+++ /dev/null
-From foo@baz Thu Feb 21 07:26:37 CET 2019
-From: Willem de Bruijn <willemb@google.com>
-Date: Fri, 15 Feb 2019 12:15:47 -0500
-Subject: net: validate untrusted gso packets without csum offload
-
-From: Willem de Bruijn <willemb@google.com>
-
-[ Upstream commit d5be7f632bad0f489879eed0ff4b99bd7fe0b74c ]
-
-Syzkaller again found a path to a kernel crash through bad gso input.
-By building an excessively large packet to cause an skb field to wrap.
-
-If VIRTIO_NET_HDR_F_NEEDS_CSUM was set this would have been dropped in
-skb_partial_csum_set.
-
-GSO packets that do not set checksum offload are suspicious and rare.
-Most callers of virtio_net_hdr_to_skb already pass them to
-skb_probe_transport_header.
-
-Move that test forward, change it to detect parse failure and drop
-packets on failure as those cleary are not one of the legitimate
-VIRTIO_NET_HDR_GSO types.
-
-Fixes: bfd5f4a3d605 ("packet: Add GSO/csum offload support.")
-Fixes: f43798c27684 ("tun: Allow GSO using virtio_net_hdr")
-Reported-by: syzbot <syzkaller@googlegroups.com>
-Signed-off-by: Willem de Bruijn <willemb@google.com>
-Reviewed-by: Eric Dumazet <edumazet@google.com>
-Signed-off-by: David S. Miller <davem@davemloft.net>
-Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
----
- include/linux/skbuff.h | 2 +-
- include/linux/virtio_net.h | 9 +++++++++
- 2 files changed, 10 insertions(+), 1 deletion(-)
-
---- a/include/linux/skbuff.h
-+++ b/include/linux/skbuff.h
-@@ -2377,7 +2377,7 @@ static inline void skb_probe_transport_h
- return;
- else if (skb_flow_dissect_flow_keys(skb, &keys, 0))
- skb_set_transport_header(skb, keys.control.thoff);
-- else
-+ else if (offset_hint >= 0)
- skb_set_transport_header(skb, offset_hint);
- }
-
---- a/include/linux/virtio_net.h
-+++ b/include/linux/virtio_net.h
-@@ -57,6 +57,15 @@ static inline int virtio_net_hdr_to_skb(
-
- if (!skb_partial_csum_set(skb, start, off))
- return -EINVAL;
-+ } else {
-+ /* gso packets without NEEDS_CSUM do not set transport_offset.
-+ * probe and drop if does not match one of the above types.
-+ */
-+ if (gso_type) {
-+ skb_probe_transport_header(skb, -1);
-+ if (!skb_transport_header_was_set(skb))
-+ return -EINVAL;
-+ }
- }
-
- if (hdr->gso_type != VIRTIO_NET_HDR_GSO_NONE) {
net-phy-xgmiitorgmii-support-generic-phy-status-read.patch
net-stmmac-fix-a-race-in-eee-enable-callback.patch
net-stmmac-handle-endianness-in-dwmac4_get_timestamp.patch
-net-validate-untrusted-gso-packets-without-csum-offload.patch
sky2-increase-d3-delay-again.patch
vhost-correctly-check-the-return-value-of-translate_desc-in-log_used.patch
net-add-header-for-usage-of-fls64.patch
+++ /dev/null
-From 6090bbe4cbbd0f0ee07fefaeef143fdcb582d9b5 Mon Sep 17 00:00:00 2001
-From: Willem de Bruijn <willemb@google.com>
-Date: Fri, 15 Feb 2019 12:15:47 -0500
-Subject: net: validate untrusted gso packets without csum offload
-
-[ Upstream commit d5be7f632bad0f489879eed0ff4b99bd7fe0b74c ]
-
-Syzkaller again found a path to a kernel crash through bad gso input.
-By building an excessively large packet to cause an skb field to wrap.
-
-If VIRTIO_NET_HDR_F_NEEDS_CSUM was set this would have been dropped in
-skb_partial_csum_set.
-
-GSO packets that do not set checksum offload are suspicious and rare.
-Most callers of virtio_net_hdr_to_skb already pass them to
-skb_probe_transport_header.
-
-Move that test forward, change it to detect parse failure and drop
-packets on failure as those cleary are not one of the legitimate
-VIRTIO_NET_HDR_GSO types.
-
-Fixes: bfd5f4a3d605 ("packet: Add GSO/csum offload support.")
-Fixes: f43798c27684 ("tun: Allow GSO using virtio_net_hdr")
-Reported-by: syzbot <syzkaller@googlegroups.com>
-Signed-off-by: Willem de Bruijn <willemb@google.com>
-Reviewed-by: Eric Dumazet <edumazet@google.com>
-Signed-off-by: David S. Miller <davem@davemloft.net>
-Signed-off-by: Sasha Levin <sashal@kernel.org>
----
- include/linux/skbuff.h | 2 +-
- include/linux/virtio_net.h | 9 +++++++++
- 2 files changed, 10 insertions(+), 1 deletion(-)
-
-diff --git a/include/linux/skbuff.h b/include/linux/skbuff.h
-index 5d69e208e8d91..a404d475acee3 100644
---- a/include/linux/skbuff.h
-+++ b/include/linux/skbuff.h
-@@ -2392,7 +2392,7 @@ static inline void skb_probe_transport_header(struct sk_buff *skb,
-
- if (skb_flow_dissect_flow_keys_basic(skb, &keys, NULL, 0, 0, 0, 0))
- skb_set_transport_header(skb, keys.control.thoff);
-- else
-+ else if (offset_hint >= 0)
- skb_set_transport_header(skb, offset_hint);
- }
-
-diff --git a/include/linux/virtio_net.h b/include/linux/virtio_net.h
-index cb462f9ab7dd5..71f2394abbf7c 100644
---- a/include/linux/virtio_net.h
-+++ b/include/linux/virtio_net.h
-@@ -57,6 +57,15 @@ static inline int virtio_net_hdr_to_skb(struct sk_buff *skb,
-
- if (!skb_partial_csum_set(skb, start, off))
- return -EINVAL;
-+ } else {
-+ /* gso packets without NEEDS_CSUM do not set transport_offset.
-+ * probe and drop if does not match one of the above types.
-+ */
-+ if (gso_type) {
-+ skb_probe_transport_header(skb, -1);
-+ if (!skb_transport_header_was_set(skb))
-+ return -EINVAL;
-+ }
- }
-
- if (hdr->gso_type != VIRTIO_NET_HDR_GSO_NONE) {
---
-2.19.1
-
net-phy-xgmiitorgmii-support-generic-phy-status-read.patch
net-stmmac-fix-a-race-in-eee-enable-callback.patch
net-stmmac-handle-endianness-in-dwmac4_get_timestamp.patch
-net-validate-untrusted-gso-packets-without-csum-offl.patch
sky2-increase-d3-delay-again.patch
vhost-correctly-check-the-return-value-of-translate_.patch
vsock-cope-with-memory-allocation-failure-at-socket-.patch
+++ /dev/null
-From 22e093afee6d51114e8eaa603bb701c672fc340f Mon Sep 17 00:00:00 2001
-From: Willem de Bruijn <willemb@google.com>
-Date: Fri, 15 Feb 2019 12:15:47 -0500
-Subject: net: validate untrusted gso packets without csum offload
-
-[ Upstream commit d5be7f632bad0f489879eed0ff4b99bd7fe0b74c ]
-
-Syzkaller again found a path to a kernel crash through bad gso input.
-By building an excessively large packet to cause an skb field to wrap.
-
-If VIRTIO_NET_HDR_F_NEEDS_CSUM was set this would have been dropped in
-skb_partial_csum_set.
-
-GSO packets that do not set checksum offload are suspicious and rare.
-Most callers of virtio_net_hdr_to_skb already pass them to
-skb_probe_transport_header.
-
-Move that test forward, change it to detect parse failure and drop
-packets on failure as those cleary are not one of the legitimate
-VIRTIO_NET_HDR_GSO types.
-
-Fixes: bfd5f4a3d605 ("packet: Add GSO/csum offload support.")
-Fixes: f43798c27684 ("tun: Allow GSO using virtio_net_hdr")
-Reported-by: syzbot <syzkaller@googlegroups.com>
-Signed-off-by: Willem de Bruijn <willemb@google.com>
-Reviewed-by: Eric Dumazet <edumazet@google.com>
-Signed-off-by: David S. Miller <davem@davemloft.net>
-Signed-off-by: Sasha Levin <sashal@kernel.org>
----
- include/linux/skbuff.h | 2 +-
- include/linux/virtio_net.h | 9 +++++++++
- 2 files changed, 10 insertions(+), 1 deletion(-)
-
-diff --git a/include/linux/skbuff.h b/include/linux/skbuff.h
-index a6d820ad17f07..8e63c166765ef 100644
---- a/include/linux/skbuff.h
-+++ b/include/linux/skbuff.h
-@@ -2418,7 +2418,7 @@ static inline void skb_probe_transport_header(struct sk_buff *skb,
-
- if (skb_flow_dissect_flow_keys_basic(skb, &keys, NULL, 0, 0, 0, 0))
- skb_set_transport_header(skb, keys.control.thoff);
-- else
-+ else if (offset_hint >= 0)
- skb_set_transport_header(skb, offset_hint);
- }
-
-diff --git a/include/linux/virtio_net.h b/include/linux/virtio_net.h
-index cb462f9ab7dd5..71f2394abbf7c 100644
---- a/include/linux/virtio_net.h
-+++ b/include/linux/virtio_net.h
-@@ -57,6 +57,15 @@ static inline int virtio_net_hdr_to_skb(struct sk_buff *skb,
-
- if (!skb_partial_csum_set(skb, start, off))
- return -EINVAL;
-+ } else {
-+ /* gso packets without NEEDS_CSUM do not set transport_offset.
-+ * probe and drop if does not match one of the above types.
-+ */
-+ if (gso_type) {
-+ skb_probe_transport_header(skb, -1);
-+ if (!skb_transport_header_was_set(skb))
-+ return -EINVAL;
-+ }
- }
-
- if (hdr->gso_type != VIRTIO_NET_HDR_GSO_NONE) {
---
-2.19.1
-
net-phy-xgmiitorgmii-support-generic-phy-status-read.patch
net-stmmac-fix-a-race-in-eee-enable-callback.patch
net-stmmac-handle-endianness-in-dwmac4_get_timestamp.patch
-net-validate-untrusted-gso-packets-without-csum-offl.patch
sky2-increase-d3-delay-again.patch
vhost-correctly-check-the-return-value-of-translate_.patch
net-add-header-for-usage-of-fls64.patch
+++ /dev/null
-From foo@baz Thu Feb 21 08:41:54 CET 2019
-From: Willem de Bruijn <willemb@google.com>
-Date: Fri, 15 Feb 2019 12:15:47 -0500
-Subject: net: validate untrusted gso packets without csum offload
-
-From: Willem de Bruijn <willemb@google.com>
-
-[ Upstream commit d5be7f632bad0f489879eed0ff4b99bd7fe0b74c ]
-
-Syzkaller again found a path to a kernel crash through bad gso input.
-By building an excessively large packet to cause an skb field to wrap.
-
-If VIRTIO_NET_HDR_F_NEEDS_CSUM was set this would have been dropped in
-skb_partial_csum_set.
-
-GSO packets that do not set checksum offload are suspicious and rare.
-Most callers of virtio_net_hdr_to_skb already pass them to
-skb_probe_transport_header.
-
-Move that test forward, change it to detect parse failure and drop
-packets on failure as those cleary are not one of the legitimate
-VIRTIO_NET_HDR_GSO types.
-
-Fixes: bfd5f4a3d605 ("packet: Add GSO/csum offload support.")
-Fixes: f43798c27684 ("tun: Allow GSO using virtio_net_hdr")
-Reported-by: syzbot <syzkaller@googlegroups.com>
-Signed-off-by: Willem de Bruijn <willemb@google.com>
-Reviewed-by: Eric Dumazet <edumazet@google.com>
-Signed-off-by: David S. Miller <davem@davemloft.net>
-Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
----
- include/linux/skbuff.h | 2 +-
- include/linux/virtio_net.h | 9 +++++++++
- 2 files changed, 10 insertions(+), 1 deletion(-)
-
---- a/include/linux/skbuff.h
-+++ b/include/linux/skbuff.h
-@@ -2204,7 +2204,7 @@ static inline void skb_probe_transport_h
- return;
- else if (skb_flow_dissect_flow_keys(skb, &keys, 0))
- skb_set_transport_header(skb, keys.control.thoff);
-- else
-+ else if (offset_hint >= 0)
- skb_set_transport_header(skb, offset_hint);
- }
-
---- a/include/linux/virtio_net.h
-+++ b/include/linux/virtio_net.h
-@@ -38,6 +38,15 @@ static inline int virtio_net_hdr_to_skb(
-
- if (!skb_partial_csum_set(skb, start, off))
- return -EINVAL;
-+ } else {
-+ /* gso packets without NEEDS_CSUM do not set transport_offset.
-+ * probe and drop if does not match one of the above types.
-+ */
-+ if (gso_type) {
-+ skb_probe_transport_header(skb, -1);
-+ if (!skb_transport_header_was_set(skb))
-+ return -EINVAL;
-+ }
- }
-
- if (hdr->gso_type != VIRTIO_NET_HDR_GSO_NONE) {
net-fix-for_each_netdev_feature-on-big-endian.patch
net-phy-xgmiitorgmii-support-generic-phy-status-read.patch
net-stmmac-handle-endianness-in-dwmac4_get_timestamp.patch
-net-validate-untrusted-gso-packets-without-csum-offload.patch
sky2-increase-d3-delay-again.patch
vhost-correctly-check-the-return-value-of-translate_desc-in-log_used.patch
net-add-header-for-usage-of-fls64.patch
projects / thirdparty / kernel / stable-queue.git / commitdiff
