linux/net/core
Eric Dumazet ab9a9a9e96 net: add more sanity checks to qdisc_pkt_len_init()
One path takes care of SKB_GSO_DODGY, assuming
skb->len is bigger than hdr_len.

virtio_net_hdr_to_skb() does not fully dissect TCP headers,
it only make sure it is at least 20 bytes.

It is possible for an user to provide a malicious 'GSO' packet,
total length of 80 bytes.

- 20 bytes of IPv4 header
- 60 bytes TCP header
- a small gso_size like 8

virtio_net_hdr_to_skb() would declare this packet as a normal
GSO packet, because it would see 40 bytes of payload,
bigger than gso_size.

We need to make detect this case to not underflow
qdisc_skb_cb(skb)->pkt_len.

Fixes: 1def9238d4 ("net_sched: more precise pkt_len computation")
Signed-off-by: Eric Dumazet <edumazet@google.com>
Reviewed-by: Willem de Bruijn <willemb@google.com>
Reviewed-by: David Ahern <dsahern@kernel.org>
Signed-off-by: Paolo Abeni <pabeni@redhat.com>
2024-10-01 11:47:05 +02:00
..
bpf_sk_storage.c netlink: introduce type-checking attribute iteration 2024-03-29 15:06:02 -07:00
datagram.c net: add support for skbs with unreadable frags 2024-09-11 20:44:31 -07:00
dev_addr_lists_test.c net: dev_addr_lists: move locking out of init/exit in kunit 2024-04-15 10:26:35 +01:00
dev_addr_lists.c net: Correct spelling in net/core 2024-08-26 09:37:23 -07:00
dev_ioctl.c netdevice: convert private flags > BIT(31) to bitfields 2024-09-03 11:36:43 +02:00
dev.c net: add more sanity checks to qdisc_pkt_len_init() 2024-10-01 11:47:05 +02:00
dev.h net: softnet_data: Make xmit per task. 2024-06-24 16:41:23 -07:00
devmem.c memory-provider: dmabuf devmem memory provider 2024-09-11 20:44:31 -07:00
devmem.h tcp: RX path for devmem TCP 2024-09-11 20:44:32 -07:00
drop_monitor.c net: add rx_sk to trace_kfree_skb 2024-06-19 12:44:22 +01:00
dst_cache.c net: dst_cache: add two DEBUG_NET warnings 2024-06-03 18:50:09 -07:00
dst.c net: dst: Make dst_destroy() static and return void. 2024-02-06 11:45:53 +01:00
failover.c net: failover: use IFF_NO_ADDRCONF flag to prevent ipv6 addrconf 2022-12-12 15:18:25 -08:00
fib_notifier.c
fib_rules.c net: fib_rules: Enable DSCP selector usage 2024-09-13 21:15:45 -07:00
filter.c bpf-next-6.12 2024-09-21 09:27:50 -07:00
flow_dissector.c net: flow_dissector: use DEBUG_NET_WARN_ON_ONCE 2024-07-18 10:52:17 +02:00
flow_offload.c tc: flower: Enable offload support IPSEC SPI field. 2023-08-02 10:09:32 +01:00
gen_estimator.c net: use unrcu_pointer() helper 2024-06-06 11:52:52 +02:00
gen_stats.c
gro_cells.c net: move netdev_max_backlog to net_hotdata 2024-03-07 21:12:42 -08:00
gro.c net: Add netif_get_gro_max_size helper for GRO 2024-10-01 10:48:51 +02:00
gso.c net: introduce struct net_hotdata 2024-03-07 21:12:41 -08:00
hotdata.c net: move sysctl_mem_pcpu_rsv to net_hotdata 2024-04-30 18:46:52 -07:00
hwbm.c
ieee8021q_helpers.c net: add IEEE 802.1q specific helpers 2024-05-08 10:35:09 +01:00
link_watch.c net: linkwatch: use system_unbound_wq 2024-08-06 12:12:53 -07:00
lwt_bpf.c bpf: lwtunnel: Unmask upper DSCP bits in bpf_lwt_xmit_reroute() 2024-09-09 14:14:52 +01:00
lwtunnel.c
Makefile netdev: support binding dma-buf to netdevice 2024-09-11 20:44:31 -07:00
mp_dmabuf_devmem.h memory-provider: dmabuf devmem memory provider 2024-09-11 20:44:31 -07:00
neighbour.c neighbour: delete redundant judgment statements 2024-08-23 14:27:45 +01:00
net_namespace.c struct fd layout change (and conversion to accessor helpers) 2024-09-23 09:35:36 -07:00
net_test.c pfcp: always set pfcp metadata 2024-04-01 10:49:28 +01:00
net-procfs.c net: make softnet_data.dropped an atomic_t 2024-04-01 11:28:32 +01:00
net-sysfs.c net: sysfs: Fix weird usage of class's namespace relevant fields 2024-09-09 10:30:52 +01:00
net-sysfs.h
net-traces.c udp6: add a missing call into udp_fail_queue_rcv_skb tracepoint 2023-07-07 09:16:52 +01:00
netclassid_cgroup.c cgroup, netclassid: on modifying netclassid in cgroup, only consider the main process. 2023-10-16 16:36:53 -07:00
netdev_rx_queue.c memory-provider: dmabuf devmem memory provider 2024-09-11 20:44:31 -07:00
netdev-genl-gen.c netdev: support binding dma-buf to netdevice 2024-09-11 20:44:31 -07:00
netdev-genl-gen.h netdev: support binding dma-buf to netdevice 2024-09-11 20:44:31 -07:00
netdev-genl.c netdev: add dmabuf introspection 2024-09-11 20:44:32 -07:00
netevent.c
netmem_priv.h page_pool: devmem support 2024-09-11 20:44:31 -07:00
netpoll.c netpoll: remove netpoll_srcu 2024-09-06 18:24:59 -07:00
netprio_cgroup.c
of_net.c net: Explicitly include correct DT includes 2023-07-27 20:33:16 -07:00
page_pool_priv.h memory-provider: dmabuf devmem memory provider 2024-09-11 20:44:31 -07:00
page_pool_user.c netdev: add dmabuf introspection 2024-09-11 20:44:32 -07:00
page_pool.c memory-provider: dmabuf devmem memory provider 2024-09-11 20:44:31 -07:00
pktgen.c Merge git://git.kernel.org/pub/scm/linux/kernel/git/netdev/net 2024-08-29 11:49:10 -07:00
ptp_classifier.c
request_sock.c tcp: make sure init the accept_queue's spinlocks once 2024-01-19 21:13:25 -08:00
rtnetlink.c netdevice: convert private flags > BIT(31) to bitfields 2024-09-03 11:36:43 +02:00
scm.c af_unix: Add dead flag to struct scm_fp_list. 2024-05-10 18:52:45 -07:00
secure_seq.c
selftests.c net: fill in MODULE_DESCRIPTION()s under net/core 2023-10-28 11:29:27 +01:00
skbuff.c net: add support for skbs with unreadable frags 2024-09-11 20:44:31 -07:00
skmsg.c bpf, sockmap: Correct spelling skmsg.c 2024-09-02 18:43:58 +02:00
sock_destructor.h
sock_diag.c net: use unrcu_pointer() helper 2024-06-06 11:52:52 +02:00
sock_map.c bpf-next-6.12-struct-fd 2024-09-24 14:54:26 -07:00
sock_reuseport.c net: core: annotate socks of struct sock_reuseport with __counted_by 2024-08-02 17:16:59 -07:00
sock.c vfs-6.12.file 2024-09-16 09:14:02 +02:00
stream.c net: Return error from sk_stream_wait_connect() if sk_wait_event() fails 2023-12-15 10:48:51 +00:00
sysctl_net_core.c sysctl: treewide: constify the ctl_table argument of proc_handlers 2024-07-24 20:59:29 +02:00
timestamping.c net: Change the API of PHY default timestamp to MAC 2024-07-15 08:02:26 -07:00
tso.c
utils.c net: Correct spelling in net/core 2024-08-26 09:37:23 -07:00
xdp.c xdp: fix invalid wait context of page_pool_destroy() 2024-07-14 20:40:21 -07:00