1. 20 Aug, 2019 1 commit
    • Stefano Brivio's avatar
      ipv6: Fix return value of ipv6_mc_may_pull() for malformed packets · 3a7ef457
      Stefano Brivio authored
      Commit ba5ea614 ("bridge: simplify ip_mc_check_igmp() and
      ipv6_mc_check_mld() calls") replaces direct calls to pskb_may_pull()
      in br_ipv6_multicast_mld2_report() with calls to ipv6_mc_may_pull(),
      that returns -EINVAL on buffers too short to be valid IPv6 packets,
      while maintaining the previous handling of the return code.
      
      This leads to the direct opposite of the intended effect: if the
      packet is malformed, -EINVAL evaluates as true, and we'll happily
      proceed with the processing.
      
      Return 0 if the packet is too short, in the same way as this was
      fixed for IPv4 by commit 083b78a9 ("ip: fix ip_mc_may_pull()
      return value").
      
      I don't have a reproducer for this, unlike the one referred to by
      the IPv4 commit, but this is clearly broken.
      
      Fixes: ba5ea614 ("bridge: simplify ip_mc_check_igmp() and ipv6_mc_check_mld() calls")
      Signed-off-by: default avatarStefano Brivio <sbrivio@redhat.com>
      Acked-by: default avatarGuillaume Nault <gnault@redhat.com>
      Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
      3a7ef457
  2. 19 Aug, 2019 9 commits
    • David S. Miller's avatar
      Merge git://git.kernel.org/pub/scm/linux/kernel/git/pablo/nf · e15dbcde
      David S. Miller authored
      Pablo Neira Ayuso says:
      
      ====================
      Netfilter fixes for net
      
      The following patchset contains Netfilter fixes for net:
      
      1) Remove IP MASQUERADING record in MAINTAINERS file,
         from Denis Efremov.
      
      2) Counter arguments are swapped in ebtables, from
         Todd Seidelmann.
      
      3) Missing netlink attribute validation in flow_offload
         extension.
      
      4) Incorrect alignment in xt_nfacct that breaks 32-bits
         userspace / 64-bits kernels, from Juliana Rodrigueiro.
      
      5) Missing include guard in nf_conntrack_h323_types.h,
         from Masahiro Yamada.
      ====================
      Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
      e15dbcde
    • Eric Dumazet's avatar
      tcp: make sure EPOLLOUT wont be missed · ef8d8ccd
      Eric Dumazet authored
      As Jason Baron explained in commit 790ba456 ("tcp: set SOCK_NOSPACE
      under memory pressure"), it is crucial we properly set SOCK_NOSPACE
      when needed.
      
      However, Jason patch had a bug, because the 'nonblocking' status
      as far as sk_stream_wait_memory() is concerned is governed
      by MSG_DONTWAIT flag passed at sendmsg() time :
      
          long timeo = sock_sndtimeo(sk, flags & MSG_DONTWAIT);
      
      So it is very possible that tcp sendmsg() calls sk_stream_wait_memory(),
      and that sk_stream_wait_memory() returns -EAGAIN with SOCK_NOSPACE
      cleared, if sk->sk_sndtimeo has been set to a small (but not zero)
      value.
      
      This patch removes the 'noblock' variable since we must always
      set SOCK_NOSPACE if -EAGAIN is returned.
      
      It also renames the do_nonblock label since we might reach this
      code path even if we were in blocking mode.
      
      Fixes: 790ba456 ("tcp: set SOCK_NOSPACE under memory pressure")
      Signed-off-by: default avatarEric Dumazet <edumazet@google.com>
      Cc: Jason Baron <jbaron@akamai.com>
      Reported-by: default avatarVladimir Rutsky  <rutsky@google.com>
      Acked-by: default avatarSoheil Hassas Yeganeh <soheil@google.com>
      Acked-by: default avatarNeal Cardwell <ncardwell@google.com>
      Acked-by: default avatarJason Baron <jbaron@akamai.com>
      Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
      ef8d8ccd
    • Linus Torvalds's avatar
      Merge git://git.kernel.org/pub/scm/linux/kernel/git/netdev/net · 06821504
      Linus Torvalds authored
      Pull networking fixes from David Miller:
      
        1) Fix jmp to 1st instruction in x64 JIT, from Alexei Starovoitov.
      
        2) Severl kTLS fixes in mlx5 driver, from Tariq Toukan.
      
        3) Fix severe performance regression due to lack of SKB coalescing of
           fragments during local delivery, from Guillaume Nault.
      
        4) Error path memory leak in sch_taprio, from Ivan Khoronzhuk.
      
        5) Fix batched events in skbedit packet action, from Roman Mashak.
      
        6) Propagate VLAN TX offload to hw_enc_features in bond and team
           drivers, from Yue Haibing.
      
        7) RXRPC local endpoint refcounting fix and read after free in
           rxrpc_queue_local(), from David Howells.
      
        8) Fix endian bug in ibmveth multicast list handling, from Thomas
           Falcon.
      
        9) Oops, make nlmsg_parse() wrap around the correct function,
           __nlmsg_parse not __nla_parse(). Fix from David Ahern.
      
       10) Memleak in sctp_scend_reset_streams(), fro Zheng Bin.
      
       11) Fix memory leak in cxgb4, from Wenwen Wang.
      
       12) Yet another race in AF_PACKET, from Eric Dumazet.
      
       13) Fix false detection of retransmit failures in tipc, from Tuong
           Lien.
      
       14) Use after free in ravb_tstamp_skb, from Tho Vu.
      
      * git://git.kernel.org/pub/scm/linux/kernel/git/netdev/net: (101 commits)
        ravb: Fix use-after-free ravb_tstamp_skb
        netfilter: nf_tables: map basechain priority to hardware priority
        net: sched: use major priority number as hardware priority
        wimax/i2400m: fix a memory leak bug
        net: cavium: fix driver name
        ibmvnic: Unmap DMA address of TX descriptor buffers after use
        bnxt_en: Fix to include flow direction in L2 key
        bnxt_en: Use correct src_fid to determine direction of the flow
        bnxt_en: Suppress HWRM errors for HWRM_NVM_GET_VARIABLE command
        bnxt_en: Fix handling FRAG_ERR when NVM_INSTALL_UPDATE cmd fails
        bnxt_en: Improve RX doorbell sequence.
        bnxt_en: Fix VNIC clearing logic for 57500 chips.
        net: kalmia: fix memory leaks
        cx82310_eth: fix a memory leak bug
        bnx2x: Fix VF's VLAN reconfiguration in reload.
        Bluetooth: Add debug setting for changing minimum encryption key size
        tipc: fix false detection of retransmit failures
        lan78xx: Fix memory leaks
        MAINTAINERS: r8169: Update path to the driver
        MAINTAINERS: PHY LIBRARY: Update files in the record
        ...
      06821504
    • David Howells's avatar
      keys: Fix description size · 555df336
      David Howells authored
      The maximum key description size is 4095.  Commit f771fde8 ("keys:
      Simplify key description management") inadvertantly reduced that to 255
      and made sizes between 256 and 4095 work weirdly, and any size whereby
      size & 255 == 0 would cause an assertion in __key_link_begin() at the
      following line:
      
      	BUG_ON(index_key->desc_len == 0);
      
      This can be fixed by simply increasing the size of desc_len in struct
      keyring_index_key to a u16.
      
      Note the argument length test in keyutils only checked empty
      descriptions and descriptions with a size around the limit (ie.  4095)
      and not for all the values in between, so it missed this.  This has been
      addressed and
      
      	https://git.kernel.org/pub/scm/linux/kernel/git/dhowells/keyutils.git/commit/?id=066bf56807c26cd3045a25f355b34c1d8a20a5aa
      
      now exhaustively tests all possible lengths of type, description and
      payload and then some.
      
      The assertion failure looks something like:
      
       kernel BUG at security/keys/keyring.c:1245!
       ...
       RIP: 0010:__key_link_begin+0x88/0xa0
       ...
       Call Trace:
        key_create_or_update+0x211/0x4b0
        __x64_sys_add_key+0x101/0x200
        do_syscall_64+0x5b/0x1e0
        entry_SYSCALL_64_after_hwframe+0x44/0xa9
      
      It can be triggered by:
      
      	keyctl add user "aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa" a @s
      
      Fixes: f771fde8 ("keys: Simplify key description management")
      Reported-by: default avatarkernel test robot <rong.a.chen@intel.com>
      Signed-off-by: default avatarDavid Howells <dhowells@redhat.com>
      Signed-off-by: default avatarLinus Torvalds <torvalds@linux-foundation.org>
      555df336
    • Masahiro Yamada's avatar
      netfilter: add include guard to nf_conntrack_h323_types.h · 38a429c8
      Masahiro Yamada authored
      Add a header include guard just in case.
      Signed-off-by: default avatarMasahiro Yamada <yamada.masahiro@socionext.com>
      Signed-off-by: default avatarPablo Neira Ayuso <pablo@netfilter.org>
      38a429c8
    • Juliana Rodrigueiro's avatar
      netfilter: xt_nfacct: Fix alignment mismatch in xt_nfacct_match_info · 89a26cd4
      Juliana Rodrigueiro authored
      When running a 64-bit kernel with a 32-bit iptables binary, the size of
      the xt_nfacct_match_info struct diverges.
      
          kernel: sizeof(struct xt_nfacct_match_info) : 40
          iptables: sizeof(struct xt_nfacct_match_info)) : 36
      
      Trying to append nfacct related rules results in an unhelpful message.
      Although it is suggested to look for more information in dmesg, nothing
      can be found there.
      
          # iptables -A <chain> -m nfacct --nfacct-name <acct-object>
          iptables: Invalid argument. Run `dmesg' for more information.
      
      This patch fixes the memory misalignment by enforcing 8-byte alignment
      within the struct's first revision. This solution is often used in many
      other uapi netfilter headers.
      Signed-off-by: default avatarJuliana Rodrigueiro <juliana.rodrigueiro@intra2net.com>
      Acked-by: default avatarFlorian Westphal <fw@strlen.de>
      Signed-off-by: default avatarPablo Neira Ayuso <pablo@netfilter.org>
      89a26cd4
    • Pablo Neira Ayuso's avatar
      netfilter: nft_flow_offload: missing netlink attribute policy · 14c41586
      Pablo Neira Ayuso authored
      The netlink attribute policy for NFTA_FLOW_TABLE_NAME is missing.
      
      Fixes: a3c90f7a ("netfilter: nf_tables: flow offload expression")
      Signed-off-by: default avatarPablo Neira Ayuso <pablo@netfilter.org>
      14c41586
    • Todd Seidelmann's avatar
      netfilter: ebtables: Fix argument order to ADD_COUNTER · f20faa06
      Todd Seidelmann authored
      The ordering of arguments to the x_tables ADD_COUNTER macro
      appears to be wrong in ebtables (cf. ip_tables.c, ip6_tables.c,
      and arp_tables.c).
      
      This causes data corruption in the ebtables userspace tools
      because they get incorrect packet & byte counts from the kernel.
      
      Fixes: d72133e6 ("netfilter: ebtables: use ADD_COUNTER macro")
      Signed-off-by: default avatarTodd Seidelmann <tseidelmann@linode.com>
      Signed-off-by: default avatarPablo Neira Ayuso <pablo@netfilter.org>
      f20faa06
    • Denis Efremov's avatar
      MAINTAINERS: Remove IP MASQUERADING record · 0d7342c3
      Denis Efremov authored
      This entry is in MAINTAINERS for historical purpose.
      It doesn't match current sources since the commit
      adf82acc ("netfilter: x_tables: merge ip and
      ipv6 masquerade modules") moved the module.
      The net/netfilter/xt_MASQUERADE.c module is already under
      the netfilter section. Thus, there is no purpose to keep this
      separate entry in MAINTAINERS.
      
      Cc: Florian Westphal <fw@strlen.de>
      Cc: Juanjo Ciarlante <jjciarla@raiz.uncu.edu.ar>
      Cc: netfilter-devel@vger.kernel.org
      Suggested-by: default avatarPablo Neira Ayuso <pablo@netfilter.org>
      Signed-off-by: default avatarDenis Efremov <efremov@linux.com>
      Signed-off-by: default avatarPablo Neira Ayuso <pablo@netfilter.org>
      0d7342c3
  3. 18 Aug, 2019 28 commits
  4. 17 Aug, 2019 2 commits