forge/linux-uconsole
1
0
Fork 0
Code Issues 1 Pull requests Projects Releases Packages Wiki Activity Actions
linux-uconsole/net
History
Dominique Martinet 6bf97c01b9 9p/net: put a lower bound on msize 
commit 574d356b7a upstream.

If the requested msize is too small (either from command line argument
or from the server version reply), we won't get any work done.
If it's *really* too small, nothing will work, and this got caught by
syzbot recently (on a new kmem_cache_create_usercopy() call)

Just set a minimum msize to 4k in both code paths, until someone
complains they have a use-case for a smaller msize.

We need to check in both mount option and server reply individually
because the msize for the first version request would be unchecked
with just a global check on clnt->msize.

Link: http://lkml.kernel.org/r/1541407968-31350-1-git-send-email-asmadeus@codewreck.org
Reported-by: syzbot+0c1d61e4db7db94102ca@syzkaller.appspotmail.com
Signed-off-by: Dominique Martinet <dominique.martinet@cea.fr>
Cc: Eric Van Hensbergen <ericvh@gmail.com>
Cc: Latchesar Ionkov <lucho@ionkov.net>
Cc: stable@vger.kernel.org
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
2019-01-13 09:51:08 +01:00
..
6lowpan 6lowpan: iphc: reset mac_header after decompress to fix panic 2018-07-06 12:32:12 +02:00
9p 9p/net: put a lower bound on msize 2019-01-13 09:51:08 +01:00
802
8021q net: remove blank lines at end of file 2018-07-24 14:10:43 -07:00
appletalk Revert changes to convert to ->poll_mask() and aio IOCB_CMD_POLL 2018-06-28 10:40:47 -07:00
atm Revert "net: simplify sock_poll_wait" 2018-11-04 14:50:51 +01:00
ax25 ax25: fix a use-after-free in ax25_fillin_cb() 2019-01-09 17:38:30 +01:00
batman-adv batman-adv: Expand merged fragment buffer for full packet 2018-12-13 09:16:10 +01:00
bluetooth Bluetooth: SMP: fix crash in unpairing 2018-09-26 12:39:32 +03:00
bpf bpf/test_run: support cgroup local storage 2018-08-03 00:47:32 +02:00
bpfilter net: bpfilter: use get_pid_task instead of pid_task 2018-10-17 22:03:40 -07:00
bridge net: bridge: remove ipv6 zero address check in mcast queries 2018-11-04 14:50:54 +01:00
caif Revert "net: simplify sock_poll_wait" 2018-11-04 14:50:51 +01:00
can can: raw: check for CAN FD capable netdev in raw_sendmsg() 2018-12-01 09:37:30 +01:00
ceph libceph: fall back to sendmsg for slab pages 2018-11-27 16:13:11 +01:00
core sock: Make sock->sk_stamp thread-safe 2019-01-09 17:38:33 +01:00
dcb net: dcb: Add priority-to-DSCP map getters 2018-07-27 13:17:50 -07:00
dccp Revert "net: simplify sock_poll_wait" 2018-11-04 14:50:51 +01:00
decnet decnet: fix using plain integer as NULL warning 2018-08-09 14:11:24 -07:00
dns_resolver net: remove blank lines at end of file 2018-07-24 14:10:43 -07:00
dsa net: dsa: Drop GPIO includes 2018-08-27 15:24:33 -07:00
ethernet net: Convert GRO SKB handling to list_head. 2018-06-26 11:33:04 +09:00
hsr
ieee802154 ieee802154: lowpan_header_create check must check daddr 2019-01-09 17:38:31 +01:00
ife
ipv4 tcp: fix a race in inet_diag_dump_icsk() 2019-01-09 17:38:33 +01:00
ipv6 ipv6: route: Fix return value of ip6_neigh_lookup() on neigh_create() error 2019-01-09 17:38:35 +01:00
iucv Revert "net: simplify sock_poll_wait" 2018-11-04 14:50:51 +01:00
kcm Revert "kcm: remove any offset before parsing messages" 2018-09-17 18:43:42 -07:00
key Merge branch 'master' of git://git.kernel.org/pub/scm/linux/kernel/git/klassert/ipsec-next 2018-07-27 09:33:37 -07:00
l2tp l2tp: fix a sock refcnt leak in l2tp_tunnel_register 2018-11-23 08:17:05 +01:00
l3mdev
lapb
llc llc: do not use sk_eat_skb() 2018-12-01 09:37:27 +01:00
mac80211 mac80211: free skb fraglist before freeing the skb 2019-01-13 09:51:02 +01:00
mac802154 net: mac802154: tx: expand tailroom if necessary 2018-08-06 11:21:37 +02:00
mpls mpls: allow routes on ip6gre devices 2018-09-24 12:19:27 -07:00
ncsi net/ncsi: Fixup .dumpit message flags and ID check in Netlink handler 2018-08-22 21:39:08 -07:00
netfilter netfilter: nf_conncount: use rb_link_node_rcu() instead of rb_link_node() 2019-01-13 09:50:59 +01:00
netlabel netlabel: check for IPV4MASK in addrinfo_get 2018-09-21 18:58:34 -07:00
netlink Merge ra.kernel.org:/pub/scm/linux/kernel/git/davem/net 2018-08-05 13:04:31 -07:00
netrom netrom: fix locking in nr_find_socket() 2019-01-09 17:38:32 +01:00
nfc Revert "net: simplify sock_poll_wait" 2018-11-04 14:50:51 +01:00
nsh nsh: set mac len based on inner packet 2018-07-12 16:55:29 -07:00
openvswitch openvswitch: Fix push/pop ethernet validation 2018-11-04 14:50:52 +01:00
packet packet: validate address length if non-zero 2019-01-09 17:38:33 +01:00
phonet Revert changes to convert to ->poll_mask() and aio IOCB_CMD_POLL 2018-06-28 10:40:47 -07:00
psample
qrtr net: qrtr: Reset the node and port ID of broadcast messages 2018-07-05 20:20:03 +09:00
rds rds: RDS (tcp) hangs on sendto() to unresponding address 2018-10-10 22:19:52 -07:00
rfkill Here are quite a large number of fixes, notably: 2018-09-03 22:12:02 -07:00
rose Revert changes to convert to ->poll_mask() and aio IOCB_CMD_POLL 2018-06-28 10:40:47 -07:00
rxrpc rxrpc: Fix lockup due to no error backoff after ack transmit error 2018-11-23 08:17:07 +01:00
sched net: Prevent invalid access to skb->prev in __qdisc_drop_all 2018-12-17 09:24:27 +01:00
sctp sctp: initialize sin6_flowinfo for ipv6 addrs in sctp_inet6addr_event 2019-01-09 17:38:33 +01:00
smc net/smc: fix TCP fallback socket release 2019-01-09 17:38:32 +01:00
strparser strparser: remove redundant variable 'rd_desc' 2018-08-01 10:00:06 -07:00
sunrpc sunrpc: use SVC_NET() in svcauth_gss_* functions 2019-01-13 09:51:05 +01:00
switchdev
tipc tipc: check group dests after tipc_wait_for_cond() 2019-01-09 17:38:34 +01:00
tls net/tls: Init routines in create_ctx 2019-01-13 09:51:00 +01:00
unix Revert "net: simplify sock_poll_wait" 2018-11-04 14:50:51 +01:00
vmw_vsock VSOCK: Send reset control packet when socket is partially bound 2019-01-09 17:38:34 +01:00
wimax wimax: remove blank lines at EOF 2018-07-24 14:10:42 -07:00
wireless nl80211: fix memory leak if validate_pae_over_nl80211() fails 2019-01-13 09:51:02 +01:00
x25 x25: remove blank lines at EOF 2018-07-24 14:10:42 -07:00
xdp xsk: do not call synchronize_net() under RCU read lock 2018-10-11 10:19:01 +02:00
xfrm xfrm: Fix NULL pointer dereference in xfrm_input when skb_dst_force clears the dst_entry. 2019-01-13 09:50:57 +01:00
compat.c sock: Make sock->sk_stamp thread-safe 2019-01-09 17:38:33 +01:00
Kconfig net: remove blank lines at end of file 2018-07-24 14:10:43 -07:00
Makefile bpfilter: check compiler capability in Kconfig 2018-06-28 13:36:39 +09:00
socket.c net: socket: fix a missing-check bug 2018-10-18 16:43:06 -07:00
sysctl_net.c