summaryrefslogtreecommitdiff
path: root/Documentation/hwmon/lm25066
diff options
context:
space:
mode:
authorWillem de Bruijn <willemb@google.com>2018-12-30 17:24:36 -0500
committerDavid S. Miller <davem@davemloft.net>2019-01-01 12:05:02 -0800
commitcb9f1b783850b14cbd7f87d061d784a666dfba1f (patch)
tree652c378230eed5add180c8fec9787db540b32e97 /Documentation/hwmon/lm25066
parent8c76e77f9069f10505c08e02646c3ee11ad79038 (diff)
ip: validate header length on virtual device xmit
KMSAN detected read beyond end of buffer in vti and sit devices when passing truncated packets with PF_PACKET. The issue affects additional ip tunnel devices. Extend commit 76c0ddd8c3a6 ("ip6_tunnel: be careful when accessing the inner header") and commit ccfec9e5cb2d ("ip_tunnel: be careful when accessing the inner header"). Move the check to a separate helper and call at the start of each ndo_start_xmit function in net/ipv4 and net/ipv6. Minor changes: - convert dev_kfree_skb to kfree_skb on error path, as dev_kfree_skb calls consume_skb which is not for error paths. - use pskb_network_may_pull even though that is pedantic here, as the same as pskb_may_pull for devices without llheaders. - do not cache ipv6 hdrs if used only once (unsafe across pskb_may_pull, was more relevant to earlier patch) Reported-by: syzbot <syzkaller@googlegroups.com> Signed-off-by: Willem de Bruijn <willemb@google.com> Signed-off-by: David S. Miller <davem@davemloft.net>
Diffstat (limited to 'Documentation/hwmon/lm25066')
0 files changed, 0 insertions, 0 deletions