From: Greg Kroah-Hartman Date: Thu, 21 Feb 2019 16:18:21 +0000 (+0100) Subject: drop gso patch from 4.9, 4.14, 4.19, and 4.20 queues X-Git-Tag: v3.18.136~1 X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=b1587af00f9942a798d4302778d0c2e3c06bdc4f;p=thirdparty%2Fkernel%2Fstable-queue.git drop gso patch from 4.9, 4.14, 4.19, and 4.20 queues --- diff --git a/queue-4.14/net-validate-untrusted-gso-packets-without-csum-offload.patch b/queue-4.14/net-validate-untrusted-gso-packets-without-csum-offload.patch deleted file mode 100644 index 98b959d3a46..00000000000 --- a/queue-4.14/net-validate-untrusted-gso-packets-without-csum-offload.patch +++ /dev/null @@ -1,64 +0,0 @@ -From foo@baz Thu Feb 21 07:26:37 CET 2019 -From: Willem de Bruijn -Date: Fri, 15 Feb 2019 12:15:47 -0500 -Subject: net: validate untrusted gso packets without csum offload - -From: Willem de Bruijn - -[ Upstream commit d5be7f632bad0f489879eed0ff4b99bd7fe0b74c ] - -Syzkaller again found a path to a kernel crash through bad gso input. -By building an excessively large packet to cause an skb field to wrap. - -If VIRTIO_NET_HDR_F_NEEDS_CSUM was set this would have been dropped in -skb_partial_csum_set. - -GSO packets that do not set checksum offload are suspicious and rare. -Most callers of virtio_net_hdr_to_skb already pass them to -skb_probe_transport_header. - -Move that test forward, change it to detect parse failure and drop -packets on failure as those cleary are not one of the legitimate -VIRTIO_NET_HDR_GSO types. - -Fixes: bfd5f4a3d605 ("packet: Add GSO/csum offload support.") -Fixes: f43798c27684 ("tun: Allow GSO using virtio_net_hdr") -Reported-by: syzbot -Signed-off-by: Willem de Bruijn -Reviewed-by: Eric Dumazet -Signed-off-by: David S. Miller -Signed-off-by: Greg Kroah-Hartman ---- - include/linux/skbuff.h | 2 +- - include/linux/virtio_net.h | 9 +++++++++ - 2 files changed, 10 insertions(+), 1 deletion(-) - ---- a/include/linux/skbuff.h -+++ b/include/linux/skbuff.h -@@ -2377,7 +2377,7 @@ static inline void skb_probe_transport_h - return; - else if (skb_flow_dissect_flow_keys(skb, &keys, 0)) - skb_set_transport_header(skb, keys.control.thoff); -- else -+ else if (offset_hint >= 0) - skb_set_transport_header(skb, offset_hint); - } - ---- a/include/linux/virtio_net.h -+++ b/include/linux/virtio_net.h -@@ -57,6 +57,15 @@ static inline int virtio_net_hdr_to_skb( - - if (!skb_partial_csum_set(skb, start, off)) - return -EINVAL; -+ } else { -+ /* gso packets without NEEDS_CSUM do not set transport_offset. -+ * probe and drop if does not match one of the above types. -+ */ -+ if (gso_type) { -+ skb_probe_transport_header(skb, -1); -+ if (!skb_transport_header_was_set(skb)) -+ return -EINVAL; -+ } - } - - if (hdr->gso_type != VIRTIO_NET_HDR_GSO_NONE) { diff --git a/queue-4.14/series b/queue-4.14/series index 19622bc00dd..15fd00914b2 100644 --- a/queue-4.14/series +++ b/queue-4.14/series @@ -10,7 +10,6 @@ net-fix-for_each_netdev_feature-on-big-endian.patch net-phy-xgmiitorgmii-support-generic-phy-status-read.patch net-stmmac-fix-a-race-in-eee-enable-callback.patch net-stmmac-handle-endianness-in-dwmac4_get_timestamp.patch -net-validate-untrusted-gso-packets-without-csum-offload.patch sky2-increase-d3-delay-again.patch vhost-correctly-check-the-return-value-of-translate_desc-in-log_used.patch net-add-header-for-usage-of-fls64.patch diff --git a/queue-4.19/net-validate-untrusted-gso-packets-without-csum-offl.patch b/queue-4.19/net-validate-untrusted-gso-packets-without-csum-offl.patch deleted file mode 100644 index 098d7913a3b..00000000000 --- a/queue-4.19/net-validate-untrusted-gso-packets-without-csum-offl.patch +++ /dev/null @@ -1,69 +0,0 @@ -From 6090bbe4cbbd0f0ee07fefaeef143fdcb582d9b5 Mon Sep 17 00:00:00 2001 -From: Willem de Bruijn -Date: Fri, 15 Feb 2019 12:15:47 -0500 -Subject: net: validate untrusted gso packets without csum offload - -[ Upstream commit d5be7f632bad0f489879eed0ff4b99bd7fe0b74c ] - -Syzkaller again found a path to a kernel crash through bad gso input. -By building an excessively large packet to cause an skb field to wrap. - -If VIRTIO_NET_HDR_F_NEEDS_CSUM was set this would have been dropped in -skb_partial_csum_set. - -GSO packets that do not set checksum offload are suspicious and rare. -Most callers of virtio_net_hdr_to_skb already pass them to -skb_probe_transport_header. - -Move that test forward, change it to detect parse failure and drop -packets on failure as those cleary are not one of the legitimate -VIRTIO_NET_HDR_GSO types. - -Fixes: bfd5f4a3d605 ("packet: Add GSO/csum offload support.") -Fixes: f43798c27684 ("tun: Allow GSO using virtio_net_hdr") -Reported-by: syzbot -Signed-off-by: Willem de Bruijn -Reviewed-by: Eric Dumazet -Signed-off-by: David S. Miller -Signed-off-by: Sasha Levin ---- - include/linux/skbuff.h | 2 +- - include/linux/virtio_net.h | 9 +++++++++ - 2 files changed, 10 insertions(+), 1 deletion(-) - -diff --git a/include/linux/skbuff.h b/include/linux/skbuff.h -index 5d69e208e8d91..a404d475acee3 100644 ---- a/include/linux/skbuff.h -+++ b/include/linux/skbuff.h -@@ -2392,7 +2392,7 @@ static inline void skb_probe_transport_header(struct sk_buff *skb, - - if (skb_flow_dissect_flow_keys_basic(skb, &keys, NULL, 0, 0, 0, 0)) - skb_set_transport_header(skb, keys.control.thoff); -- else -+ else if (offset_hint >= 0) - skb_set_transport_header(skb, offset_hint); - } - -diff --git a/include/linux/virtio_net.h b/include/linux/virtio_net.h -index cb462f9ab7dd5..71f2394abbf7c 100644 ---- a/include/linux/virtio_net.h -+++ b/include/linux/virtio_net.h -@@ -57,6 +57,15 @@ static inline int virtio_net_hdr_to_skb(struct sk_buff *skb, - - if (!skb_partial_csum_set(skb, start, off)) - return -EINVAL; -+ } else { -+ /* gso packets without NEEDS_CSUM do not set transport_offset. -+ * probe and drop if does not match one of the above types. -+ */ -+ if (gso_type) { -+ skb_probe_transport_header(skb, -1); -+ if (!skb_transport_header_was_set(skb)) -+ return -EINVAL; -+ } - } - - if (hdr->gso_type != VIRTIO_NET_HDR_GSO_NONE) { --- -2.19.1 - diff --git a/queue-4.19/series b/queue-4.19/series index cd1d16222d2..900fc46975e 100644 --- a/queue-4.19/series +++ b/queue-4.19/series @@ -9,7 +9,6 @@ net-ipv4-use-a-dedicated-counter-for-icmp_v4-redirec.patch net-phy-xgmiitorgmii-support-generic-phy-status-read.patch net-stmmac-fix-a-race-in-eee-enable-callback.patch net-stmmac-handle-endianness-in-dwmac4_get_timestamp.patch -net-validate-untrusted-gso-packets-without-csum-offl.patch sky2-increase-d3-delay-again.patch vhost-correctly-check-the-return-value-of-translate_.patch vsock-cope-with-memory-allocation-failure-at-socket-.patch diff --git a/queue-4.20/net-validate-untrusted-gso-packets-without-csum-offl.patch b/queue-4.20/net-validate-untrusted-gso-packets-without-csum-offl.patch deleted file mode 100644 index c4c95285bf5..00000000000 --- a/queue-4.20/net-validate-untrusted-gso-packets-without-csum-offl.patch +++ /dev/null @@ -1,69 +0,0 @@ -From 22e093afee6d51114e8eaa603bb701c672fc340f Mon Sep 17 00:00:00 2001 -From: Willem de Bruijn -Date: Fri, 15 Feb 2019 12:15:47 -0500 -Subject: net: validate untrusted gso packets without csum offload - -[ Upstream commit d5be7f632bad0f489879eed0ff4b99bd7fe0b74c ] - -Syzkaller again found a path to a kernel crash through bad gso input. -By building an excessively large packet to cause an skb field to wrap. - -If VIRTIO_NET_HDR_F_NEEDS_CSUM was set this would have been dropped in -skb_partial_csum_set. - -GSO packets that do not set checksum offload are suspicious and rare. -Most callers of virtio_net_hdr_to_skb already pass them to -skb_probe_transport_header. - -Move that test forward, change it to detect parse failure and drop -packets on failure as those cleary are not one of the legitimate -VIRTIO_NET_HDR_GSO types. - -Fixes: bfd5f4a3d605 ("packet: Add GSO/csum offload support.") -Fixes: f43798c27684 ("tun: Allow GSO using virtio_net_hdr") -Reported-by: syzbot -Signed-off-by: Willem de Bruijn -Reviewed-by: Eric Dumazet -Signed-off-by: David S. Miller -Signed-off-by: Sasha Levin ---- - include/linux/skbuff.h | 2 +- - include/linux/virtio_net.h | 9 +++++++++ - 2 files changed, 10 insertions(+), 1 deletion(-) - -diff --git a/include/linux/skbuff.h b/include/linux/skbuff.h -index a6d820ad17f07..8e63c166765ef 100644 ---- a/include/linux/skbuff.h -+++ b/include/linux/skbuff.h -@@ -2418,7 +2418,7 @@ static inline void skb_probe_transport_header(struct sk_buff *skb, - - if (skb_flow_dissect_flow_keys_basic(skb, &keys, NULL, 0, 0, 0, 0)) - skb_set_transport_header(skb, keys.control.thoff); -- else -+ else if (offset_hint >= 0) - skb_set_transport_header(skb, offset_hint); - } - -diff --git a/include/linux/virtio_net.h b/include/linux/virtio_net.h -index cb462f9ab7dd5..71f2394abbf7c 100644 ---- a/include/linux/virtio_net.h -+++ b/include/linux/virtio_net.h -@@ -57,6 +57,15 @@ static inline int virtio_net_hdr_to_skb(struct sk_buff *skb, - - if (!skb_partial_csum_set(skb, start, off)) - return -EINVAL; -+ } else { -+ /* gso packets without NEEDS_CSUM do not set transport_offset. -+ * probe and drop if does not match one of the above types. -+ */ -+ if (gso_type) { -+ skb_probe_transport_header(skb, -1); -+ if (!skb_transport_header_was_set(skb)) -+ return -EINVAL; -+ } - } - - if (hdr->gso_type != VIRTIO_NET_HDR_GSO_NONE) { --- -2.19.1 - diff --git a/queue-4.20/series b/queue-4.20/series index f93cd6298fb..34be5502eca 100644 --- a/queue-4.20/series +++ b/queue-4.20/series @@ -10,7 +10,6 @@ net-ip6_gre-initialize-erspan_ver-just-for-erspan-tu.patch net-phy-xgmiitorgmii-support-generic-phy-status-read.patch net-stmmac-fix-a-race-in-eee-enable-callback.patch net-stmmac-handle-endianness-in-dwmac4_get_timestamp.patch -net-validate-untrusted-gso-packets-without-csum-offl.patch sky2-increase-d3-delay-again.patch vhost-correctly-check-the-return-value-of-translate_.patch net-add-header-for-usage-of-fls64.patch diff --git a/queue-4.9/net-validate-untrusted-gso-packets-without-csum-offload.patch b/queue-4.9/net-validate-untrusted-gso-packets-without-csum-offload.patch deleted file mode 100644 index 64baadb5781..00000000000 --- a/queue-4.9/net-validate-untrusted-gso-packets-without-csum-offload.patch +++ /dev/null @@ -1,64 +0,0 @@ -From foo@baz Thu Feb 21 08:41:54 CET 2019 -From: Willem de Bruijn -Date: Fri, 15 Feb 2019 12:15:47 -0500 -Subject: net: validate untrusted gso packets without csum offload - -From: Willem de Bruijn - -[ Upstream commit d5be7f632bad0f489879eed0ff4b99bd7fe0b74c ] - -Syzkaller again found a path to a kernel crash through bad gso input. -By building an excessively large packet to cause an skb field to wrap. - -If VIRTIO_NET_HDR_F_NEEDS_CSUM was set this would have been dropped in -skb_partial_csum_set. - -GSO packets that do not set checksum offload are suspicious and rare. -Most callers of virtio_net_hdr_to_skb already pass them to -skb_probe_transport_header. - -Move that test forward, change it to detect parse failure and drop -packets on failure as those cleary are not one of the legitimate -VIRTIO_NET_HDR_GSO types. - -Fixes: bfd5f4a3d605 ("packet: Add GSO/csum offload support.") -Fixes: f43798c27684 ("tun: Allow GSO using virtio_net_hdr") -Reported-by: syzbot -Signed-off-by: Willem de Bruijn -Reviewed-by: Eric Dumazet -Signed-off-by: David S. Miller -Signed-off-by: Greg Kroah-Hartman ---- - include/linux/skbuff.h | 2 +- - include/linux/virtio_net.h | 9 +++++++++ - 2 files changed, 10 insertions(+), 1 deletion(-) - ---- a/include/linux/skbuff.h -+++ b/include/linux/skbuff.h -@@ -2204,7 +2204,7 @@ static inline void skb_probe_transport_h - return; - else if (skb_flow_dissect_flow_keys(skb, &keys, 0)) - skb_set_transport_header(skb, keys.control.thoff); -- else -+ else if (offset_hint >= 0) - skb_set_transport_header(skb, offset_hint); - } - ---- a/include/linux/virtio_net.h -+++ b/include/linux/virtio_net.h -@@ -38,6 +38,15 @@ static inline int virtio_net_hdr_to_skb( - - if (!skb_partial_csum_set(skb, start, off)) - return -EINVAL; -+ } else { -+ /* gso packets without NEEDS_CSUM do not set transport_offset. -+ * probe and drop if does not match one of the above types. -+ */ -+ if (gso_type) { -+ skb_probe_transport_header(skb, -1); -+ if (!skb_transport_header_was_set(skb)) -+ return -EINVAL; -+ } - } - - if (hdr->gso_type != VIRTIO_NET_HDR_GSO_NONE) { diff --git a/queue-4.9/series b/queue-4.9/series index 3be25fa3559..676bd8b3f17 100644 --- a/queue-4.9/series +++ b/queue-4.9/series @@ -4,7 +4,6 @@ hwmon-lm80-fix-missing-unlock-on-error-in-set_fan_di.patch net-fix-for_each_netdev_feature-on-big-endian.patch net-phy-xgmiitorgmii-support-generic-phy-status-read.patch net-stmmac-handle-endianness-in-dwmac4_get_timestamp.patch -net-validate-untrusted-gso-packets-without-csum-offload.patch sky2-increase-d3-delay-again.patch vhost-correctly-check-the-return-value-of-translate_desc-in-log_used.patch net-add-header-for-usage-of-fls64.patch