iv/linux
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
linux/net
History
Eric Dumazet 06a22d897d bpf: fix access to skb_shared_info->gso_segs 
It is possible we reach bpf_convert_ctx_access() with
si->dst_reg == si->src_reg

Therefore, we need to load BPF_REG_AX before eventually
mangling si->src_reg.

syzbot generated this x86 code :
   3:   55                      push   %rbp
   4:   48 89 e5                mov    %rsp,%rbp
   7:   48 81 ec 00 00 00 00    sub    $0x0,%rsp // Might be avoided ?
   e:   53                      push   %rbx
   f:   41 55                   push   %r13
  11:   41 56                   push   %r14
  13:   41 57                   push   %r15
  15:   6a 00                   pushq  $0x0
  17:   31 c0                   xor    %eax,%eax
  19:   48 8b bf c0 00 00 00    mov    0xc0(%rdi),%rdi
  20:   44 8b 97 bc 00 00 00    mov    0xbc(%rdi),%r10d
  27:   4c 01 d7                add    %r10,%rdi
  2a:   48 0f b7 7f 06          movzwq 0x6(%rdi),%rdi // Crash
  2f:   5b                      pop    %rbx
  30:   41 5f                   pop    %r15
  32:   41 5e                   pop    %r14
  34:   41 5d                   pop    %r13
  36:   5b                      pop    %rbx
  37:   c9                      leaveq
  38:   c3                      retq

Fixes: d9ff286a0f59 ("bpf: allow BPF programs access skb_shared_info->gso_segs field")
Signed-off-by: Eric Dumazet <edumazet@google.com>
Reported-by: syzbot <syzkaller@googlegroups.com>
Signed-off-by: Alexei Starovoitov <ast@kernel.org>
2019-07-23 14:12:37 -07:00
..
6lowpan
6lowpan: no need to check return value of debugfs_create functions
2019-07-06 12:50:01 +02:00
9p
9p pull request for inclusion in 5.13
2019-07-12 17:31:19 -07:00
802
treewide: Replace GPLv2 boilerplate/reference with SPDX - rule 500
2019-06-19 17:09:55 +02:00
8021q
Merge git://git.kernel.org/pub/scm/linux/kernel/git/davem/net
2019-06-22 08:59:24 -04:00
appletalk
treewide: Replace GPLv2 boilerplate/reference with SPDX - rule 372
2019-06-05 17:37:10 +02:00
atm
treewide: Replace GPLv2 boilerplate/reference with SPDX - rule 152
2019-05-30 11:26:32 -07:00
ax25
ax25: fix inconsistent lock state in ax25_destroy_timer
2019-06-16 14:22:37 -07:00
batman-adv
Merge git://git.kernel.org/pub/scm/linux/kernel/git/davem/net
2019-07-08 19:48:57 -07:00
bluetooth
Merge git://git.kernel.org/pub/scm/linux/kernel/git/davem/net-next
2019-07-11 10:55:49 -07:00
bpf
treewide: Replace GPLv2 boilerplate/reference with SPDX - rule 206
2019-05-30 11:29:53 -07:00
bpfilter
Kbuild updates for v5.3
2019-07-12 16:03:16 -07:00
bridge
Merge git://git.kernel.org/pub/scm/linux/kernel/git/davem/net-next
2019-07-11 10:55:49 -07:00
caif
treewide: Replace GPLv2 boilerplate/reference with SPDX - rule 194
2019-05-30 11:29:22 -07:00
can
can: purge socket error queue on sock destruct
2019-06-07 23:03:54 +02:00
ceph
Driver Core and debugfs changes for 5.3-rc1
2019-07-12 12:24:03 -07:00
core
bpf: fix access to skb_shared_info->gso_segs
2019-07-23 14:12:37 -07:00
dcb
treewide: Replace GPLv2 boilerplate/reference with SPDX - rule 201
2019-05-30 11:29:52 -07:00
dccp
ipv6: elide flowlabel check if no exclusive leases exist
2019-07-08 19:38:03 -07:00
decnet
treewide: Replace GPLv2 boilerplate/reference with SPDX - rule 53
2019-05-24 17:36:42 +02:00
dns_resolver
Revert "Merge tag 'keys-acl-20190703' of git://git.kernel.org/pub/scm/linux/kernel/git/dhowells/linux-fs"
2019-07-10 18:43:43 -07:00
dsa
net: dsa: sja1105: Fix missing unlock on error in sk_buff()
2019-07-18 16:32:39 -07:00
ethernet
Merge git://git.kernel.org/pub/scm/linux/kernel/git/davem/net
2019-06-07 11:00:14 -07:00
hsr
hsr: switch ->dellink() to ->ndo_uninit()
2019-07-11 14:37:45 -07:00
ieee802154
inet: fix various use-after-free in defrags units
2019-06-19 11:37:47 -04:00
ife
treewide: Add SPDX license identifier - Makefile/Kconfig
2019-05-21 10:50:46 +02:00
ipv4
bpf: sockmap/tls, close can race with map free
2019-07-22 16:04:17 +02:00
ipv6
ipv6: Unlink sibling route in case of failure
2019-07-18 12:01:43 -07:00
iucv
net/af_iucv: always register net_device notifier
2019-06-19 16:26:33 -04:00
kcm
treewide: Replace GPLv2 boilerplate/reference with SPDX - rule 500
2019-06-19 17:09:55 +02:00
key
Merge git://git.kernel.org/pub/scm/linux/kernel/git/davem/net
2019-07-08 19:48:57 -07:00
l2tp
ipv6: elide flowlabel check if no exclusive leases exist
2019-07-08 19:38:03 -07:00
l3mdev
ipv6: convert major tx path to use RT6_LOOKUP_F_DST_NOREF
2019-06-23 13:24:17 -07:00
lapb
Merge git://git.kernel.org/pub/scm/linux/kernel/git/davem/net
2019-06-17 20:20:36 -07:00
llc
treewide: Replace GPLv2 boilerplate/reference with SPDX - rule 281
2019-06-05 17:36:36 +02:00
mac80211
Merge git://git.kernel.org/pub/scm/linux/kernel/git/davem/net-next
2019-07-11 10:55:49 -07:00
mac802154
treewide: Replace GPLv2 boilerplate/reference with SPDX - rule 174
2019-05-30 11:26:41 -07:00
mpls
mpls: fix af_mpls dependencies for real
2019-06-12 09:42:34 -07:00
ncsi
treewide: Replace GPLv2 boilerplate/reference with SPDX - rule 152
2019-05-30 11:26:32 -07:00
netfilter
Merge git://git.kernel.org/pub/scm/linux/kernel/git/davem/net-next
2019-07-11 10:55:49 -07:00
netlabel
treewide: Replace GPLv2 boilerplate/reference with SPDX - rule 13
2019-05-21 11:28:45 +02:00
netlink
net: remove empty netlink_tap_exit_net
2019-06-14 19:50:33 -07:00
netrom
netrom: fix a memory leak in nr_rx_frame()
2019-07-01 19:00:52 -07:00
nfc
nfc: fix potential illegal memory access
2019-07-08 12:46:24 -07:00
nsh
treewide: Replace GPLv2 boilerplate/reference with SPDX - rule 500
2019-06-19 17:09:55 +02:00
openvswitch
net: openvswitch: do not update max_headroom if new headroom is equal to old headroom
2019-07-12 15:16:58 -07:00
packet
Merge git://git.kernel.org/pub/scm/linux/kernel/git/davem/net
2019-06-27 21:06:39 -07:00
phonet
treewide: Replace GPLv2 boilerplate/reference with SPDX - rule 336
2019-06-05 17:37:07 +02:00
psample
treewide: Replace GPLv2 boilerplate/reference with SPDX - rule 500
2019-06-19 17:09:55 +02:00
qrtr
treewide: Replace GPLv2 boilerplate/reference with SPDX - rule 284
2019-06-05 17:36:37 +02:00
rds
net/rds: Initialize ic->i_fastreg_wrs upon allocation
2019-07-17 12:06:52 -07:00
rfkill
treewide: Replace GPLv2 boilerplate/reference with SPDX - rule 500
2019-06-19 17:09:55 +02:00
rose
treewide: Replace GPLv2 boilerplate/reference with SPDX - rule 152
2019-05-30 11:26:32 -07:00
rxrpc
Merge git://git.kernel.org/pub/scm/linux/kernel/git/davem/net-next
2019-07-11 10:55:49 -07:00
sched
net_sched: unset TCQ_F_CAN_BYPASS when adding filters
2019-07-17 13:34:09 -07:00
sctp
net: sctp: fix warning "NULL check before some freeing functions is not needed"
2019-07-17 12:01:19 -07:00
smc
Merge git://git.kernel.org/pub/scm/linux/kernel/git/davem/net
2019-06-27 21:06:39 -07:00
strparser
Merge git://git.kernel.org/pub/scm/linux/kernel/git/davem/net
2019-06-22 08:59:24 -04:00
sunrpc
Driver Core and debugfs changes for 5.3-rc1
2019-07-12 12:24:03 -07:00
switchdev
treewide: Replace GPLv2 boilerplate/reference with SPDX - rule 152
2019-05-30 11:26:32 -07:00
tipc
tipc: initialize 'validated' field of received packets
2019-07-17 15:24:38 -07:00
tls
bpf: sockmap/tls, close can race with map free
2019-07-22 16:04:17 +02:00
unix
Merge git://git.kernel.org/pub/scm/linux/kernel/git/davem/net
2019-06-07 11:00:14 -07:00
vmw_vsock
vsock/virtio: fix flush of works during the .remove()
2019-07-08 15:35:17 -07:00
wimax
treewide: Replace GPLv2 boilerplate/reference with SPDX - rule 268
2019-06-05 17:30:29 +02:00
wireless
Merge git://git.kernel.org/pub/scm/linux/kernel/git/davem/net-next
2019-07-11 10:55:49 -07:00
x25
treewide: Replace GPLv2 boilerplate/reference with SPDX - rule 41
2019-05-24 17:27:12 +02:00
xdp
xdp: fix potential deadlock on socket mutex
2019-07-12 15:02:21 +02:00
xfrm
Merge git://git.kernel.org/pub/scm/linux/kernel/git/davem/net
2019-07-08 19:48:57 -07:00
compat.c
uio: make import_iovec()/compat_import_iovec() return bytes on success
2019-05-31 15:30:03 -06:00
Kconfig
net: ipv4: move tcp_fastopen server side code to SipHash library
2019-06-17 13:56:26 -07:00
Makefile
net: split out functions related to registering inflight socket files
2019-02-28 08:24:23 -07:00
socket.c
for-5.3/io_uring-20190711
2019-07-13 10:36:53 -07:00
sysctl_net.c
treewide: Add SPDX license identifier for missed files
2019-05-21 10:50:45 +02:00