mirrors/linux-stable
1
0
Fork 0
mirror of https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git synced 2024-09-12 21:57:43 +00:00
Code Issues Releases Wiki Activity
linux-stable/net/core
History
Eric Dumazet adcac7370d tcp: fix tcp_set_congestion_control() use from bpf hook 
[ Upstream commit 8d650cdeda ]

Neal reported incorrect use of ns_capable() from bpf hook.

bpf_setsockopt(...TCP_CONGESTION...)
  -> tcp_set_congestion_control()
   -> ns_capable(sock_net(sk)->user_ns, CAP_NET_ADMIN)
    -> ns_capable_common()
     -> current_cred()
      -> rcu_dereference_protected(current->cred, 1)

Accessing 'current' in bpf context makes no sense, since packets
are processed from softirq context.

As Neal stated : The capability check in tcp_set_congestion_control()
was written assuming a system call context, and then was reused from
a BPF call site.

The fix is to add a new parameter to tcp_set_congestion_control(),
so that the ns_capable() call is only performed under the right
context.

Fixes: 91b5b21c7c ("bpf: Add support for changing congestion control")
Signed-off-by: Eric Dumazet <edumazet@google.com>
Cc: Lawrence Brakmo <brakmo@fb.com>
Reported-by: Neal Cardwell <ncardwell@google.com>
Acked-by: Neal Cardwell <ncardwell@google.com>
Acked-by: Lawrence Brakmo <brakmo@fb.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
2019-07-31 07:28:46 +02:00
..
datagram.c net: datagram: fix unbounded loop in __skb_try_recv_datagram() 2019-04-03 06:25:08 +02:00
dev.c net-gro: fix use-after-free read in napi_gro_frags() 2019-06-09 09:18:10 +02:00
dev_addr_lists.c net: fix uninit-value in __hw_addr_add_ex() 2018-05-16 10:10:23 +02:00
dev_ioctl.c License cleanup: add SPDX GPL-2.0 license identifier to files with no license 2017-11-02 11:10:55 +01:00
devlink.c devlink: Remove redundant free on error path 2018-03-31 18:10:39 +02:00
drop_monitor.c drop_monitor: use setup_timer 2017-03-12 23:47:16 -07:00
dst.c net: check type when freeing metadata dst 2017-08-21 10:57:38 -07:00
dst_cache.c
ethtool.c ethtool: check the return value of get_regs_len 2019-06-11 12:21:51 +02:00
fib_notifier.c net: Add module reference to FIB notifiers 2017-09-01 20:33:42 -07:00
fib_rules.c Revert "fib_rules: return 0 directly if an exactly same rule exists when NLM_F_EXCL not supplied" 2019-06-11 12:21:47 +02:00
filter.c tcp: fix tcp_set_congestion_control() use from bpf hook 2019-07-31 07:28:46 +02:00
flow_dissector.c flow_dissector: do not dissect l4 ports for fragments 2018-11-23 08:19:25 +01:00
gen_estimator.c net_sched: gen_estimator: fix broken estimators based on percpu stats 2018-03-08 22:41:13 -08:00
gen_stats.c gen_stats: Fix netlink stats dumping in the presence of padding 2018-07-25 11:25:09 +02:00
gro_cells.c gro_cells: make sure device is up in gro_cells_receive() 2019-03-19 13:13:21 +01:00
hwbm.c
link_watch.c
lwt_bpf.c bpf: in __bpf_redirect_no_mac pull mac only if present 2019-01-23 08:09:50 +01:00
lwtunnel.c ipv6: sr: define core operations for seg6local lightweight tunnel 2017-08-07 14:16:22 -07:00
Makefile License cleanup: add SPDX GPL-2.0 license identifier to files with no license 2017-11-02 11:10:55 +01:00
neighbour.c net: neigh: fix multiple neigh timer scheduling 2019-07-31 07:28:45 +02:00
net-procfs.c License cleanup: add SPDX GPL-2.0 license identifier to files with no license 2017-11-02 11:10:55 +01:00
net-sysfs.c net-sysfs: call dev_hold if kobject_init_and_add success 2019-04-03 06:25:09 +02:00
net-sysfs.h License cleanup: add SPDX GPL-2.0 license identifier to files with no license 2017-11-02 11:10:55 +01:00
net-traces.c License cleanup: add SPDX GPL-2.0 license identifier to files with no license 2017-11-02 11:10:55 +01:00
net_namespace.c netns: provide pure entropy for net_hash_mix() 2019-04-17 08:37:50 +02:00
netclassid_cgroup.c cgroup, netclassid: add a preemption point to write_classid 2018-11-13 11:14:56 -08:00
netevent.c
netpoll.c netpoll: Fix device name check in netpoll_setup() 2017-07-26 17:01:43 -07:00
netprio_cgroup.c net: break include loop netdevice.h, dsa.h, devlink.h 2017-03-28 22:46:04 -07:00
pktgen.c pktgen: do not sleep with the thread lock held. 2019-06-11 12:21:45 +02:00
ptp_classifier.c
request_sock.c ipv4: Namespaceify tcp_max_syn_backlog knob 2016-12-29 11:38:31 -05:00
rtnetlink.c rtnetlink: ndo_dflt_fdb_dump() only work for ARPHRD_ETHER devices 2018-12-17 09:28:47 +01:00
scm.c sched/headers: Prepare for new header dependencies before moving code to <linux/sched/user.h> 2017-03-02 08:42:29 +01:00
secure_seq.c tcp: Namespaceify sysctl_tcp_timestamps 2017-06-08 10:53:29 -04:00
skbuff.c bpf: sockmap, fix use after free from sleep in psock backlog workqueue 2019-07-21 09:04:18 +02:00
sock.c net: remove duplicate fetch in sock_getsockopt 2019-07-03 13:16:01 +02:00
sock_diag.c net: core: fix module type in sock_diag_bind 2018-01-17 09:45:21 +01:00
sock_reuseport.c soreuseport: fix mem leak in reuseport_add_sock() 2018-02-13 10:19:48 +01:00
stream.c License cleanup: add SPDX GPL-2.0 license identifier to files with no license 2017-11-02 11:10:55 +01:00
sysctl_net_core.c bpf: introduce BPF_JIT_ALWAYS_ON config 2018-01-31 14:03:49 +01:00
timestamping.c
tso.c License cleanup: add SPDX GPL-2.0 license identifier to files with no license 2017-11-02 11:10:55 +01:00
utils.c Merge git://git.kernel.org/pub/scm/linux/kernel/git/davem/net-next 2017-05-02 16:40:27 -07:00