mirrors/linux-stable
1
0
Fork 0
mirror of https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git synced 2024-09-28 21:33:52 +00:00
Code Issues Releases Wiki Activity
No description
809804 commits 105 branches 5097 tags 5.5 GiB
C 97.6%
Assembly 1%
Shell 0.5%
Python 0.3%
Makefile 0.3%
Find a file
Dong Chenchen d2309e0cb2 net: nsh: Use correct mac_offset to unwind gso skb in nsh_gso_segment() 
[ Upstream commit c83b49383b ]

As the call trace shows, skb_panic was caused by wrong skb->mac_header
in nsh_gso_segment():

invalid opcode: 0000 [#1] PREEMPT SMP KASAN PTI
CPU: 3 PID: 2737 Comm: syz Not tainted 6.3.0-next-20230505 #1
RIP: 0010:skb_panic+0xda/0xe0
call Trace:
 skb_push+0x91/0xa0
 nsh_gso_segment+0x4f3/0x570
 skb_mac_gso_segment+0x19e/0x270
 __skb_gso_segment+0x1e8/0x3c0
 validate_xmit_skb+0x452/0x890
 validate_xmit_skb_list+0x99/0xd0
 sch_direct_xmit+0x294/0x7c0
 __dev_queue_xmit+0x16f0/0x1d70
 packet_xmit+0x185/0x210
 packet_snd+0xc15/0x1170
 packet_sendmsg+0x7b/0xa0
 sock_sendmsg+0x14f/0x160

The root cause is:
nsh_gso_segment() use skb->network_header - nhoff to reset mac_header
in skb_gso_error_unwind() if inner-layer protocol gso fails.
However, skb->network_header may be reset by inner-layer protocol
gso function e.g. mpls_gso_segment. skb->mac_header reset by the
inaccurate network_header will be larger than skb headroom.

nsh_gso_segment
    nhoff = skb->network_header - skb->mac_header;
    __skb_pull(skb,nsh_len)
    skb_mac_gso_segment
        mpls_gso_segment
            skb_reset_network_header(skb);//skb->network_header+=nsh_len
            return -EINVAL;
    skb_gso_error_unwind
        skb_push(skb, nsh_len);
        skb->mac_header = skb->network_header - nhoff;
        // skb->mac_header > skb->headroom, cause skb_push panic

Use correct mac_offset to restore mac_header and get rid of nhoff.

Fixes: c411ed8545 ("nsh: add GSO support")
Reported-by: syzbot+632b5d9964208bfef8c0@syzkaller.appspotmail.com
Suggested-by: Eric Dumazet <edumazet@google.com>
Signed-off-by: Dong Chenchen <dongchenchen2@huawei.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
Signed-off-by: Sasha Levin <sashal@kernel.org>
2023-05-30 12:42:11 +01:00
arch ARM: dts: s5pv210: correct MIPI CSIS clock name 2023-05-17 11:13:26 +02:00
block
certs
crypto crypto: drbg - Only fail when jent is unavailable in FIPS mode 2023-05-17 11:13:13 +02:00
Documentation media: uapi: add MEDIA_BUS_FMT_METADATA_FIXED media bus format. 2023-05-17 11:13:09 +02:00
drivers drm/exynos: fix g2d_open/close helper function definitions 2023-05-30 12:42:11 +01:00
firmware
fs btrfs: fix space cache inconsistency after error loading it from disk 2023-05-30 12:42:10 +01:00
include ip_gre, ip6_gre: Fix race condition on o_seqno in collect_md mode 2023-05-30 12:42:10 +01:00
init
ipc
kernel relayfs: fix out-of-bounds access in relay_file_read 2023-05-17 11:13:23 +02:00
lib lib: cpu_rmap: Avoid use after free on rmap->obj array entries 2023-05-30 12:42:09 +01:00
LICENSES
mm mm/page_alloc: fix potential deadlock on zonelist_update_seq seqlock 2023-05-17 11:13:28 +02:00
net net: nsh: Use correct mac_offset to unwind gso skb in nsh_gso_segment() 2023-05-30 12:42:11 +01:00
samples
scripts recordmcount: Fix memory leaks in the uwrite function 2023-05-30 12:42:10 +01:00
security selinux: ensure av_permissions.h is built when needed 2023-05-17 11:13:08 +02:00
sound ALSA: caiaq: input: Add error handling for unsupported input methods in snd_usb_caiaq_input_init 2023-05-17 11:13:24 +02:00
tools cpupower: Make TSC read per CPU for Mperf monitor 2023-05-30 12:42:10 +01:00
usr
virt
.clang-format
.cocciconfig
.get_maintainer.ignore
.gitattributes
.gitignore
.mailmap
COPYING
CREDITS
Kbuild
Kconfig
MAINTAINERS intel-ethernet: rename i40evf to iavf 2023-04-05 11:15:32 +02:00
Makefile Linux 4.19.283 2023-05-17 11:13:28 +02:00
README

README 

Linux kernel
============

There are several guides for kernel developers and users. These guides can
be rendered in a number of formats, like HTML and PDF. Please read
Documentation/admin-guide/README.rst first.

In order to build the documentation, use ``make htmldocs`` or
``make pdfdocs``.  The formatted documentation can also be read online at:

    https://www.kernel.org/doc/html/latest/

There are various text files in the Documentation/ subdirectory,
several of them using the Restructured Text markup notation.
See Documentation/00-INDEX for a list of what is contained in each file.

Please read the Documentation/process/changes.rst file, as it contains the
requirements for building and running the kernel, and information about
the problems which may result by upgrading your kernel.