi Import A536BXXU9EXDC 2024-06-15 16:02:09 -03:00
hyperv hv_netvsc: rndis_filter needs to select NLS 2024-11-18 12:11:39 +01:00
ieee802154 net: ieee802154: adf7242: Fix some potential buffer overflow in adf7242_stats_show() 2024-11-18 10:58:29 +01:00
ipa Import A536BXXU9EXDC 2024-06-15 16:02:09 -03:00
ipvlan ipvlan: add ipvlan_route_v6_outbound() helper 2024-11-18 11:43:19 +01:00
mdio Import A536BXXU9EXDC 2024-06-15 16:02:09 -03:00
netdevsim Import A536BXXU9EXDC 2024-06-15 16:02:09 -03:00
pcs Import A536BXXU9EXDC 2024-06-15 16:02:09 -03:00
phy net: phy: micrel: populate .soft_reset for KSZ9131 2024-11-18 12:12:51 +01:00
plip Import A536BXXU9EXDC 2024-06-15 16:02:09 -03:00
ppp ppp_async: limit MRU to 64K 2024-11-18 12:13:25 +01:00
slip Import A536BXXU9EXDC 2024-06-15 16:02:09 -03:00
team team: Fix use-after-free when an option instance allocation fails 2024-11-18 12:11:57 +01:00
usb asix: Add check for usbnet_get_endpoints 2024-11-18 12:12:07 +01:00
vmxnet3 Import A536BXXU9EXDC 2024-06-15 16:02:09 -03:00
vxlan Import A536BXXU9EXDC 2024-06-15 16:02:09 -03:00
wan Import A536BXXU9EXDC 2024-06-15 16:02:09 -03:00
wimax Import A536BXXU9EXDC 2024-06-15 16:02:09 -03:00
wireguard wireguard: use DEV_STATS_INC() 2024-11-18 12:10:54 +01:00
wireless wifi: rtlwifi: rtl8723{be,ae}: using calculate_bit_shift() 2024-11-18 12:13:16 +01:00
xen-netback xen-netback: don't produce zero-size SKB frags 2024-11-18 12:12:45 +01:00
bareudp.c Import A536BXXU9EXDC 2024-06-15 16:02:09 -03:00
dummy.c Import A536BXXU9EXDC 2024-06-15 16:02:09 -03:00
eql.c Import A536BXXU9EXDC 2024-06-15 16:02:09 -03:00
geneve.c Import A536BXXU9EXDC 2024-06-15 16:02:09 -03:00
gtp.c gtp: fix fragmentation needed check with gso 2024-11-18 10:58:30 +01:00
ifb.c Import A536BXXU9EXDC 2024-06-15 16:02:09 -03:00
Kconfig Import A536BXXU9EXDC 2024-06-15 16:02:09 -03:00
LICENSE.SRC Import A536BXXU9EXDC 2024-06-15 16:02:09 -03:00
loopback.c Import A536BXXU9EXDC 2024-06-15 16:02:09 -03:00
macsec.c net: macsec: indicate next pn update when offloading 2024-11-08 11:25:46 +01:00
macvlan.c macvlan: Don't propagate promisc change to lower dev in passthru 2024-11-18 11:43:20 +01:00
macvtap.c Import A536BXXU9EXDC 2024-06-15 16:02:09 -03:00
Makefile Import A536BXXU9EXDC 2024-06-15 16:02:09 -03:00
mdio.c Import A536BXXU9EXDC 2024-06-15 16:02:09 -03:00
mii.c Import A536BXXU9EXDC 2024-06-15 16:02:09 -03:00
net_failover.c Import A536BXXU9EXDC 2024-06-15 16:02:09 -03:00
netconsole.c Import A536BXXU9EXDC 2024-06-15 16:02:09 -03:00
nlmon.c Import A536BXXU9EXDC 2024-06-15 16:02:09 -03:00
ntb_netdev.c Import A536BXXU9EXDC 2024-06-15 16:02:09 -03:00
rionet.c Import A536BXXU9EXDC 2024-06-15 16:02:09 -03:00
sb1000.c Import A536BXXU9EXDC 2024-06-15 16:02:09 -03:00
Space.c Import A536BXXU9EXDC 2024-06-15 16:02:09 -03:00
sungem_phy.c Import A536BXXU9EXDC 2024-06-15 16:02:09 -03:00
tap.c Import A536BXXU9EXDC 2024-06-15 16:02:09 -03:00
thunderbolt.c Import A536BXXU9EXDC 2024-06-15 16:02:09 -03:00
tun.c tun: prevent negative ifindex 2024-11-08 11:26:10 +01:00
veth.c Import A536BXXU9EXDC 2024-06-15 16:02:09 -03:00
virtio_net.c virtio_net: Fix "‘%d’ directive writing between 1 and 11 bytes into a region of size 10" warnings 2024-11-18 12:13:20 +01:00
vrf.c Import A536BXXU9EXDC 2024-06-15 16:02:09 -03:00
vsockmon.c Import A536BXXU9EXDC 2024-06-15 16:02:09 -03:00
xen-netfront.c Import A536BXXU9EXDC 2024-06-15 16:02:09 -03:00