admin/linux
1
0
Fork 0
mirror of https://github.com/torvalds/linux.git synced 2025-12-07 20:06:24 +00:00
Code Issues Packages Projects Releases Wiki Activity
Files
56a50667cbcfaf95eea9128d5676af94e54b51a8
linux/net/ipv4
History
Levi Zim 5153a75ef3 tcp_bpf: Fix copied value in tcp_bpf_sendmsg 
bpf kselftest sockhash::test_txmsg_cork_hangs in test_sockmap.c triggers a
kernel NULL pointer dereference:

BUG: kernel NULL pointer dereference, address: 0000000000000008
 ? __die_body+0x6e/0xb0
 ? __die+0x8b/0xa0
 ? page_fault_oops+0x358/0x3c0
 ? local_clock+0x19/0x30
 ? lock_release+0x11b/0x440
 ? kernelmode_fixup_or_oops+0x54/0x60
 ? __bad_area_nosemaphore+0x4f/0x210
 ? mmap_read_unlock+0x13/0x30
 ? bad_area_nosemaphore+0x16/0x20
 ? do_user_addr_fault+0x6fd/0x740
 ? prb_read_valid+0x1d/0x30
 ? exc_page_fault+0x55/0xd0
 ? asm_exc_page_fault+0x2b/0x30
 ? splice_to_socket+0x52e/0x630
 ? shmem_file_splice_read+0x2b1/0x310
 direct_splice_actor+0x47/0x70
 splice_direct_to_actor+0x133/0x300
 ? do_splice_direct+0x90/0x90
 do_splice_direct+0x64/0x90
 ? __ia32_sys_tee+0x30/0x30
 do_sendfile+0x214/0x300
 __se_sys_sendfile64+0x8e/0xb0
 __x64_sys_sendfile64+0x25/0x30
 x64_sys_call+0xb82/0x2840
 do_syscall_64+0x75/0x110
 entry_SYSCALL_64_after_hwframe+0x4b/0x53

This is caused by tcp_bpf_sendmsg() returning a larger value(12289) than
size (8192), which causes the while loop in splice_to_socket() to release
an uninitialized pipe buf.

The underlying cause is that this code assumes sk_msg_memcopy_from_iter()
will copy all bytes upon success but it actually might only copy part of
it.

This commit changes it to use the real copied bytes.

Signed-off-by: Levi Zim <rsworktech@outlook.com>
Signed-off-by: Daniel Borkmann <daniel@iogearbox.net>
Tested-by: Björn Töpel <bjorn@kernel.org>
Reviewed-by: John Fastabend <john.fastabend@gmail.com>
Link: https://lore.kernel.org/bpf/20241130-tcp-bpf-sendmsg-v1-2-bae583d014f3@outlook.com
2024-12-20 22:53:36 +01:00
..
netfilter
netfilter: nf_dup4: Convert nf_dup_ipv4_route() to dscp_t.
2024-11-15 11:00:29 +01:00
af_inet.c
net: inet: do not leave a dangling sk pointer in inet_create()
2024-10-15 18:43:08 -07:00
ah4.c
net: fill in MODULE_DESCRIPTION()s for ipv4 modules
2024-02-09 14:12:02 -08:00
arp.c
neighbour: Remove bare neighbour::next pointer
2024-11-09 13:22:57 -08:00
bpf_tcp_ca.c
bpf: Check unsupported ops from the bpf_struct_ops's cfi_stubs
2024-07-29 12:54:13 -07:00
cipso_ipv4.c
move asm/unaligned.h to linux/unaligned.h
2024-10-02 17:23:23 -04:00
datagram.c
udp: fix l4 hash after reconnect
2024-12-10 15:30:36 +01:00
devinet.c
net: convert to nla_get_*_default()
2024-11-11 10:32:06 -08:00
esp4_offload.c
xfrm: Add an inbound percpu state cache.
2024-10-29 11:56:18 +01:00
esp4.c
net: support non paged skb frags
2024-09-11 20:44:31 -07:00
fib_frontend.c
net: ip: fix unexpected return in fib_validate_source()
2024-11-18 18:57:00 -08:00
fib_lookup.h
fib_notifier.c
net: do not acquire rtnl in fib_seq_sum()
2024-10-11 15:35:05 -07:00
fib_rules.c
ipv4: use READ_ONCE()/WRITE_ONCE() on net->ipv4.fib_seq
2024-10-11 15:35:05 -07:00
fib_semantics.c
ipv4: remove fib_info_devhash[]
2024-10-07 16:46:27 -07:00
fib_trie.c
ipv4: replace call_rcu by kfree_rcu for simple kmem_cache_free callback
2024-10-15 10:50:21 -07:00
fou_bpf.c
ip_tunnel: convert __be16 tunnel flags to bitmaps
2024-04-01 10:49:28 +01:00
fou_core.c
fou: fix initialization of grc
2024-09-09 17:21:47 -07:00
fou_nl.c
tools: ynl-gen: use big-endian netlink attribute types
2024-10-22 15:33:24 +02:00
fou_nl.h
net: ynl: prefix uAPI header include with uapi/
2023-05-26 10:30:14 +01:00
gre_demux.c
ip_tunnel: convert __be16 tunnel flags to bitmaps
2024-04-01 10:49:28 +01:00
gre_offload.c
net: gro: rename skb_gro_header_hard()
2024-03-05 13:30:11 +01:00
icmp.c
net: Fix icmp host relookup triggering ip_rt_bug
2024-11-30 14:17:10 -08:00
igmp.c
net: ipv4: igmp: optimize ____ip_mc_inc_group() using mc_hash
2024-10-09 12:50:11 +01:00
inet_connection_sock.c
tcp: Fix use-after-free of nreq in reqsk_timer_handler().
2024-11-28 09:48:00 +01:00
inet_diag.c
tcp: annotate data-races around icsk->icsk_pending
2024-10-04 15:34:39 -07:00
inet_fragment.c
net: Rename mono_delivery_time to tstamp_type for scalabilty
2024-05-23 14:14:23 -07:00
inet_hashtables.c
inet: constify 'struct net' parameter of various lookup helpers
2024-08-05 16:22:45 -07:00
inet_timewait_sock.c
tcp: move inet_twsk_schedule helper out of header
2024-06-10 11:54:18 +01:00
inetpeer.c
inetpeer: replace call_rcu by kfree_rcu for simple kmem_cache_free callback
2024-10-15 10:50:21 -07:00
ip_forward.c
net: fix IPSTATS_MIB_OUTFORWDATAGRAMS increment after fragment check
2023-10-13 09:58:45 -07:00
ip_fragment.c
net: ip: make ip_route_input_noref() return drop reasons
2024-11-12 11:24:51 +01:00
ip_gre.c
ipv4: ip_gre: Fix drops of small packets in ipgre_xmit
2024-10-01 13:04:03 +02:00
ip_input.c
net: ip: make ip_route_use_hint() return drop reasons
2024-11-12 11:24:51 +01:00
ip_options.c
net: ip: make ip_route_input() return drop reasons
2024-11-12 11:24:51 +01:00
ip_output.c
ipv4: tcp: give socket pointer to control skbs
2024-10-14 17:39:37 -07:00
ip_sockglue.c
inet: Add getsockopt support for IP_ROUTER_ALERT and IPV6_ROUTER_ALERT
2024-03-06 12:37:06 +00:00
ip_tunnel_core.c
ip_tunnel: convert __be16 tunnel flags to bitmaps
2024-04-01 10:49:28 +01:00
ip_tunnel.c
ipv4: ip_tunnel: Fix suspicious RCU usage warning in ip_tunnel_find()
2024-10-29 11:12:53 -07:00
ip_vti.c
netdev_features: convert NETIF_F_LLTX to dev->lltx
2024-09-03 11:36:43 +02:00
ipcomp.c
xfrm: ipcomp: add extack to ipcomp{4,6}_init_state
2022-09-29 07:18:00 +02:00
ipconfig.c
net: ipconfig: move ic_nameservers_fallback into #ifdef block
2023-05-22 11:17:55 +01:00
ipip.c
netdev_features: convert NETIF_F_LLTX to dev->lltx
2024-09-03 11:36:43 +02:00
ipmr_base.c
ipmr: Fix access to mfc_cache_list without lock held
2024-11-13 19:09:42 -08:00
ipmr.c
ipmr: tune the ipmr_can_free_table() checks.
2024-12-04 18:49:16 -08:00
Kconfig
net/tcp: Expand goo.gl link
2024-07-30 18:35:12 -07:00
Makefile
bpfilter: remove bpfilter
2024-01-04 10:23:10 -08:00
metrics.c
net: remove NULL-pointer net parameter in ip_metrics_convert
2024-06-05 10:06:00 +01:00
netfilter.c
netfilter: ipv4: Convert ip_route_me_harder() to dscp_t.
2024-11-15 11:00:29 +01:00
netlink.c
nexthop.c
net: convert to nla_get_*_default()
2024-11-11 10:32:06 -08:00
ping.c
ping: use sk_skb_reason_drop to free rx packets
2024-06-19 12:44:22 +01:00
proc.c
minmax: add a few more MIN_T/MAX_T users
2024-07-28 13:41:14 -07:00
protocol.c
raw_diag.c
inet_diag: add module pointer to "struct inet_diag_handler"
2024-01-23 15:13:54 +01:00
raw.c
net_tstamp: add SCM_TS_OPT_ID for RAW sockets
2024-10-04 11:52:19 -07:00
route.c
ip: Return drop reason if in_dev is NULL in ip_route_input_rcu().
2024-12-07 17:55:37 -08:00
syncookies.c
tcp: use sk_skb_reason_drop to free rx packets
2024-06-19 12:44:22 +01:00
sysctl_net_ipv4.c
icmp: icmp_msgs_per_sec and icmp_msgs_burst sysctls become per netns
2024-08-30 11:14:06 -07:00
tcp_ao.c
net/tcp: Add missing lockdep annotations for TCP-AO hlist traversals
2024-11-03 12:10:11 -08:00
tcp_bbr.c
tcp: Add new args for cong_control in tcp_congestion_ops
2024-05-02 16:26:56 -07:00
tcp_bic.c
tcp: add accessors to read/set tp->snd_cwnd
2022-04-06 12:05:41 -07:00
tcp_bpf.c
tcp_bpf: Fix copied value in tcp_bpf_sendmsg
2024-12-20 22:53:36 +01:00
tcp_cdg.c
Merge tag 'random-6.1-rc1-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/crng/random
2022-10-16 15:27:07 -07:00
tcp_cong.c
tcp: only release congestion control if it has been initialized
2024-10-31 18:22:48 -07:00
tcp_cubic.c
bpf: Remove CONFIG_X86 and CONFIG_DYNAMIC_FTRACE guard from the tcp-cc kfuncs
2024-03-28 18:31:40 -07:00
tcp_dctcp.c
tcp: Fix shift-out-of-bounds in dctcp_update_alpha().
2024-05-21 13:34:50 +02:00
tcp_dctcp.h
tcp_diag.c
inet_diag: add module pointer to "struct inet_diag_handler"
2024-01-23 15:13:54 +01:00
tcp_fastopen.c
net: use unrcu_pointer() helper
2024-06-06 11:52:52 +02:00
tcp_highspeed.c
tcp: add accessors to read/set tp->snd_cwnd
2022-04-06 12:05:41 -07:00
tcp_htcp.c
tcp: Use clamp() in htcp_alpha_update()
2024-08-06 12:16:25 -07:00
tcp_hybla.c
tcp: add accessors to read/set tp->snd_cwnd
2022-04-06 12:05:41 -07:00
tcp_illinois.c
tcp: add accessors to read/set tp->snd_cwnd
2022-04-06 12:05:41 -07:00
tcp_input.c
net: tcp: Add noinline_for_tracing annotation for tcp_drop_reason()
2024-11-03 09:02:32 -08:00
tcp_ipv4.c
net/tcp: Add missing lockdep annotations for TCP-AO hlist traversals
2024-11-03 12:10:11 -08:00
tcp_lp.c
tcp: rename tcp_time_stamp() to tcp_time_stamp_ts()
2023-10-23 09:35:01 +01:00
tcp_metrics.c
tcp_metrics: use netlink policy for IPv6 addr len validation
2024-08-19 17:42:57 -07:00
tcp_minisocks.c
tcp: populate XPS related fields of timewait sockets
2024-11-30 13:00:52 -08:00
tcp_nv.c
tcp: add accessors to read/set tp->snd_cwnd
2022-04-06 12:05:41 -07:00
tcp_offload.c
net: gso: fix tcp fraglist segmentation after pull from frag_list
2024-10-02 17:21:47 -07:00
tcp_output.c
tcp: check space before adding MPTCP SYN options
2024-12-10 18:26:52 -08:00
tcp_plb.c
prandom: remove prandom_u32_max()
2022-12-20 03:13:45 +01:00
tcp_rate.c
Merge git://git.kernel.org/pub/scm/linux/kernel/git/netdev/net
2022-04-28 13:02:01 -07:00
tcp_recovery.c
tcp: fix excessive TLP and RACK timeouts from HZ rounding
2023-10-17 17:25:42 -07:00
tcp_scalable.c
tcp: add accessors to read/set tp->snd_cwnd
2022-04-06 12:05:41 -07:00
tcp_sigpool.c
net/tcp_sigpool: Use nested-BH locking for sigpool_scratch.
2024-06-24 16:41:22 -07:00
tcp_timer.c
net: tcp: refresh tcp_mstamp for compressed ack in timer
2024-10-07 16:01:39 -07:00
tcp_ulp.c
net/ulp: use consistent error code when blocking ULP
2023-01-19 09:26:16 -08:00
tcp_vegas.c
tcp: add accessors to read/set tp->snd_cwnd
2022-04-06 12:05:41 -07:00
tcp_vegas.h
tcp_veno.c
tcp: add accessors to read/set tp->snd_cwnd
2022-04-06 12:05:41 -07:00
tcp_westwood.c
tcp: add accessors to read/set tp->snd_cwnd
2022-04-06 12:05:41 -07:00
tcp_yeah.c
tcp: add accessors to read/set tp->snd_cwnd
2022-04-06 12:05:41 -07:00
tcp.c
tcp: only release congestion control if it has been initialized
2024-10-31 18:22:48 -07:00
tunnel4.c
net: fill in MODULE_DESCRIPTION()s for ipv4 modules
2024-02-09 14:12:02 -08:00
udp_bpf.c
bpf, sockmap: Fix an infinite loop error when len is 0 in tcp_bpf_recvmsg_parser()
2023-03-03 17:25:15 +01:00
udp_diag.c
inet_diag: add module pointer to "struct inet_diag_handler"
2024-01-23 15:13:54 +01:00
udp_impl.h
sock: Remove ->sendpage*() in favour of sendmsg(MSG_SPLICE_PAGES)
2023-06-24 15:50:13 -07:00
udp_offload.c
gso: fix udp gso fraglist segmentation after pull from frag_list
2024-10-02 17:29:31 -07:00
udp_tunnel_core.c
ipv4: udp_tunnel: Unmask upper DSCP bits in udp_tunnel_dst_lookup()
2024-09-09 14:14:53 +01:00
udp_tunnel_nic.c
udp_tunnel: Use flex array to simplify code
2023-10-03 11:39:34 +02:00
udp_tunnel_stub.c
udp.c
Revert "udp: avoid calling sock_def_readable() if possible"
2024-12-03 18:41:10 -08:00
udplite.c
udplite: remove UDPLITE_BIT
2023-09-14 16:16:36 +02:00
xfrm4_input.c
ipv4: Convert ip_route_input_noref() to dscp_t.
2024-10-03 16:21:21 -07:00
xfrm4_output.c
xfrm4_policy.c
xfrm: Convert struct xfrm_dst_lookup_params -> tos to dscp_t.
2024-11-06 12:42:51 +01:00
xfrm4_protocol.c
ipv4: Convert ip_route_input_noref() to dscp_t.
2024-10-03 16:21:21 -07:00
xfrm4_state.c
xfrm4_tunnel.c
net: fill in MODULE_DESCRIPTION()s for ipv4 modules
2024-02-09 14:12:02 -08:00