linux/net/ipv6
Eric Dumazet ac6e780070 tcp: take care of truncations done by sk_filter()
With syzkaller help, Marco Grassi found a bug in TCP stack,
crashing in tcp_collapse()

Root cause is that sk_filter() can truncate the incoming skb,
but TCP stack was not really expecting this to happen.
It probably was expecting a simple DROP or ACCEPT behavior.

We first need to make sure no part of TCP header could be removed.
Then we need to adjust TCP_SKB_CB(skb)->end_seq

Many thanks to syzkaller team and Marco for giving us a reproducer.

Signed-off-by: Eric Dumazet <edumazet@google.com>
Reported-by: Marco Grassi <marco.gra@gmail.com>
Reported-by: Vladis Dronov <vdronov@redhat.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
2016-11-13 12:30:02 -05:00
..
ila ila: make nla_policy const 2016-09-01 14:09:01 -07:00
netfilter netfilter: nft_dup: do not use sreg_dev if the user doesn't specify it 2016-10-31 13:17:38 +01:00
addrconf_core.c
addrconf.c ipv6: properly prevent temp_prefered_lft sysctl race 2016-10-20 14:29:11 -04:00
addrlabel.c
af_inet6.c tcp: Set read_sock and peek_len proto_ops 2016-08-28 23:32:41 -04:00
ah6.c
anycast.c
calipso.c calipso: fix resource leak on calipso_genopt failure 2016-08-13 14:56:17 -07:00
datagram.c sock: propagate __sock_cmsg_send() error 2016-05-16 13:46:23 -04:00
esp6.c
exthdrs_core.c ipv6: constify the skb pointer of ipv6_find_tlv(). 2016-06-27 15:06:15 -04:00
exthdrs_offload.c
exthdrs.c Merge branch 'stable-4.8' of git://git.infradead.org/users/pcmoore/selinux into next 2016-07-07 10:15:34 +10:00
fib6_rules.c net: flow: Add l3mdev flow update 2016-09-10 23:12:51 -07:00
fou6.c fou: add Kconfig options for IPv6 support 2016-05-29 22:24:21 -07:00
icmp.c net: icmp6_send should use dst dev to determine L3 domain 2016-11-07 20:30:19 -05:00
inet6_connection_sock.c
inet6_hashtables.c inet: Fix missing return value in inet6_hash 2016-10-29 12:01:49 -04:00
ip6_checksum.c ipv6: fix checksum annotation in udp6_csum_init 2016-06-14 15:26:42 -04:00
ip6_fib.c ipv6: report NLM_F_CREATE and NLM_F_EXCL flags in RTM_NEWROUTE events 2016-09-09 16:50:23 -07:00
ip6_flowlabel.c ipv6: add new struct ipcm6_cookie 2016-05-03 16:08:14 -04:00
ip6_gre.c Merge git://git.kernel.org/pub/scm/linux/kernel/git/davem/net 2016-10-02 22:20:41 -04:00
ip6_icmp.c ipv6: icmp: add a force_saddr param to icmp6_send() 2016-06-18 22:11:38 -07:00
ip6_input.c net: vrf: ipv6 support for local traffic to local addresses 2016-06-08 00:25:38 -07:00
ip6_offload.c net: add recursion limit to GRO 2016-10-20 14:32:22 -04:00
ip6_offload.h
ip6_output.c ipv6: Don't use ufo handling on later transformed packets 2016-10-31 13:10:41 -04:00
ip6_tunnel.c ip6_tunnel: Update skb->protocol to ETH_P_IPV6 in ip6_tnl_xmit() 2016-10-29 14:49:31 -04:00
ip6_udp_tunnel.c ip6_udp_tunnel: remove unused IPCB related codes 2016-11-02 15:18:36 -04:00
ip6_vti.c Merge git://git.kernel.org/pub/scm/linux/kernel/git/davem/net 2016-09-23 06:46:57 -04:00
ip6mr.c ipmr, ip6mr: fix scheduling while atomic and a deadlock with ipmr_get_route 2016-09-25 23:41:39 -04:00
ipcomp6.c
ipv6_sockglue.c ipv6: fix a potential deadlock in do_ipv6_setsockopt() 2016-10-21 11:29:02 -04:00
Kconfig fou: fix IPv6 Kconfig options 2016-05-31 14:07:49 -07:00
Makefile Merge branch 'stable-4.8' of git://git.infradead.org/users/pcmoore/selinux into next 2016-07-07 10:15:34 +10:00
mcast_snoop.c
mcast.c ipv6: fix a potential deadlock in do_ipv6_setsockopt() 2016-10-21 11:29:02 -04:00
mip6.c
ndisc.c net: l3mdev: remove redundant calls 2016-09-10 23:12:52 -07:00
netfilter.c
output_core.c net: l3mdev: Add hook to output path 2016-09-10 23:12:52 -07:00
ping.c udp: must lock the socket in udp_disconnect() 2016-10-20 14:45:52 -04:00
proc.c proc: Reduce cache miss in snmp6_seq_show 2016-09-30 01:50:44 -04:00
protocol.c
raw.c udp: must lock the socket in udp_disconnect() 2016-10-20 14:45:52 -04:00
reassembly.c ipv6: do not increment mac header when it's unset 2016-10-23 17:38:58 -04:00
route.c net-ipv6: on device mtu change do not add mtu to mtu-less routes 2016-11-09 13:19:32 -05:00
sit.c sit: make function ipip6_valid_ip_proto() static 2016-08-12 21:52:18 -07:00
syncookies.c
sysctl_net_ipv6.c calipso: Add a label cache. 2016-06-27 15:06:17 -04:00
tcp_ipv6.c tcp: take care of truncations done by sk_filter() 2016-11-13 12:30:02 -05:00
tcpv6_offload.c
tunnel6.c
udp_impl.h ipv6: udp: remove udp_v6_clear_sk() 2016-08-23 23:23:50 -07:00
udp_offload.c gso: Remove arbitrary checks for unsupported GSO 2016-05-20 18:03:15 -04:00
udp.c udp: fix IP_CHECKSUM handling 2016-10-26 17:33:22 -04:00
udplite.c Merge git://git.kernel.org/pub/scm/linux/kernel/git/davem/net 2016-08-30 00:54:02 -04:00
xfrm6_input.c vti6: fix input path 2016-09-21 10:09:14 +02:00
xfrm6_mode_beet.c
xfrm6_mode_ro.c
xfrm6_mode_transport.c
xfrm6_mode_tunnel.c
xfrm6_output.c
xfrm6_policy.c Merge git://git.kernel.org/pub/scm/linux/kernel/git/davem/net 2016-09-12 15:52:44 -07:00
xfrm6_protocol.c
xfrm6_state.c
xfrm6_tunnel.c vti6: fix input path 2016-09-21 10:09:14 +02:00