kernel_optimize_test/include/net
Willem de Bruijn cb9f1b7838 ip: validate header length on virtual device xmit
KMSAN detected read beyond end of buffer in vti and sit devices when
passing truncated packets with PF_PACKET. The issue affects additional
ip tunnel devices.

Extend commit 76c0ddd8c3 ("ip6_tunnel: be careful when accessing the
inner header") and commit ccfec9e5cb ("ip_tunnel: be careful when
accessing the inner header").

Move the check to a separate helper and call at the start of each
ndo_start_xmit function in net/ipv4 and net/ipv6.

Minor changes:
- convert dev_kfree_skb to kfree_skb on error path,
  as dev_kfree_skb calls consume_skb which is not for error paths.
- use pskb_network_may_pull even though that is pedantic here,
  as the same as pskb_may_pull for devices without llheaders.
- do not cache ipv6 hdrs if used only once
  (unsafe across pskb_may_pull, was more relevant to earlier patch)

Reported-by: syzbot <syzkaller@googlegroups.com>
Signed-off-by: Willem de Bruijn <willemb@google.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
2019-01-01 12:05:02 -08:00
..
9p 9p: Add refcount to p9_req_t 2018-09-08 01:39:47 +09:00
bluetooth Bluetooth: Errata Service Release 8, Erratum 3253 2018-10-14 10:25:47 +02:00
caif
iucv net/af_iucv: locate IUCV header via skb_network_header() 2018-09-26 09:56:07 -07:00
netfilter netfilter: nf_conncount: speculative garbage collection on empty lists 2018-12-29 02:45:22 +01:00
netns Merge git://git.kernel.org/pub/scm/linux/kernel/git/pablo/nf-next 2018-12-20 18:20:26 -08:00
nfc NFC: Fix the number of pipes 2018-09-18 19:55:01 -07:00
phonet
sctp Merge git://git.kernel.org/pub/scm/linux/kernel/git/davem/net 2018-12-09 21:43:31 -08:00
tc_act Merge ra.kernel.org:/pub/scm/linux/kernel/git/torvalds/linux 2018-07-20 21:17:12 -07:00
6lowpan.h
act_api.h net/sched: Remove egdev mechanism 2018-12-10 15:54:34 -08:00
addrconf.h net/ipv6: Add anycast addresses to a global hashtable 2018-11-02 23:54:56 -07:00
af_ieee802154.h ieee802154: add rx LQI from userspace 2018-07-13 12:18:18 -04:00
af_rxrpc.h rxrpc: Fix life check 2018-11-15 11:35:40 -08:00
af_unix.h net: drop a space before tabs 2018-10-31 12:37:12 -07:00
af_vsock.h vsock: split dwork to avoid reinitializations 2018-08-07 12:39:13 -07:00
ah.h
arp.h
atmclip.h
ax25.h
ax88796.h
bond_3ad.h include/net/bond_3ad: Simplify the code by using the ARRAY_SIZE 2018-08-04 13:23:15 -07:00
bond_alb.h
bond_options.h
bonding.h bonding: avoid possible dead-lock 2018-09-26 20:22:19 -07:00
busy_poll.h net: remove sock_poll_busy_flag 2018-07-30 09:10:25 -07:00
calipso.h
cfg80211-wext.h
cfg80211.h cfg80211: clarify LCI/civic location documentation 2018-12-18 13:15:04 +01:00
cfg802154.h
checksum.h
cipso_ipv4.h
cls_cgroup.h
codel_impl.h
codel_qdisc.h
codel.h
compat.h
datalink.h
dcbevent.h
dcbnl.h net: dcb: Add priority-to-DSCP map getters 2018-07-27 13:17:50 -07:00
devlink.h devlink: Add 'fw_load_policy' generic parameter 2018-12-03 13:55:43 -08:00
dn_dev.h
dn_fib.h
dn_neigh.h
dn_nsp.h
dn_route.h
dn.h
dsa.h net: dsa: ksz: Rename NET_DSA_TAG_KSZ to _KSZ9477 2018-12-16 14:23:33 -08:00
dsfield.h
dst_cache.h
dst_metadata.h
dst_ops.h
dst.h geneve, vxlan: Don't set exceptions if skb->len < mtu 2018-10-17 21:51:13 -07:00
erspan.h
esp.h
ethoc.h
failover.h
fib_notifier.h
fib_rules.h
firewire.h
flow_dissector.h net/flow_dissector: correct comments on enum flow_dissector_key_id 2018-11-30 13:21:52 -08:00
flow.h net: reorder flowi_common fields to avoid holes 2018-11-30 17:12:39 -08:00
fou.h
fq_impl.h
fq.h
garp.h
gen_stats.h net: align gnet_stats_basic_cpu struct 2018-11-17 21:37:29 -08:00
genetlink.h genetlink: constify genl_err_attr() argument 2018-08-29 19:42:52 -07:00
geneve.h net: add netif_is_geneve() 2018-11-07 23:00:23 -08:00
gre.h net: Add netif_is_gretap()/netif_is_ip6gretap() 2018-12-10 15:53:04 -08:00
gro_cells.h
gtp.h
gue.h
hwbm.h
icmp.h net: Convert protocol error handlers from void to int 2018-11-08 17:13:08 -08:00
ieee80211_radiotap.h mac80211: support reporting 0-length PSDU in radiotap 2018-09-05 10:08:25 +02:00
ieee802154_netdev.h
if_inet6.h net/ipv6: Add anycast addresses to a global hashtable 2018-11-02 23:54:56 -07:00
ife.h
ila.h
inet_common.h net: use indirect call wrappers at GRO transport layer 2018-12-15 13:23:02 -08:00
inet_connection_sock.h inet/connection_sock: prefer _THIS_IP_ to current_text_addr 2018-08-14 10:04:36 -07:00
inet_ecn.h inet: Refactor INET_ECN_decapsulate() 2018-10-17 17:45:07 -07:00
inet_frag.h ip: add helpers to process in-order fragments faster. 2018-08-11 17:54:18 -07:00
inet_hashtables.h net: dccp: fix kernel crash on module load 2018-12-24 15:27:56 -08:00
inet_sock.h net: ensure unbound stream socket to be chosen when not in a VRF 2018-11-07 16:12:38 -08:00
inet_timewait_sock.h
inet6_connection_sock.h
inet6_hashtables.h net: allow binding socket in a VRF when there's an unbound socket 2018-11-07 16:12:38 -08:00
inetpeer.h
ip_fib.h net: Don't return invalid table id error when dumping all families 2018-10-24 14:06:25 -07:00
ip_tunnels.h ip: validate header length on virtual device xmit 2019-01-01 12:05:02 -08:00
ip_vs.h ipvs: add assured state for conn templates 2018-07-18 11:26:40 +02:00
ip.h ip: factor out protocol delivery helper 2018-11-07 16:23:05 -08:00
ip6_checksum.h
ip6_fib.h Merge git://git.kernel.org/pub/scm/linux/kernel/git/davem/net 2018-10-19 11:03:06 -07:00
ip6_route.h net: Add struct for fib dump filter 2018-10-16 00:13:12 -07:00
ip6_tunnel.h udp: Support for error handlers of tunnels with arbitrary destination port 2018-11-08 17:13:08 -08:00
ipcomp.h
ipconfig.h
ipv6_frag.h ipv6: remove dependency of nf_defrag_ipv6 on ipv6 module 2018-07-18 11:26:53 +02:00
ipv6.h ipv6: factor out protocol delivery helper 2018-11-07 16:23:05 -08:00
ipx.h
iw_handler.h
kcm.h
l3mdev.h l3mdev: add function to retreive upper master 2018-12-03 14:15:26 -08:00
lag.h net: Add lag.h, net_lag_port_dev_txable() 2018-07-11 23:10:19 -07:00
lapb.h
lib80211.h
llc_c_ac.h
llc_c_ev.h
llc_c_st.h
llc_conn.h
llc_if.h
llc_pdu.h
llc_s_ac.h
llc_s_ev.h
llc_s_st.h
llc_sap.h
llc.h llc: avoid blocking in llc_sap_close() 2018-09-13 09:04:58 -07:00
lwtunnel.h
mac80211.h mac80211: propagate the support for TWT to the driver 2018-12-18 14:18:49 +01:00
mac802154.h
mip6.h
mld.h
mpls_iptunnel.h
mpls.h
mrp.h
ncsi.h
ndisc.h
neighbour.h neighbour: register rtnl doit handler 2018-12-19 13:37:34 -08:00
net_failover.h
net_namespace.h flow_dissector: implements flow dissector BPF hook 2018-09-14 12:04:33 -07:00
net_ratelimit.h
netevent.h net: ipv4: Notify about changes to ip_forward_update_priority 2018-08-01 09:52:30 -07:00
netlabel.h
netlink.h netlink: replace __NLA_ENSURE implementation 2018-10-12 11:00:22 -07:00
netprio_cgroup.h
netrom.h
nexthop.h
nl802154.h
nsh.h
p8022.h
page_pool.h
ping.h
pkt_cls.h net_sched: fold tcf_block_cb_call() into tc_setup_cb_call() 2018-12-14 15:32:19 -08:00
pkt_sched.h net: sched: extend Qdisc with rcu 2018-09-25 20:17:35 -07:00
pptp.h
protocol.h net: Convert protocol error handlers from void to int 2018-11-08 17:13:08 -08:00
psample.h
psnap.h
raw.h net: fix raw socket lookup device bind matching with VRFs 2018-11-07 16:12:39 -08:00
rawv6.h
red.h
regulatory.h cfg80211: make wmm_rule part of the reg_rule structure 2018-08-28 11:11:47 +02:00
request_sock.h
rose.h
route.h net-ipv4: remove 2 always zero parameters from ipv4_redirect() 2018-09-26 20:30:55 -07:00
rsi_91x.h
rtnetlink.h net: Add extack argument to rtnl_create_link 2018-11-06 15:00:45 -08:00
sch_generic.h net: sched: register callbacks for indirect tc block binds 2018-11-11 09:54:52 -08:00
scm.h pids: Compute task_tgid using signal->leader_pid 2018-07-21 10:43:12 -05:00
secure_seq.h
seg6_hmac.h
seg6_local.h bpf: add End.DT6 action to bpf_lwt_seg6_action helper 2018-07-31 09:22:48 +02:00
seg6.h net: seg6.h: remove an unused #include 2018-12-20 16:56:04 -08:00
slhc_vj.h
smc.h
snmp.h
sock_reuseport.h bpf: Enable BPF_PROG_TYPE_SK_REUSEPORT bpf prog in reuseport selection 2018-08-11 01:58:46 +02:00
sock.h sock: Make sock->sk_stamp thread-safe 2019-01-01 09:47:59 -08:00
Space.h
stp.h
strparser.h
switchdev.h net: switchdev: Add extack to switchdev_handle_port_obj_add() callback 2018-12-12 16:34:22 -08:00
tcp_states.h
tcp.h tcp: reduce POLLOUT events caused by TCP_NOTSENT_LOWAT 2018-12-04 21:21:18 -08:00
timewait_sock.h
tipc.h
tls.h Merge git://git.kernel.org/pub/scm/linux/kernel/git/bpf/bpf-next 2018-12-20 17:31:36 -08:00
transp_v6.h ipv6: fold sockcm_cookie into ipcm6_cookie 2018-07-07 10:58:49 +09:00
tso.h
tun_proto.h
udp_tunnel.h udp_tunnel: add config option to bind to a device 2018-12-03 14:15:26 -08:00
udp.h net: Convert protocol error handlers from void to int 2018-11-08 17:13:08 -08:00
udplite.h
vsock_addr.h
vxlan.h vxlan: Add vxlan_fdb_clear_offload() 2018-12-07 12:59:08 -08:00
wext.h
wimax.h
x25.h
x25device.h
xdp_sock.h ethtool: don't allow disabling queues with umem installed 2018-10-05 09:31:01 +02:00
xdp.h xdp: export xdp_rxq_info_unreg_mem_model 2018-08-29 12:25:53 -07:00
xfrm.h Merge git://git.kernel.org/pub/scm/linux/kernel/git/davem/net 2018-12-20 11:53:36 -08:00