mirrors
/
linux-stable
mirror of https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
1
0
Fork 0
Code Issues Releases Wiki Activity
linux-stable/net
History
Tetsuo Handa df0da3fc13 net/ieee802154: don't warn zero-sized raw_sendmsg() 
[ Upstream commit b12e924a2f ]

syzbot is hitting skb_assert_len() warning at __dev_queue_xmit() [1],
for PF_IEEE802154 socket's zero-sized raw_sendmsg() request is hitting
__dev_queue_xmit() with skb->len == 0.

Since PF_IEEE802154 socket's zero-sized raw_sendmsg() request was
able to return 0, don't call __dev_queue_xmit() if packet length is 0.

  ----------
  #include <sys/socket.h>
  #include <netinet/in.h>

  int main(int argc, char *argv[])
  {
    struct sockaddr_in addr = { .sin_family = AF_INET, .sin_addr.s_addr = htonl(INADDR_LOOPBACK) };
    struct iovec iov = { };
    struct msghdr hdr = { .msg_name = &addr, .msg_namelen = sizeof(addr), .msg_iov = &iov, .msg_iovlen = 1 };
    sendmsg(socket(PF_IEEE802154, SOCK_RAW, 0), &hdr, 0);
    return 0;
  }
  ----------

Note that this might be a sign that commit fd18942244 ("bpf: Don't
redirect packets with invalid pkt_len") should be reverted, for
skb->len == 0 was acceptable for at least PF_IEEE802154 socket.

Link: https://syzkaller.appspot.com/bug?extid=5ea725c25d06fb9114c4 [1]
Reported-by: syzbot <syzbot+5ea725c25d06fb9114c4@syzkaller.appspotmail.com>
Fixes: fd18942244 ("bpf: Don't redirect packets with invalid pkt_len")
Signed-off-by: Tetsuo Handa <penguin-kernel@I-love.SAKURA.ne.jp>
Signed-off-by: Alexander Aring <aahringo@redhat.com>
Link: https://lore.kernel.org/r/20221005014750.3685555-2-aahringo@redhat.com
Signed-off-by: Stefan Schmidt <stefan@datenfreihafen.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
 		2022-10-24 09:58:30 +02:00
..
6lowpan
9p net/9p: Initialize the iounit field during fid creation 2022-08-17 15:16:09 +02:00
802
8021q vlan: fix memory leak in vlan_newlink() 2022-07-09 12:26:59 +01:00
appletalk
atm
ax25 ax25: fix incorrect dev_tracker usage 2022-08-17 15:14:57 +02:00
batman-adv batman-adv: Fix hang up with small MTU hard-interface 2022-09-28 11:32:08 +02:00
bluetooth Bluetooth: L2CAP: Fix user-after-free 2022-10-24 09:58:16 +02:00
bpf bpf: Don't redirect packets with invalid pkt_len 2022-09-05 10:31:28 +02:00
bpfilter
bridge netfilter: ebtables: fix memory leak when blob is malformed 2022-09-28 11:32:18 +02:00
caif caif: Fix bitmap data type in "struct caifsock" 2022-07-22 12:51:45 +01:00
can can: bcm: check the result of can_send() in bcm_can_tx() 2022-10-24 09:58:14 +02:00
ceph libceph: use swap() macro instead of taking tmp variable 2022-05-25 20:45:13 +02:00
core net: If sock is dead don't access sock's sk_wq in sk_stream_wait_memory 2022-10-24 09:58:15 +02:00
dcb
dccp dccp: put dccp_qpolicy_full() and dccp_qpolicy_push() in the same lock 2022-08-17 15:14:59 +02:00
decnet net: Fix data-races around sysctl_[rw]mem(_offset)?. 2022-07-25 12:42:09 +01:00
dns_resolver
dsa net: dsa: hellcreek: Print warning only once 2022-09-20 12:43:48 +02:00
ethernet
ethtool ethtool: Fix get module eeprom fallback 2022-06-17 20:22:16 -07:00
hsr
ieee802154 net/ieee802154: don't warn zero-sized raw_sendmsg() 2022-10-24 09:58:30 +02:00
ife
ipv4 net-next: Fix IP_UNICAST_IF option behavior for connected sockets 2022-10-24 09:58:12 +02:00
ipv6 netfilter: nft_fib: Fix for rpath check with VRF devices 2022-10-24 09:57:14 +02:00
iucv
kcm kcm: fix strp_init() order and cleanup 2022-09-08 11:24:00 +02:00
key af_key: Do not call xfrm_probe_algs in parallel 2022-08-31 17:18:01 +02:00
l2tp ipv6: Fix signed integer overflow in l2tp_ip6_sendmsg 2022-06-08 10:56:43 -07:00
l3mdev
lapb
llc
mac80211 wifi: mac80211: allow bw change during channel switch in mesh 2022-10-24 09:57:05 +02:00
mac802154 net: mac802154: Fix a condition in the receive path 2022-09-08 11:24:07 +02:00
mctp mctp: prevent double key removal and unref 2022-10-15 08:01:45 +02:00
mpls net: Use u64_stats_fetch_begin_irq() for stats fetch. 2022-09-08 11:24:06 +02:00
mptcp mptcp: fix unreleased socket in accept queue 2022-10-05 10:40:45 +02:00
ncsi net/ncsi: use proper "mellanox" DT vendor prefix 2022-06-23 20:51:06 -07:00
netfilter netfilter: conntrack: revisit the gc initial rescheduling bias 2022-10-24 09:57:11 +02:00
netlabel
netlink net: genl: fix error path memory leak in policy dumping 2022-08-25 11:45:34 +02:00
netrom
nfc net: nfc: Directly use ida_alloc()/free() 2022-05-28 15:28:47 +01:00
nsh
openvswitch openvswitch: Fix overreporting of drops in dropwatch 2022-10-24 09:58:11 +02:00
packet net/af_packet: check len when min_header_len equals to 0 2022-09-05 10:31:36 +02:00
phonet
psample
qrtr net: qrtr: start MHI channel after endpoit creation 2022-08-25 11:45:32 +02:00
rds net: rds: don't hold sock lock when cancelling work from rds_tcp_reset_callbacks() 2022-10-24 09:57:15 +02:00
rfkill
rose rose: check NULL rose_loopback_neigh->loopback 2022-08-31 17:18:02 +02:00
rxrpc rxrpc: Fix an insufficiently large sglist in rxkad_verify_packet_2() 2022-09-15 10:47:15 +02:00
sched net: sched: act_ct: fix possible refcount leak in tcf_ct_init() 2022-10-05 10:40:51 +02:00
sctp sctp: handle the error returned from sctp_auth_asoc_init_active_key 2022-10-24 09:57:14 +02:00
smc net/smc: Stop the CLC flow if no link to map buffers on 2022-09-28 11:32:20 +02:00
strparser
sunrpc Revert "SUNRPC: Remove unreachable error condition" 2022-09-23 14:14:02 +02:00
switchdev
tipc tipc: fix shift wrapping bug in map_get() 2022-09-15 10:47:15 +02:00
tls net/tls: Remove the context from the list in tls_device_down 2022-07-24 21:40:56 +01:00
unix af_unix: Fix memory leaks of the whole sk due to OOB skb. 2022-10-24 09:57:15 +02:00
vmw_vsock vhost/vsock: Use kvmalloc/kvfree for larger packets. 2022-10-24 09:57:14 +02:00
wireless wifi: cfg80211: get correct AP link chandef 2022-10-24 09:57:05 +02:00
x25 x25: remove redundant pointer dev 2022-05-10 11:59:22 +02:00
xdp xsk: Fix backpressure mechanism on Tx 2022-10-24 09:57:06 +02:00
xfrm xfrm: Update ipcomp_scratches with NULL when freed 2022-10-24 09:58:12 +02:00
Kconfig
Kconfig.debug net: CONFIG_DEBUG_NET depends on CONFIG_NET 2022-06-02 10:15:05 -07:00
Makefile
compat.c
devres.c
socket.c net: Fix a data-race around sysctl_somaxconn. 2022-08-31 17:18:10 +02:00
sysctl_net.c