github-mirror/linux
1
0
Fork 0
mirror of https://github.com/torvalds/linux.git synced 2026-06-07 14:04:54 +02:00
Code Issues Actions Packages Projects Releases Wiki Activity Graph
c075c3ea03
linux/include
History
Sabrina Dubroca c075c3ea03 esp: limit skb_page_frag_refill use to a single page 
[ Upstream commit 5bd8baab08 ]

Commit ebe48d368e ("esp: Fix possible buffer overflow in ESP
transformation") tried to fix skb_page_frag_refill usage in ESP by
capping allocsize to 32k, but that doesn't completely solve the issue,
as skb_page_frag_refill may return a single page. If that happens, we
will write out of bounds, despite the check introduced in the previous
patch.

This patch forces COW in cases where we would end up calling
skb_page_frag_refill with a size larger than a page (first in
esp_output_head with tailen, then in esp_output_tail with
skb->data_len).

Fixes: cac2661c53 ("esp4: Avoid skb_cow_data whenever possible")
Fixes: 03e2a30f6a ("esp6: Avoid skb_cow_data whenever possible")
Signed-off-by: Sabrina Dubroca <sd@queasysnail.net>
Signed-off-by: Steffen Klassert <steffen.klassert@secunet.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
2022-04-27 13:53:48 +02:00
..
acpi ACPICA: actypes.h: Expand the ACPI_ACCESS_ definitions 2022-01-27 10:54:18 +01:00
asm-generic tlb: hugetlb: Add more sizes to tlb_remove_huge_tlb_entry 2022-04-20 09:23:22 +02:00
clocksource clocksource/drivers/timer-ti-dm: Save and restore timer TIOCP_CFG 2021-07-14 16:56:12 +02:00
crypto crypto: public_key: fix overflow during implicit conversion 2021-09-18 13:40:08 +02:00
drm drm: protect drm_master pointers in drm_lease.c 2021-09-18 13:40:19 +02:00
dt-bindings clk: imx8mq: remove SYS PLL 1/2 clock gates 2021-07-14 16:56:20 +02:00
keys certs: Add EFI_CERT_X509_GUID support for dbx entries 2021-06-30 08:47:30 -04:00
kunit
kvm
linux etherdevice: Adjust ether_addr* prototypes to silence -Wstringop-overead 2022-04-27 13:53:45 +02:00
math-emu
media media: subdev: disallow ioctl for saa6588/davinci 2021-07-19 09:45:02 +02:00
memory memory: renesas-rpc-if: Correct QSPI data transfer in Manual mode 2021-11-18 14:03:47 +01:00
misc
net esp: limit skb_page_frag_refill use to a single page 2022-04-27 13:53:48 +02:00
pcmcia
ras
rdma RDMA/netlink: Add __maybe_unused to static inline in C file 2021-11-26 10:39:21 +01:00
scsi scsi: iscsi: Fix conn cleanup and stop race during iscsid restart 2022-04-20 09:23:17 +02:00
soc firmware: raspberrypi: Keep count of all consumers 2021-09-15 09:50:41 +02:00
sound ALSA: pcm: Fix potential AB/BA lock with buffer_mutex and mmap_lock 2022-04-08 14:39:53 +02:00
target scsi: target: Fix ordered tag handling 2021-11-26 10:39:11 +01:00
trace SUNRPC: Fix the svc_deferred_event trace class 2022-04-20 09:23:11 +02:00
uapi can: isotp: set default value for N_As to 50 micro seconds 2022-04-13 21:01:00 +02:00
vdso
video
xen xen/gnttab: fix gnttab_end_foreign_access() without page specified 2022-03-11 12:11:54 +01:00