forge/linux-uconsole
1
0
Fork 0
Code Issues 1 Pull requests Projects Releases Packages Wiki Activity Actions
linux-uconsole/net
History
Michal Kubeček 6b31300858 udp: only allow UFO for packets from SOCK_DGRAM sockets 
[ Upstream commit acf8dd0a9d ]

If an over-MTU UDP datagram is sent through a SOCK_RAW socket to a
UFO-capable device, ip_ufo_append_data() sets skb->ip_summed to
CHECKSUM_PARTIAL unconditionally as all GSO code assumes transport layer
checksum is to be computed on segmentation. However, in this case,
skb->csum_start and skb->csum_offset are never set as raw socket
transmit path bypasses udp_send_skb() where they are usually set. As a
result, driver may access invalid memory when trying to calculate the
checksum and store the result (as observed in virtio_net driver).

Moreover, the very idea of modifying the userspace provided UDP header
is IMHO against raw socket semantics (I wasn't able to find a document
clearly stating this or the opposite, though). And while allowing
CHECKSUM_NONE in the UFO case would be more efficient, it would be a bit
too intrusive change just to handle a corner case like this. Therefore
disallowing UFO for packets from SOCK_DGRAM seems to be the best option.

Signed-off-by: Michal Kubecek <mkubecek@suse.cz>
Signed-off-by: David S. Miller <davem@davemloft.net>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
2015-03-18 13:22:27 +01:00
..
9p 9p/trans_virtio.c: Fix broken zero-copy on vmalloc() buffers 2014-03-06 21:30:03 -08:00
802 net/802/mrp: fix lockdep splat 2013-05-14 13:02:30 -07:00
8021q 8021q: fix a potential memory leak 2014-07-28 08:00:04 -07:00
appletalk appletalk: Fix socket referencing in skb 2014-07-28 08:00:05 -07:00
atm net: rework recvmsg handler msg_name and msg_namelen logic 2013-12-08 07:29:25 -08:00
ax25 net: rework recvmsg handler msg_name and msg_namelen logic 2013-12-08 07:29:25 -08:00
batman-adv batman-adv: set up network coding packet handlers during module init 2013-11-20 12:27:47 -08:00
bluetooth Bluetooth: Avoid use of session socket after the session gets freed 2014-09-17 09:04:00 -07:00
bridge br: fix use of ->rx_handler_data in code executed on non-rx_handler path 2014-11-21 09:22:54 -08:00
caif net: rework recvmsg handler msg_name and msg_namelen logic 2013-12-08 07:29:25 -08:00
can net: Use netlink_ns_capable to verify the permisions of netlink messages 2014-06-26 15:12:37 -04:00
ceph libceph: fix double __remove_osd() problem 2015-03-06 14:40:54 -08:00
core net: reject creation of netdev names with colons 2015-03-18 13:22:27 +01:00
dcb net: Use netlink_ns_capable to verify the permisions of netlink messages 2014-06-26 15:12:37 -04:00
dccp net:dccp: do not report ICMP redirects to user space 2013-10-13 16:08:30 -07:00
decnet net: Use netlink_ns_capable to verify the permisions of netlink messages 2014-06-26 15:12:37 -04:00
dns_resolver dns_resolver: Null-terminate the right string 2014-07-28 08:00:06 -07:00
dsa dsa: fix freeing of sparse port allocation 2013-03-25 12:23:41 -04:00
ethernet net: add ETH_P_802_3_MIN 2013-03-28 01:20:42 -04:00
ieee802154 6lowpan: fix lockdep splats 2014-03-06 21:30:02 -08:00
ipv4 udp: only allow UFO for packets from SOCK_DGRAM sockets 2015-03-18 13:22:27 +01:00
ipv6 udp: only allow UFO for packets from SOCK_DGRAM sockets 2015-03-18 13:22:27 +01:00
ipx ipx: fix locking regression in ipx_sendmsg and ipx_recvmsg 2014-12-06 15:05:47 -08:00
irda net: rework recvmsg handler msg_name and msg_namelen logic 2013-12-08 07:29:25 -08:00
iucv af_iucv: wrong mapping of sent and confirmed skbs 2014-06-30 20:09:40 -07:00
key net: rework recvmsg handler msg_name and msg_namelen logic 2013-12-08 07:29:25 -08:00
l2tp l2tp: fix race while getting PMTU on PPP pseudo-wire 2014-10-15 08:31:57 +02:00
lapb net/lapb: remove depends on CONFIG_EXPERIMENTAL 2013-01-11 11:40:01 -08:00
llc net: llc: fix use after free in llc_ui_recvmsg 2014-01-15 15:28:50 -08:00
mac80211 mac80211: free management frame keys when removing station 2015-01-08 09:58:16 -08:00
mac802154 Merge git://git.kernel.org/pub/scm/linux/kernel/git/davem/net 2013-04-30 03:55:20 -04:00
netfilter ipvs: uninitialized data with IP_VS_IPV6 2015-01-29 17:40:56 -08:00
netlabel netlabel: improve domain mapping validation 2013-05-19 14:49:55 -07:00
netlink netlink: Don't reorder loads/stores before marking mmap netlink frame as available 2015-01-27 07:52:30 -08:00
netrom net: rework recvmsg handler msg_name and msg_namelen logic 2013-12-08 07:29:25 -08:00
nfc net: rework recvmsg handler msg_name and msg_namelen logic 2013-12-08 07:29:25 -08:00
openvswitch openvswitch: fix panic with multiple vlan headers 2014-10-15 08:31:57 +02:00
packet packet: handle too big packets for PACKET_V3 2014-10-15 08:31:56 +02:00
phonet net: Use netlink_ns_capable to verify the permisions of netlink messages 2014-06-26 15:12:37 -04:00
rds rds: prevent dereference of a NULL device in rds_iw_laddr_check 2014-04-14 06:42:18 -07:00
rfkill Merge branch 'for-john' of git://git.kernel.org/pub/scm/linux/kernel/git/jberg/mac80211-next 2013-04-22 14:58:14 -04:00
rose net: rose: restore old recvmsg behavior 2014-01-15 15:28:49 -08:00
rxrpc net: rework recvmsg handler msg_name and msg_namelen logic 2013-12-08 07:29:25 -08:00
sched ematch: Fix auto-loading of ematch modules. 2015-03-18 13:22:27 +01:00
sctp net: sctp: fix passing wrong parameter header to param_type2af in sctp_process_param 2015-02-26 17:48:49 -08:00
sunrpc svcrdma: Select NFSv4.1 backchannel transport based on forward channel 2014-09-05 16:28:37 -07:00
tipc tipc: clear 'next'-pointer of message fragments before reassembly 2014-07-28 08:00:05 -07:00
unix net: unix: non blocking recvmsg() should not return -EINTR 2014-04-14 06:42:15 -07:00
vmw_vsock net: rework recvmsg handler msg_name and msg_namelen logic 2013-12-08 07:29:25 -08:00
wimax
wireless nl80211: fix per-station group key get/del and memory leak 2015-02-05 22:35:36 -08:00
x25 net: rework recvmsg handler msg_name and msg_namelen logic 2013-12-08 07:29:25 -08:00
xfrm net: Use netlink_ns_capable to verify the permisions of netlink messages 2014-06-26 15:12:37 -04:00
compat.c net: compat: Ignore MSG_CMSG_COMPAT in compat_sys_{send, recv}msg 2015-03-18 13:22:27 +01:00
Kconfig netlink: kconfig: move mmap i/o into netlink kconfig 2013-05-01 15:02:42 -04:00
Makefile VSOCK: Introduce VM Sockets 2013-02-10 19:41:08 -05:00
nonet.c
socket.c net: socket: error on a negative msg_namelen 2014-04-14 06:42:16 -07:00
sysctl_net.c net: Update the sysctl permissions handler to test effective uid/gid 2013-10-13 16:08:34 -07:00