mirrors/linux-stable
1
0
Fork 0
mirror of https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git synced 2024-10-31 16:38:12 +00:00
Code Issues Releases Wiki Activity
linux-stable/net/xdp
History
Magnus Karlsson 99e3a236dd xsk: Add missing check on user supplied headroom size 
Add a check that the headroom cannot be larger than the available
space in the chunk. In the current code, a malicious user can set the
headroom to a value larger than the chunk size minus the fixed XDP
headroom. That way packets with a length larger than the supported
size in the umem could get accepted and result in an out-of-bounds
write.

Fixes: c0c77d8fb7 ("xsk: add user memory registration support sockopt")
Reported-by: Bui Quang Minh <minhquangbui99@gmail.com>
Signed-off-by: Magnus Karlsson <magnus.karlsson@intel.com>
Signed-off-by: Daniel Borkmann <daniel@iogearbox.net>
Link: https://bugzilla.kernel.org/show_bug.cgi?id=207225
Link: https://lore.kernel.org/bpf/1586849715-23490-1-git-send-email-magnus.karlsson@intel.com
2020-04-15 13:07:18 +02:00
..
Kconfig treewide: Add SPDX license identifier - Makefile/Kconfig 2019-05-21 10:50:46 +02:00
Makefile treewide: Add SPDX license identifier - Makefile/Kconfig 2019-05-21 10:50:46 +02:00
xdp_umem.c xsk: Add missing check on user supplied headroom size 2020-04-15 13:07:18 +02:00
xdp_umem.h xdp: fix hang while unregistering device bound to xdp socket 2019-07-03 15:10:55 +02:00
xsk.c xsk: Fix out of boundary write in __xsk_rcv_memcpy 2020-04-06 21:48:05 +02:00
xsk.h xsk: add support for need_wakeup flag in AF_XDP rings 2019-08-17 23:07:32 +02:00
xsk_diag.c xsk: lock the control mutex in sock_diag interface 2019-09-05 14:11:52 +02:00
xsk_queue.c xsk: Use struct_size() helper 2019-12-20 16:00:09 -08:00
xsk_queue.h xdp: Replace zero-length array with flexible-array member 2020-02-28 12:08:37 -08:00