git.proxmox.com Git - mirror_ubuntu-focal-kernel.git/commit

author	Willem de Bruijn <willemb@google.com>
	Mon, 25 May 2020 19:07:40 +0000 (15:07 -0400)
committer	Khalid Elmously <khalid.elmously@canonical.com>
	Sat, 8 Aug 2020 05:53:12 +0000 (01:53 -0400)
commit	3bfeea9b0b203e14acb2c9ba122da08e3a6eb93c
tree	be51b07a1312c549afd7a30c93c934aef0d1397a	tree
parent	14e55dc195c7b4ae4dc10939284afa871bd1f608	commit \| diff

net: check untrusted gso_size at kernel entry

BugLink: https://bugs.launchpad.net/bugs/1883184
[ Upstream commit 6dd912f82680761d8fb6b1bb274a69d4c7010988 ]

Syzkaller again found a path to a kernel crash through bad gso input:
a packet with gso size exceeding len.

These packets are dropped in tcp_gso_segment and udp[46]_ufo_fragment.
But they may affect gso size calculations earlier in the path.

Now that we have thlen as of commit 9274124f023b ("net: stricter
validation of untrusted gso packets"), check gso_size at entry too.

Fixes: bfd5f4a3d605 ("packet: Add GSO/csum offload support.")
Reported-by: syzbot <syzkaller@googlegroups.com>
Signed-off-by: Willem de Bruijn <willemb@google.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Signed-off-by: Kamal Mostafa <kamal@canonical.com>
Signed-off-by: Khalid Elmously <khalid.elmously@canonical.com>