Florian Westphal cf673ed0e0 net: fix fraglist segmentation reference count leak ... Xin Long says: On udp rx path udp_rcv_segment() may do segment where the frag skbs will get the header copied from the head skb in skb_segment_list() by calling __copy_skb_header(), which could overwrite the frag skbs' extensions by __skb_ext_copy() and cause a leak. This issue was found after loading esp_offload where a sec path ext is set in the skb. Fix this by discarding head state of the fraglist skb before replacing its contents. Fixes: 3a1296a38d ("net: Support GRO/GSO fraglist chaining.") Cc: Steffen Klassert <steffen.klassert@secunet.com> Reported-by: Xiumei Mu <xmu@redhat.com> Tested-by: Xin Long <lucien.xin@gmail.com> Signed-off-by: Florian Westphal <fw@strlen.de> Acked-by: Steffen Klassert <steffen.klassert@secunet.com> Signed-off-by: David S. Miller <davem@davemloft.net>		2020-03-30 10:41:58 -07:00
..
6lowpan
9p
802	treewide: Use sizeof_field() macro	2019-12-09 10:36:44 -08:00
8021q	Merge git://git.kernel.org/pub/scm/linux/kernel/git/netdev/net	2020-01-09 12:13:43 -08:00
appletalk
atm	proc: convert everything to "struct proc_ops"	2020-02-04 03:05:26 +00:00
ax25	net: Make sock protocol value checks more specific	2020-01-09 18:41:40 -08:00
batman-adv	batman-adv: Don't schedule OGM for disabled interface	2020-02-18 09:07:55 +01:00
bluetooth	Bluetooth: Fix race condition in hci_release_sock()	2020-01-26 10:34:17 +02:00
bpf	bpf: Allow to change skb mark in test_run	2019-12-18 17:05:58 -08:00
bpfilter	net/bpfilter: fix dprintf usage for /dev/kmsg	2020-03-14 20:58:10 -07:00
bridge	net: bridge: fix stale eth hdr pointer in br_dev_xmit	2020-02-24 11:11:19 -08:00
caif	net: caif: Add lockdep expression to RCU traversal primitive	2020-03-11 22:55:25 -07:00
can	can: j1939: j1939_sk_bind(): take priv after lock is held	2019-12-08 11:52:02 +01:00
ceph	libceph: fix alloc_msg_with_page_vector() memory leaks	2020-03-23 13:07:08 +01:00
core	net: fix fraglist segmentation reference count leak	2020-03-30 10:41:58 -07:00
dcb
dccp	treewide: Use sizeof_field() macro	2019-12-09 10:36:44 -08:00
decnet	net: Make sock protocol value checks more specific	2020-01-09 18:41:40 -08:00
dns_resolver
dsa	net: dsa: tag_8021q: replace dsa_8021q_remove_header with __skb_vlan_pop	2020-03-24 16:19:01 -07:00
ethernet	net: remove eth_change_mtu	2020-01-27 11:09:31 +01:00
ethtool	ethtool: fix reference leak in some *_SET handlers	2020-03-23 21:50:14 -07:00
hsr	hsr: fix general protection fault in hsr_addr_is_self()	2020-03-21 19:49:34 -07:00
ieee802154	nl802154: add missing attribute validation for dev_type	2020-03-03 13:28:48 -08:00
ife
ipv4	udp: initialize is_flist with 0 in udp_gro_receive	2020-03-30 10:35:03 -07:00
ipv6	Merge branch 'master' of git://git.kernel.org/pub/scm/linux/kernel/git/klassert/ipsec	2020-03-27 14:56:55 -07:00
iucv	treewide: Use sizeof_field() macro	2019-12-09 10:36:44 -08:00
kcm
key
l2tp	l2tp: Allow duplicate session creation with UDP	2020-02-04 12:35:49 +01:00
l3mdev
lapb
llc	llc2: Fix return statement of llc_stat_ev_rx_null_dsap_xid_c (and _test_c)	2019-12-20 21:19:36 -08:00
mac80211	mac80211: fix authentication with iwlwifi/mvm	2020-03-29 21:27:44 -07:00
mac802154
mpls	net: ipv6_stub: use ip6_dst_lookup_flow instead of ip6_dst_lookup	2019-12-04 12:27:13 -08:00
mptcp	mptcp: always include dack if possible.	2020-03-05 21:34:42 -08:00
ncsi	net/ncsi: Support for multi host mellanox card	2020-01-09 18:36:22 -08:00
netfilter	net: Fix CONFIG_NET_CLS_ACT=n and CONFIG_NFT_FWD_NETDEV={y, m} build	2020-03-25 12:24:33 -07:00
netlabel	netlabel_domainhash.c: Use built-in RCU list checking	2020-02-18 12:44:23 -08:00
netlink	netlink: allow extack cookie also for error messages	2020-03-16 02:04:24 -07:00
netrom	net: core: add generic lockdep keys	2019-10-24 14:53:48 -07:00
nfc	net: nfc: fix bounds checking bugs on "pipe"	2020-03-05 21:32:42 -08:00
nsh
openvswitch	openvswitch: add missing attribute validation for hash	2020-03-03 13:28:48 -08:00
packet	net/packet: tpacket_rcv: avoid a producer race condition	2020-03-15 00:25:25 -07:00
phonet	net: Remove redundant BUG_ON() check in phonet_pernet	2020-01-03 12:25:50 -08:00
psample	net: psample: fix skb_over_panic	2019-11-26 14:40:13 -08:00
qrtr	net: qrtr: Remove receive worker	2020-01-14 18:36:42 -08:00
rds	net/rds: Track user mapped pages through special API	2020-02-16 18:37:09 -08:00
rfkill	rfkill: Fix incorrect check to avoid NULL pointer dereference	2019-12-16 10:15:49 +01:00
rose	Merge git://git.kernel.org/pub/scm/linux/kernel/git/netdev/net	2020-01-26 10:40:21 +01:00
rxrpc	afs: Fix client call Rx-phase signal handling	2020-03-13 23:04:35 +00:00
sched	net: Fix CONFIG_NET_CLS_ACT=n and CONFIG_NFT_FWD_NETDEV={y, m} build	2020-03-25 12:24:33 -07:00
sctp	sctp: fix possibly using a bad saddr with a given dst	2020-03-29 22:01:43 -07:00
smc	net/smc: cancel event worker during device removal	2020-03-10 15:40:33 -07:00
strparser
sunrpc	xprtrdma: Fix DMA scatter-gather list mapping imbalance	2020-02-13 15:35:33 -05:00
switchdev
tipc	tipc: add missing attribute validation for MTU property	2020-03-03 13:28:49 -08:00
tls	net/tls: Fix to avoid gettig invalid tls record	2020-02-19 16:32:06 -08:00
unix	unix: It's CONFIG_PROC_FS not CONFIG_PROCFS	2020-02-27 11:52:35 -08:00
vmw_vsock	vsock: fix potential deadlock in transport->release()	2020-02-27 12:03:56 -08:00
wimax
wireless	cfg80211: Do not warn on same channel at the end of CSA	2020-03-26 15:50:10 +01:00
x25	net/x25: fix nonblocking connect	2020-01-09 18:39:33 -08:00
xdp	xsk: Publish global consumer pointers when NAPI is finished	2020-02-11 15:51:11 +01:00
xfrm	Merge branch 'master' of git://git.kernel.org/pub/scm/linux/kernel/git/klassert/ipsec	2020-03-27 14:56:55 -07:00
compat.c	y2038: socket: use __kernel_old_timespec instead of timespec	2019-11-15 14:38:29 +01:00
Kconfig	net: Fix CONFIG_NET_CLS_ACT=n and CONFIG_NFT_FWD_NETDEV={y, m} build	2020-03-25 12:24:33 -07:00
Makefile	mptcp: Add MPTCP socket stubs	2020-01-24 13:44:07 +01:00
socket.c	io_uring: make sure accept honor rlimit nofile	2020-03-20 08:48:36 -06:00
sysctl_net.c