xiaomi-sm8450/android_kernel_xiaomi_sm8450
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
b51e4422952b5c98dad46caa017c233ac783679f
android_kernel_xiaomi_sm8450/net/ipv4
History
Eric Dumazet f8cec30541 erspan: do not use skb_mac_header() in ndo_start_xmit() 
[ Upstream commit 8e50ed774554f93d55426039b27b1e38d7fa64d8 ]

Drivers should not assume skb_mac_header(skb) == skb->data in their
ndo_start_xmit().

Use skb_network_offset() and skb_transport_offset() which
better describe what is needed in erspan_fb_xmit() and
ip6erspan_tunnel_xmit()

syzbot reported:
WARNING: CPU: 0 PID: 5083 at include/linux/skbuff.h:2873 skb_mac_header include/linux/skbuff.h:2873 [inline]
WARNING: CPU: 0 PID: 5083 at include/linux/skbuff.h:2873 ip6erspan_tunnel_xmit+0x1d9c/0x2d90 net/ipv6/ip6_gre.c:962
Modules linked in:
CPU: 0 PID: 5083 Comm: syz-executor406 Not tainted 6.3.0-rc2-syzkaller-00866-gd4671cb96fa3 #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/02/2023
RIP: 0010:skb_mac_header include/linux/skbuff.h:2873 [inline]
RIP: 0010:ip6erspan_tunnel_xmit+0x1d9c/0x2d90 net/ipv6/ip6_gre.c:962
Code: 04 02 41 01 de 84 c0 74 08 3c 03 0f 8e 1c 0a 00 00 45 89 b4 24 c8 00 00 00 c6 85 77 fe ff ff 01 e9 33 e7 ff ff e8 b4 27 a1 f8 <0f> 0b e9 b6 e7 ff ff e8 a8 27 a1 f8 49 8d bf f0 0c 00 00 48 b8 00
RSP: 0018:ffffc90003b2f830 EFLAGS: 00010293
RAX: 0000000000000000 RBX: 000000000000ffff RCX: 0000000000000000
RDX: ffff888021273a80 RSI: ffffffff88e1bd4c RDI: 0000000000000003
RBP: ffffc90003b2f9d8 R08: 0000000000000003 R09: 000000000000ffff
R10: 000000000000ffff R11: 0000000000000000 R12: ffff88802b28da00
R13: 00000000000000d0 R14: ffff88807e25b6d0 R15: ffff888023408000
FS: 0000555556a61300(0000) GS:ffff8880b9800000(0000) knlGS:0000000000000000
CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 000055e5b11eb6e8 CR3: 0000000027c1b000 CR4: 00000000003506f0
DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
Call Trace:
<TASK>
__netdev_start_xmit include/linux/netdevice.h:4900 [inline]
netdev_start_xmit include/linux/netdevice.h:4914 [inline]
__dev_direct_xmit+0x504/0x730 net/core/dev.c:4300
dev_direct_xmit include/linux/netdevice.h:3088 [inline]
packet_xmit+0x20a/0x390 net/packet/af_packet.c:285
packet_snd net/packet/af_packet.c:3075 [inline]
packet_sendmsg+0x31a0/0x5150 net/packet/af_packet.c:3107
sock_sendmsg_nosec net/socket.c:724 [inline]
sock_sendmsg+0xde/0x190 net/socket.c:747
__sys_sendto+0x23a/0x340 net/socket.c:2142
__do_sys_sendto net/socket.c:2154 [inline]
__se_sys_sendto net/socket.c:2150 [inline]
__x64_sys_sendto+0xe1/0x1b0 net/socket.c:2150
do_syscall_x64 arch/x86/entry/common.c:50 [inline]
do_syscall_64+0x39/0xb0 arch/x86/entry/common.c:80
entry_SYSCALL_64_after_hwframe+0x63/0xcd
RIP: 0033:0x7f123aaa1039
Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 b1 14 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 c0 ff ff ff f7 d8 64 89 01 48
RSP: 002b:00007ffc15d12058 EFLAGS: 00000246 ORIG_RAX: 000000000000002c
RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 00007f123aaa1039
RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000003
RBP: 0000000000000000 R08: 0000000020000040 R09: 0000000000000014
R10: 0000000000000000 R11: 0000000000000246 R12: 00007f123aa648c0
R13: 431bde82d7b634db R14: 0000000000000000 R15: 0000000000000000

Fixes: 1baf5ebf89 ("erspan: auto detect truncated packets.")
Reported-by: syzbot <syzkaller@googlegroups.com>
Signed-off-by: Eric Dumazet <edumazet@google.com>
Reviewed-by: Simon Horman <simon.horman@corigine.com>
Link: https://lore.kernel.org/r/20230320163427.8096-1-edumazet@google.com
Signed-off-by: Jakub Kicinski <kuba@kernel.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
2023-04-05 11:23:35 +02:00
..
bpfilter
net: Revert "net: optimize the sockptr_t for unified kernel/user address spaces"
2020-08-10 12:06:44 -07:00
netfilter
netfilter: tproxy: fix deadlock due to missing BH disable
2023-03-17 08:45:11 +01:00
af_inet.c
net: remove cmsg restriction from io_uring based send/recvmsg calls
2023-01-04 11:39:24 +01:00
ah4.c
xfrm: Use actual socket sk instead of skb socket for xfrm_output_resume
2021-04-14 08:42:05 +02:00
arp.c
ipv4: Invalidate neighbour for broadcast address upon address addition
2022-04-13 21:00:57 +02:00
bpf_tcp_ca.c
bpf: Change bpf_sk_storage_*() to accept ARG_PTR_TO_BTF_ID_SOCK_COMMON
2020-09-25 13:58:01 -07:00
cipso_ipv4.c
cipso: Fix data-races around sysctl.
2022-07-21 21:20:08 +02:00
datagram.c
udp: Update reuse->has_conns under reuseport_lock.
2022-10-30 09:41:19 +01:00
devinet.c
net: socket: remove register_gifconf
2022-09-28 11:10:35 +02:00
esp4_offload.c
xfrm: replay: Fix ESN wrap around for GSO
2022-12-02 17:39:58 +01:00
esp4.c
esp: limit skb_page_frag_refill use to a single page
2022-04-27 13:53:48 +02:00
fib_frontend.c
ipv4: Fix incorrect table ID in IOCTL path
2023-03-22 13:30:00 +01:00
fib_lookup.h
net: add net available in build_state
2020-03-29 22:30:57 -07:00
fib_notifier.c
net: fib_notifier: propagate extack down to the notifier block callback
2019-10-04 11:10:56 -07:00
fib_rules.c
ipv4: convert fib_num_tclassid_users to atomic_t
2021-12-08 09:03:26 +01:00
fib_semantics.c
ipv4: prevent potential spectre v1 gadget in fib_metrics_match()
2023-02-01 08:23:25 +01:00
fib_trie.c
ipv4: Fix error return code in fib_table_insert()
2022-12-02 17:40:01 +01:00
fou.c
genetlink: move to smaller ops wherever possible
2020-10-02 19:11:11 -07:00
gre_demux.c
erspan: fix version 1 check in gre_parse_header()
2021-01-12 20:18:12 +01:00
gre_offload.c
net: gre: recompute gre csum for sctp over gre tunnels
2020-08-03 15:29:44 -07:00
icmp.c
ip: Fix data-races around sysctl_ip_no_pmtu_disc.
2022-07-29 17:19:12 +02:00
igmp.c
igmp: Fix data-races around sysctl_igmp_qrv.
2022-08-03 12:00:46 +02:00
inet_connection_sock.c
tcp: Fix listen() regression in 5.10.163
2023-03-11 16:40:19 +01:00
inet_diag.c
inet_diag: fix kernel-infoleak for UDP sockets
2021-12-22 09:30:53 +01:00
inet_fragment.c
inet: frags: annotate races around fqdir->dead and fqdir->high_thresh
2022-01-27 10:54:33 +01:00
inet_hashtables.c
inet: fix fast path in __inet_hash_connect()
2023-03-11 16:39:50 +01:00
inet_timewait_sock.c
tcp: avoid the lookup process failing to get sk in ehash table
2023-02-01 08:23:15 +01:00
inetpeer.c
inetpeer: Fix data-races around sysctl.
2022-07-21 21:20:07 +02:00
ip_forward.c
ip: Fix data-races around sysctl_ip_fwd_update_priority.
2022-07-29 17:19:12 +02:00
ip_fragment.c
inet: frags: annotate races around fqdir->dead and fqdir->high_thresh
2022-01-27 10:54:33 +01:00
ip_gre.c
erspan: do not use skb_mac_header() in ndo_start_xmit()
2023-04-05 11:23:35 +02:00
ip_input.c
xfrm: fix "disable_policy" on ipv4 early demux
2022-12-02 17:39:58 +01:00
ip_options.c
net: clean up codestyle for net/ipv4
2020-08-25 06:28:02 -07:00
ip_output.c
net: Fix data-races around sysctl_[rw]mem_(max|default).
2022-08-31 17:15:19 +02:00
ip_sockglue.c
net: Fix data-races around sysctl_optmem_max.
2022-08-31 17:15:20 +02:00
ip_tunnel_core.c
tunnels: do not assume mac header is set in skb_tunnel_check_pmtu()
2022-07-07 17:52:19 +02:00
ip_tunnel.c
net: tunnels: annotate lockless accesses to dev->needed_headroom
2023-03-22 13:29:58 +01:00
ip_vti.c
net: always use icmp{,v6}_ndo_send from ndo_start_xmit
2021-03-17 17:06:12 +01:00
ipcomp.c
ipcomp: assign if_id to child tunnel from parent tunnel
2020-07-09 12:55:37 +02:00
ipconfig.c
net: ipconfig: Don't override command-line hostnames or domains
2021-06-18 10:00:05 +02:00
ipip.c
net: ipip: implement header_ops->parse_protocol for AF_PACKET
2020-06-30 12:29:39 -07:00
ipmr_base.c
net: fib_notifier: propagate extack down to the notifier block callback
2019-10-04 11:10:56 -07:00
ipmr.c
ipmr,ip6mr: acquire RTNL before calling ip[6]mr_free_table() on failure path
2022-02-16 12:54:25 +01:00
Kconfig
tcp: configurable source port perturb table size
2022-12-02 17:40:05 +01:00
Makefile
udp_tunnel: add central NIC RX port offload infrastructure
2020-07-10 13:54:00 -07:00
metrics.c
ipv4: prevent potential spectre v1 gadget in ip_metrics_convert()
2023-02-01 08:23:24 +01:00
netfilter.c
netfilter: use actual socket sk rather than skb sk when routing harder
2020-10-30 12:57:39 +01:00
netlink.c
treewide: Add SPDX license identifier for missed files
2019-05-21 10:50:45 +02:00
nexthop.c
nh: fix scope used to find saddr when adding non gw nh
2022-11-03 23:57:54 +09:00
ping.c
lsm,selinux: pass flowi_common instead of flowi to the LSM hooks
2022-06-09 10:21:09 +02:00
proc.c
tcp: switch orphan_count to bare per-cpu counters
2021-11-18 14:04:08 +01:00
protocol.c
treewide: Replace GPLv2 boilerplate/reference with SPDX - rule 152
2019-05-30 11:26:32 -07:00
raw_diag.c
Merge git://git.kernel.org/pub/scm/linux/kernel/git/netdev/net
2020-03-12 22:34:48 -07:00
raw.c
lsm,selinux: pass flowi_common instead of flowi to the LSM hooks
2022-06-09 10:21:09 +02:00
route.c
ip: Fix data-races around sysctl_ip_fwd_use_pmtu.
2022-07-29 17:19:12 +02:00
syncookies.c
mptcp: remove MPTCP 'ifdef' in TCP SYN cookies
2023-01-14 10:16:51 +01:00
sysctl_net_ipv4.c
tcp/udp: Make early_demux back namespacified.
2022-11-10 18:14:26 +01:00
tcp_bbr.c
tcp_bbr: fix u32 wrap bug in round logic if bbr_init() called after 2B packets
2021-08-18 08:59:13 +02:00
tcp_bic.c
tcp: fix stretch ACK bugs in BIC
2020-03-16 18:26:54 -07:00
tcp_bpf.c
bpf, sockmap: Check for any of tcp_bpf_prots when cloning a listener
2023-02-15 17:22:10 +01:00
tcp_cdg.c
tcp: cdg: allow tcp_cdg_release() to be called multiple times
2022-11-25 17:45:55 +01:00
tcp_cong.c
net: Only allow init netns to set default tcp cong to a restricted algo
2021-05-14 09:50:46 +02:00
tcp_cubic.c
tcp_cubic: fix spurious Hystart ACK train detections for not-cwnd-limited flows
2021-12-01 09:19:06 +01:00
tcp_dctcp.c
treewide: Replace GPLv2 boilerplate/reference with SPDX - rule 152
2019-05-30 11:26:32 -07:00
tcp_dctcp.h
tcp: refactor DCTCP ECN ACK handling
2018-10-10 22:26:00 -07:00
tcp_diag.c
inet_diag: Move the INET_DIAG_REQ_BYTECODE nlattr to cb->data
2020-02-27 18:50:19 -08:00
tcp_fastopen.c
tcp: Fix data-races around sysctl_tcp_fastopen_blackhole_timeout.
2022-07-29 17:19:18 +02:00
tcp_highspeed.c
Replace HTTP links with HTTPS ones: IPv*
2020-07-06 13:23:03 -07:00
tcp_htcp.c
Replace HTTP links with HTTPS ones: IPv*
2020-07-06 13:23:03 -07:00
tcp_hybla.c
treewide: Add SPDX license identifier for more missed files
2019-05-21 10:50:45 +02:00
tcp_illinois.c
treewide: Add SPDX license identifier for more missed files
2019-05-21 10:50:45 +02:00
tcp_input.c
tcp: fix indefinite deferral of RTO with SACK reneging
2022-11-03 23:57:52 +09:00
tcp_ipv4.c
dccp/tcp: Reset saddr on failure after inet6?_hash_connect().
2022-12-02 17:40:01 +01:00
tcp_lp.c
treewide: Add SPDX license identifier for more missed files
2019-05-21 10:50:45 +02:00
tcp_metrics.c
tcp: Fix data-races around sysctl_tcp_no_ssthresh_metrics_save.
2022-08-03 12:00:45 +02:00
tcp_minisocks.c
tcp: tcp_check_req() can be called from process context
2023-03-11 16:40:13 +01:00
tcp_nv.c
treewide: Add SPDX license identifier for more missed files
2019-05-21 10:50:45 +02:00
tcp_offload.c
net, gro: Set inner transport header offset in tcp/udp GRO hook
2021-08-12 13:22:05 +02:00
tcp_output.c
tcp: tcp_make_synack() can be called from process context
2023-03-22 13:29:57 +01:00
tcp_rate.c
tcp: ensure to use the most recently sent skb when filling the rate sample
2022-05-09 09:05:03 +02:00
tcp_recovery.c
tcp: Fix data-races around sysctl_tcp_recovery.
2022-07-29 17:19:21 +02:00
tcp_scalable.c
net: ipv4: delete repeated words
2020-08-24 17:31:20 -07:00
tcp_timer.c
tcp: Fix a data-race around sysctl_tcp_thin_linear_timeouts.
2022-07-29 17:19:21 +02:00
tcp_ulp.c
net/ulp: use consistent error code when blocking ULP
2023-01-24 07:20:01 +01:00
tcp_vegas.c
tcp: use semicolons rather than commas to separate statements
2020-10-13 17:11:52 -07:00
tcp_vegas.h
License cleanup: add SPDX GPL-2.0 license identifier to files with no license
2017-11-02 11:10:55 +01:00
tcp_veno.c
Replace HTTP links with HTTPS ones: IPv*
2020-07-06 13:23:03 -07:00
tcp_westwood.c
treewide: Add SPDX license identifier for more missed files
2019-05-21 10:50:45 +02:00
tcp_yeah.c
tcp: fix stretch ACK bugs in Yeah
2020-03-16 18:26:55 -07:00
tcp.c
tcp: fix rate_app_limited to default to 1
2023-02-01 08:23:16 +01:00
tunnel4.c
tunnel4: add cb_handler to struct xfrm_tunnel
2020-07-09 12:51:36 +02:00
udp_bpf.c
bpf, sockmap, udp: sk_prot needs inuse_idx set for proc stats
2021-07-28 14:35:37 +02:00
udp_diag.c
Merge git://git.kernel.org/pub/scm/linux/kernel/git/netdev/net
2020-03-12 22:34:48 -07:00
udp_impl.h
net: pass a sockptr_t into ->setsockopt
2020-07-24 15:41:54 -07:00
udp_offload.c
net, gro: Set inner transport header offset in tcp/udp GRO hook
2021-08-12 13:22:05 +02:00
udp_tunnel_core.c
net/tunnel: wait until all sk_user_data reader finish before releasing the sock
2023-01-14 10:15:43 +01:00
udp_tunnel_nic.c
udp_tunnel: Fix end of loop test in udp_tunnel_nic_unregister()
2022-03-02 11:42:51 +01:00
udp_tunnel_stub.c
udp_tunnel: add central NIC RX port offload infrastructure
2020-07-10 13:54:00 -07:00
udp.c
udp: Update reuse->has_conns under reuseport_lock.
2022-10-30 09:41:19 +01:00
udplite.c
net/ipv4: remove compat_ip_{get,set}sockopt
2020-07-19 18:16:41 -07:00
xfrm4_input.c
xfrm: state: remove extract_input indirection from xfrm_state_afinfo
2020-05-06 09:40:08 +02:00
xfrm4_output.c
xfrm: fix unused variable warning if CONFIG_NETFILTER=n
2020-05-11 15:12:27 +02:00
xfrm4_policy.c
net: add bool confirm_neigh parameter for dst_ops.update_pmtu
2019-12-24 22:28:54 -08:00
xfrm4_protocol.c
net: xfrm: unexport __init-annotated xfrm4_protocol_init()
2022-06-14 18:32:40 +02:00
xfrm4_state.c
xfrm: remove output_finish indirection from xfrm_state_afinfo
2020-05-06 09:40:08 +02:00
xfrm4_tunnel.c
xfrm: interface: fix the priorities for ipip and ipv6 tunnels
2020-10-09 12:29:48 +02:00