linux/net
Andrea Righi f28cd2af22 openvswitch: fix flow actions reallocation
The flow action buffer can be resized if it's not big enough to contain
all the requested flow actions. However, this resize doesn't take into
account the new requested size, the buffer is only increased by a factor
of 2x. This might be not enough to contain the new data, causing a
buffer overflow, for example:

[   42.044472] =============================================================================
[   42.045608] BUG kmalloc-96 (Not tainted): Redzone overwritten
[   42.046415] -----------------------------------------------------------------------------

[   42.047715] Disabling lock debugging due to kernel taint
[   42.047716] INFO: 0x8bf2c4a5-0x720c0928. First byte 0x0 instead of 0xcc
[   42.048677] INFO: Slab 0xbc6d2040 objects=29 used=18 fp=0xdc07dec4 flags=0x2808101
[   42.049743] INFO: Object 0xd53a3464 @offset=2528 fp=0xccdcdebb

[   42.050747] Redzone 76f1b237: cc cc cc cc cc cc cc cc                          ........
[   42.051839] Object d53a3464: 6b 6b 6b 6b 6b 6b 6b 6b 0c 00 00 00 6c 00 00 00  kkkkkkkk....l...
[   42.053015] Object f49a30cc: 6c 00 0c 00 00 00 00 00 00 00 00 03 78 a3 15 f6  l...........x...
[   42.054203] Object acfe4220: 20 00 02 00 ff ff ff ff 00 00 00 00 00 00 00 00   ...............
[   42.055370] Object 21024e91: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00  ................
[   42.056541] Object 070e04c3: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00  ................
[   42.057797] Object 948a777a: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00  ................
[   42.059061] Redzone 8bf2c4a5: 00 00 00 00                                      ....
[   42.060189] Padding a681b46e: 5a 5a 5a 5a 5a 5a 5a 5a                          ZZZZZZZZ

Fix by making sure the new buffer is properly resized to contain all the
requested data.

BugLink: https://bugs.launchpad.net/bugs/1813244
Signed-off-by: Andrea Righi <andrea.righi@canonical.com>
Acked-by: Pravin B Shelar <pshelar@ovn.org>
Signed-off-by: David S. Miller <davem@davemloft.net>
2019-03-28 17:15:44 -07:00
..
6lowpan 6lowpan: fix debugfs_simple_attr.cocci warnings 2019-01-22 09:51:19 +01:00
9p 9p/net: fix memory leak in p9_client_create 2019-03-13 11:50:04 +01:00
802
8021q net: Remove switchdev.h inclusion from team/bond/vlan 2019-02-24 17:40:46 -08:00
appletalk appletalk: Fix potential NULL pointer dereference in unregister_snap_client 2019-03-15 11:25:48 -07:00
atm net: atm: Add another IS_ENABLED(CONFIG_COMPAT) in atm_dev_ioctl 2019-03-07 10:14:50 -08:00
ax25 ax25: fix possible use-after-free 2019-01-23 11:18:00 -08:00
batman-adv batman-adv: Fix genl notification for throughput_override 2019-03-25 09:31:19 +01:00
bluetooth Bluetooth: Add quirk for reading BD_ADDR from fwnode property 2019-02-26 10:08:26 +01:00
bpf bpf: fix warning about using plain integer as NULL 2019-03-08 21:17:07 +01:00
bpfilter bpfilter: re-add header search paths to tools include to fix build error 2019-02-23 13:34:40 -08:00
bridge netfilter: bridge: set skb transport_header before entering NF_INET_PRE_ROUTING 2019-03-18 16:21:54 +01:00
caif net: caif: use skb helpers instead of open-coding them 2019-02-17 11:01:17 -08:00
can can: bcm: check timer values before ktime conversion 2019-01-22 11:33:46 +01:00
ceph libceph: wait for latest osdmap in ceph_monc_blacklist_add() 2019-03-20 16:27:40 +01:00
core netns: provide pure entropy for net_hash_mix() 2019-03-28 17:00:45 -07:00
dcb
dccp dccp: do not use ipv6 header for ipv4 flow 2019-03-19 14:01:40 -07:00
decnet Merge git://git.kernel.org/pub/scm/linux/kernel/git/davem/net 2019-01-29 21:18:54 -08:00
dns_resolver
dsa net: dsa: Implement flow_dissect callback for tag_qca 2019-03-28 16:57:19 -07:00
ethernet net/ethernet: Add parse_protocol header_ops support 2019-02-22 12:55:31 -08:00
hsr net/hsr: fix possible crash in add_timer() 2019-03-07 11:02:08 -08:00
ieee802154 net: remove unused struct inet_frag_queue.fragments field 2019-02-26 08:27:05 -08:00
ife
ipv4 tcp: Don't access TCP_SKB_CB before initializing it 2019-03-11 15:36:49 -07:00
ipv6 ila: Fix rhashtable walker list corruption 2019-03-27 22:46:16 -07:00
iucv
kcm kcm: Remove unnecessary SLAB_PANIC for kmem_cache_create() in kcm_init 2019-02-23 13:46:24 -08:00
key af_key: unconditionally clone on broadcast 2019-02-12 10:36:42 +01:00
l2tp l2tp: fix infoleak in l2tp_ip6_recvmsg() 2019-03-13 14:19:35 -07:00
l3mdev l3mdev: add function to retreive upper master 2018-12-03 14:15:26 -08:00
lapb
llc
mac80211 Merge git://git.kernel.org/pub/scm/linux/kernel/git/davem/net 2019-02-24 12:06:19 -08:00
mac802154
mpls mpls: Fix 6PE forwarding 2019-03-19 16:00:22 -07:00
ncsi net: ncsi: fix a missing check for nla_nest_start 2019-03-16 11:44:33 -07:00
netfilter netfilter: nf_tables: add missing ->release_ops() in error path of newrule() 2019-03-20 08:32:58 +01:00
netlabel netlabel: fix out-of-bounds memory accesses 2019-02-27 21:45:24 -08:00
netlink genetlink: Fix a memory leak on error path 2019-03-21 09:29:06 -07:00
netrom netrom: switch to sock timer API 2019-01-27 10:38:04 -08:00
nfc nfc: Fix to check for kmemdup failure 2019-03-19 13:48:07 -07:00
nsh
openvswitch openvswitch: fix flow actions reallocation 2019-03-28 17:15:44 -07:00
packet net/packet: Set __GFP_NOWARN upon allocation in alloc_pg_vec 2019-03-20 10:46:50 -07:00
phonet phonet: fix building with clang 2019-02-21 16:23:56 -08:00
psample
qrtr mm: replace all open encodings for NUMA_NO_NODE 2019-03-05 21:07:14 -08:00
rds 5.1 Merge Window Pull Request 2019-03-09 15:53:03 -08:00
rfkill rfkill: gpio: Remove unused include 2018-12-18 13:13:56 +01:00
rose net: rose: fix a possible stack overflow 2019-03-18 16:53:22 -07:00
rxrpc rxrpc: avoid clang -Wuninitialized warning 2019-03-23 21:48:30 -04:00
sched net: sched: Kconfig: update reference link for PIE 2019-03-26 11:17:09 -07:00
sctp sctp: use memdup_user instead of vmemdup_user 2019-03-20 11:09:47 -07:00
smc Merge branch 'work.misc' of git://git.kernel.org/pub/scm/linux/kernel/git/viro/vfs 2019-03-12 13:27:20 -07:00
strparser net: strparser: fix a missing check for create_singlethread_workqueue 2019-03-15 12:51:56 -07:00
sunrpc SUNRPC: fix uninitialized variable warning 2019-03-26 13:04:32 -07:00
switchdev switchdev: Remove unused transaction item queue 2019-03-01 21:35:19 -08:00
tipc tipc: change to check tipc_own_id to return in tipc_net_stop 2019-03-26 11:21:20 -07:00
tls net/tls: Inform user space about send buffer availability 2019-03-13 14:16:44 -07:00
unix io_uring-2019-03-06 2019-03-08 14:48:40 -08:00
vmw_vsock vsock/virtio: fix kernel panic from virtio_transport_reset_no_sock 2019-03-08 15:15:44 -08:00
wimax
wireless Merge remote-tracking branch 'net-next/master' into mac80211-next 2019-02-22 13:48:13 +01:00
x25 net/x25: reset state in x25_connect() 2019-03-11 15:40:14 -07:00
xdp xsk: fix umem memory leak on cleanup 2019-03-16 01:27:51 +01:00
xfrm xfrm: Fix inbound traffic via XFRM interfaces across network namespaces 2019-02-18 10:58:54 +01:00
compat.c Merge branch 'timers-2038-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip 2019-03-05 14:08:26 -08:00
Kconfig net: devlink: turn devlink into a built-in 2019-02-26 08:49:05 -08:00
Makefile net: split out functions related to registering inflight socket files 2019-02-28 08:24:23 -07:00
socket.c net: add documentation to socket.c 2019-03-15 15:29:47 -07:00
sysctl_net.c