linux

mirror of https://github.com/torvalds/linux synced 2024-07-08 20:29:39 +00:00

Go to file

Willem de Bruijn be008726d0 net: gro: initialize network_offset in network layer Syzkaller was able to trigger kernel BUG at net/core/gro.c:424 ! RIP: 0010:gro_pull_from_frag0 net/core/gro.c:424 [inline] RIP: 0010:gro_try_pull_from_frag0 net/core/gro.c:446 [inline] RIP: 0010:dev_gro_receive+0x242f/0x24b0 net/core/gro.c:571 Due to using an incorrect NAPI_GRO_CB(skb)->network_offset. The referenced commit sets this offset to 0 in skb_gro_reset_offset. That matches the expected case in dev_gro_receive: pp = INDIRECT_CALL_INET(ptype->callbacks.gro_receive, ipv6_gro_receive, inet_gro_receive, &gro_list->list, skb); But syzkaller injected an skb with protocol ETH_P_TEB into an ip6gre device (by writing the IP6GRE encapsulated version to a TAP device). The result was a first call to eth_gro_receive, and thus an extra ETH_HLEN in network_offset that should not be there. First issue hit is when computing offset from network header in ipv6_gro_pull_exthdrs. Initialize both offsets in the network layer gro_receive. This pairs with all reads in gro_receive, which use skb_gro_receive_network_offset(). Fixes: `186b1ea73a` ("net: gro: use cb instead of skb->network_header") Reported-by: syzkaller <syzkaller@googlegroups.com> Signed-off-by: Willem de Bruijn <willemb@google.com> CC: Richard Gobert <richardbgobert@gmail.com> Reviewed-by: Eric Dumazet <edumazet@google.com> Link: https://lore.kernel.org/r/20240523141434.1752483-1-willemdebruijn.kernel@gmail.com Signed-off-by: Jakub Kicinski <kuba@kernel.org>		2024-05-27 16:46:59 -07:00
arch	bpf-for-netdev	2024-05-27 16:26:30 -07:00
block	Compactifying bdev flags	2024-05-21 13:02:56 -07:00
certs
crypto	This push fixes a bug in the new ecc P521 code as well as a buggy	2024-05-20 08:47:54 -07:00
Documentation	arm64 fixes for -rc1	2024-05-23 12:09:22 -07:00
drivers	bpf-for-netdev	2024-05-27 16:26:30 -07:00
fs	tracing: Remove second argument of __assign_str()	2024-05-23 12:28:01 -07:00
include	bpf-for-netdev	2024-05-27 16:26:30 -07:00
init	Driver core changes for 6.10-rc1	2024-05-22 12:13:40 -07:00
io_uring	Assorted commits that had missed the last merge window...	2024-05-21 13:11:44 -07:00
ipc
kernel	bpf-for-netdev	2024-05-27 16:26:30 -07:00
lib	- A series ("kbuild: enable more warnings by default") from Arnd	2024-05-22 18:59:29 -07:00
LICENSES
mm	A series from Dave Chinner which cleans up and fixes the handling of	2024-05-22 17:32:04 -07:00
net	net: gro: initialize network_offset in network layer	2024-05-27 16:46:59 -07:00
rust	LoongArch changes for v6.10	2024-05-22 09:43:07 -07:00
samples	tracing/treewide: Remove second parameter of __assign_str()	2024-05-22 20:14:47 -04:00
scripts	- A series ("kbuild: enable more warnings by default") from Arnd	2024-05-22 18:59:29 -07:00
security	KEYS: trusted: Do not use WARN when encode fails	2024-05-21 02:35:10 +03:00
sound	tracing: Remove second argument of __assign_str()	2024-05-23 12:28:01 -07:00
tools	bpf-for-netdev	2024-05-27 16:26:30 -07:00
usr
virt
.clang-format
.cocciconfig
.editorconfig
.get_maintainer.ignore
.gitattributes
.gitignore
.mailmap
.rustfmt.toml
COPYING
CREDITS
Kbuild
Kconfig
MAINTAINERS	bpf-for-netdev	2024-05-27 16:26:30 -07:00
Makefile	arch: add ARCH_HAS_KERNEL_FPU_SUPPORT	2024-05-19 14:36:17 -07:00
README

README

Linux kernel
============

There are several guides for kernel developers and users. These guides can
be rendered in a number of formats, like HTML and PDF. Please read
Documentation/admin-guide/README.rst first.

In order to build the documentation, use ``make htmldocs`` or
``make pdfdocs``.  The formatted documentation can also be read online at:

    https://www.kernel.org/doc/html/latest/

There are various text files in the Documentation/ subdirectory,
several of them using the reStructuredText markup notation.

Please read the Documentation/process/changes.rst file, as it contains the
requirements for building and running the kernel, and information about
the problems which may result by upgrading your kernel.