From: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
To: linux-kernel@vger.kernel.org
Cc: Greg Kroah-Hartman <gregkh@linuxfoundation.org>,
stable@vger.kernel.org,
Frank van der Linden <fllinden@amazon.com>,
Eric Dumazet <edumazet@google.com>,
Balbir Singh <bsingharora@gmail.com>,
"David S. Miller" <davem@davemloft.net>
Subject: [PATCH 4.16 07/64] tcp: verify the checksum of the first data segment in a new connection
Date: Sun, 24 Jun 2018 23:21:48 +0800 [thread overview]
Message-ID: <20180624142744.063463910@linuxfoundation.org> (raw)
In-Reply-To: <20180624142743.613370789@linuxfoundation.org>
4.16-stable review patch. If anyone has any objections, please let me know.
------------------
From: Frank van der Linden <fllinden@amazon.com>
[ Upstream commit 4fd44a98ffe0d048246efef67ed640fdf2098a62 ]
commit 079096f103fa ("tcp/dccp: install syn_recv requests into ehash
table") introduced an optimization for the handling of child sockets
created for a new TCP connection.
But this optimization passes any data associated with the last ACK of the
connection handshake up the stack without verifying its checksum, because it
calls tcp_child_process(), which in turn calls tcp_rcv_state_process()
directly. These lower-level processing functions do not do any checksum
verification.
Insert a tcp_checksum_complete call in the TCP_NEW_SYN_RECEIVE path to
fix this.
Fixes: 079096f103fa ("tcp/dccp: install syn_recv requests into ehash table")
Signed-off-by: Frank van der Linden <fllinden@amazon.com>
Signed-off-by: Eric Dumazet <edumazet@google.com>
Tested-by: Balbir Singh <bsingharora@gmail.com>
Reviewed-by: Balbir Singh <bsingharora@gmail.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
net/ipv4/tcp_ipv4.c | 4 ++++
net/ipv6/tcp_ipv6.c | 4 ++++
2 files changed, 8 insertions(+)
--- a/net/ipv4/tcp_ipv4.c
+++ b/net/ipv4/tcp_ipv4.c
@@ -1680,6 +1680,10 @@ process:
reqsk_put(req);
goto discard_it;
}
+ if (tcp_checksum_complete(skb)) {
+ reqsk_put(req);
+ goto csum_error;
+ }
if (unlikely(sk->sk_state != TCP_LISTEN)) {
inet_csk_reqsk_queue_drop_and_put(sk, req);
goto lookup;
--- a/net/ipv6/tcp_ipv6.c
+++ b/net/ipv6/tcp_ipv6.c
@@ -1459,6 +1459,10 @@ process:
reqsk_put(req);
goto discard_it;
}
+ if (tcp_checksum_complete(skb)) {
+ reqsk_put(req);
+ goto csum_error;
+ }
if (unlikely(sk->sk_state != TCP_LISTEN)) {
inet_csk_reqsk_queue_drop_and_put(sk, req);
goto lookup;
next prev parent reply other threads:[~2018-06-24 15:34 UTC|newest]
Thread overview: 68+ messages / expand[flat|nested] mbox.gz Atom feed top
2018-06-24 15:21 [PATCH 4.16 00/64] 4.16.18-stable review Greg Kroah-Hartman
2018-06-24 15:21 ` [PATCH 4.16 01/64] bonding: re-evaluate force_primary when the primary slave name changes Greg Kroah-Hartman
2018-06-24 15:21 ` [PATCH 4.16 03/64] ipv6: allow PMTU exceptions to local routes Greg Kroah-Hartman
2018-06-24 15:21 ` [PATCH 4.16 04/64] net: dsa: add error handling for pskb_trim_rcsum Greg Kroah-Hartman
2018-06-24 15:21 ` [PATCH 4.16 05/64] net: phy: dp83822: use BMCR_ANENABLE instead of BMSR_ANEGCAPABLE for DP83620 Greg Kroah-Hartman
2018-06-24 15:21 ` [PATCH 4.16 06/64] net/sched: act_simple: fix parsing of TCA_DEF_DATA Greg Kroah-Hartman
2018-06-24 15:21 ` Greg Kroah-Hartman [this message]
2018-06-24 15:21 ` [PATCH 4.16 08/64] socket: close race condition between sock_close() and sockfs_setattr() Greg Kroah-Hartman
2018-06-24 15:21 ` [PATCH 4.16 09/64] udp: fix rx queue len reported by diag and proc interface Greg Kroah-Hartman
2018-06-24 15:21 ` [PATCH 4.16 10/64] net: in virtio_net_hdr only add VLAN_HLEN to csum_start if payload holds vlan Greg Kroah-Hartman
2018-06-24 15:21 ` [PATCH 4.16 11/64] hv_netvsc: Fix a network regression after ifdown/ifup Greg Kroah-Hartman
2018-06-24 15:21 ` [PATCH 4.16 12/64] tls: fix use-after-free in tls_push_record Greg Kroah-Hartman
2018-06-24 15:21 ` [PATCH 4.16 13/64] ext4: fix hole length detection in ext4_ind_map_blocks() Greg Kroah-Hartman
2018-06-24 15:21 ` [PATCH 4.16 14/64] ext4: update mtime in ext4_punch_hole even if no blocks are released Greg Kroah-Hartman
2018-06-24 15:21 ` [PATCH 4.16 15/64] ext4: do not allow external inodes for inline data Greg Kroah-Hartman
2018-06-24 15:21 ` [PATCH 4.16 16/64] ext4: bubble errors from ext4_find_inline_data_nolock() up to ext4_iget() Greg Kroah-Hartman
2018-06-24 15:21 ` [PATCH 4.16 17/64] ext4: correctly handle a zero-length xattr with a non-zero e_value_offs Greg Kroah-Hartman
2018-06-24 15:21 ` [PATCH 4.16 18/64] ext4: fix fencepost error in check for inode count overflow during resize Greg Kroah-Hartman
2018-06-24 15:22 ` [PATCH 4.16 19/64] driver core: Dont ignore class_dir_create_and_add() failure Greg Kroah-Hartman
2018-06-24 15:22 ` [PATCH 4.16 20/64] Btrfs: fix clone vs chattr NODATASUM race Greg Kroah-Hartman
2018-06-24 15:22 ` [PATCH 4.16 21/64] Btrfs: fix memory and mount leak in btrfs_ioctl_rm_dev_v2() Greg Kroah-Hartman
2018-06-24 15:22 ` [PATCH 4.16 22/64] btrfs: return error value if create_io_em failed in cow_file_range Greg Kroah-Hartman
2018-06-24 15:22 ` [PATCH 4.16 23/64] btrfs: scrub: Dont use inode pages for device replace Greg Kroah-Hartman
2018-06-24 15:22 ` [PATCH 4.16 24/64] ALSA: usb-audio: Disable the quirk for Nura headset Greg Kroah-Hartman
2018-06-24 15:22 ` [PATCH 4.16 25/64] ALSA: hda/realtek - Enable mic-mute hotkey for several Lenovo AIOs Greg Kroah-Hartman
2018-06-24 15:22 ` [PATCH 4.16 26/64] ALSA: hda/conexant - Add fixup for HP Z2 G4 workstation Greg Kroah-Hartman
2018-06-24 15:22 ` [PATCH 4.16 27/64] ALSA: hda - Handle kzalloc() failure in snd_hda_attach_pcm_stream() Greg Kroah-Hartman
2018-06-24 15:22 ` [PATCH 4.16 28/64] ALSA: hda: add dock and led support for HP EliteBook 830 G5 Greg Kroah-Hartman
2018-06-24 15:22 ` [PATCH 4.16 29/64] ALSA: hda: add dock and led support for HP ProBook 640 G4 Greg Kroah-Hartman
2018-06-24 15:22 ` [PATCH 4.16 30/64] x86/MCE: Fix stack out-of-bounds write in mce-inject.c: Flags_read() Greg Kroah-Hartman
2018-06-24 15:22 ` [4.16,30/64] " Greg Kroah-Hartman
2018-06-24 15:22 ` [PATCH 4.16 31/64] smb3: fix various xid leaks Greg Kroah-Hartman
2018-06-24 15:22 ` [PATCH 4.16 32/64] smb3: on reconnect set PreviousSessionId field Greg Kroah-Hartman
2018-06-24 15:22 ` [PATCH 4.16 33/64] CIFS: 511c54a2f69195b28afb9dd119f03787b1625bb4 adds a check for session expiry Greg Kroah-Hartman
2018-06-24 15:22 ` [PATCH 4.16 34/64] cifs: For SMB2 security informaion query, check for minimum sized security descriptor instead of sizeof FileAllInformation class Greg Kroah-Hartman
2018-06-24 15:22 ` [PATCH 4.16 35/64] nbd: fix nbd device deletion Greg Kroah-Hartman
2018-06-24 15:22 ` [PATCH 4.16 36/64] nbd: update size when connected Greg Kroah-Hartman
2018-06-24 15:22 ` [PATCH 4.16 37/64] nbd: use bd_set_size when updating disk size Greg Kroah-Hartman
2018-06-24 15:22 ` [PATCH 4.16 38/64] blk-mq: reinit q->tag_set_list entry only after grace period Greg Kroah-Hartman
2018-06-24 15:22 ` [PATCH 4.16 39/64] bdi: Move cgroup bdi_writeback to a dedicated low concurrency workqueue Greg Kroah-Hartman
2018-06-24 15:22 ` Greg Kroah-Hartman
2018-06-24 15:22 ` [PATCH 4.16 40/64] cpufreq: Fix new policy initialization during limits updates via sysfs Greg Kroah-Hartman
2018-06-24 15:22 ` [PATCH 4.16 41/64] cpufreq: ti-cpufreq: Fix an incorrect error return value Greg Kroah-Hartman
2018-06-24 15:22 ` [PATCH 4.16 42/64] cpufreq: governors: Fix long idle detection logic in load calculation Greg Kroah-Hartman
2018-06-24 15:22 ` [PATCH 4.16 43/64] libata: zpodd: small read overflow in eject_tray() Greg Kroah-Hartman
2018-06-24 15:22 ` [PATCH 4.16 44/64] libata: Drop SanDisk SD7UB3Q*G1001 NOLPM quirk Greg Kroah-Hartman
2018-06-24 15:22 ` [PATCH 4.16 45/64] nvme/pci: Sync controller reset for AER slot_reset Greg Kroah-Hartman
2018-06-24 15:22 ` [PATCH 4.16 46/64] w1: mxc_w1: Enable clock before calling clk_get_rate() on it Greg Kroah-Hartman
2018-06-24 15:22 ` [PATCH 4.16 47/64] x86/vector: Fix the args of vector_alloc tracepoint Greg Kroah-Hartman
2018-06-24 15:22 ` [PATCH 4.16 48/64] x86/apic/vector: Prevent hlist corruption and leaks Greg Kroah-Hartman
2018-06-24 15:22 ` [PATCH 4.16 49/64] x86/apic: Provide apic_ack_irq() Greg Kroah-Hartman
2018-06-24 15:22 ` [PATCH 4.16 50/64] x86/ioapic: Use apic_ack_irq() Greg Kroah-Hartman
2018-06-24 15:22 ` [PATCH 4.16 51/64] x86/platform/uv: " Greg Kroah-Hartman
2018-06-24 15:22 ` [PATCH 4.16 52/64] irq_remapping: " Greg Kroah-Hartman
2018-06-24 15:22 ` [PATCH 4.16 53/64] genirq/generic_pending: Do not lose pending affinity update Greg Kroah-Hartman
2018-06-24 15:22 ` [PATCH 4.16 54/64] genirq/affinity: Defer affinity setting if irq chip is busy Greg Kroah-Hartman
2018-06-24 15:22 ` [PATCH 4.16 55/64] genirq/migration: Avoid out of line call if pending is not set Greg Kroah-Hartman
2018-06-24 15:22 ` [PATCH 4.16 56/64] x86/intel_rdt: Enable CMT and MBM on new Skylake stepping Greg Kroah-Hartman
2018-06-24 15:22 ` [PATCH 4.16 57/64] iwlwifi: fw: harden page loading code Greg Kroah-Hartman
2018-06-24 15:22 ` [PATCH 4.16 58/64] orangefs: set i_size on new symlink Greg Kroah-Hartman
2018-06-24 15:22 ` [PATCH 4.16 59/64] orangefs: report attributes_mask and attributes for statx Greg Kroah-Hartman
2018-06-24 15:22 ` [PATCH 4.16 60/64] HID: intel_ish-hid: ipc: register more pm callbacks to support hibernation Greg Kroah-Hartman
2018-06-24 15:22 ` [PATCH 4.16 61/64] HID: wacom: Correct logical maximum Y for 2nd-gen Intuos Pro large Greg Kroah-Hartman
2018-06-24 15:22 ` [PATCH 4.16 62/64] vhost: fix info leak due to uninitialized memory Greg Kroah-Hartman
2018-06-24 15:22 ` [PATCH 4.16 63/64] fs/binfmt_misc.c: do not allow offset overflow Greg Kroah-Hartman
2018-06-24 15:22 ` [PATCH 4.16 64/64] mm, page_alloc: do not break __GFP_THISNODE by zonelist reset Greg Kroah-Hartman
2018-06-25 6:40 ` [PATCH 4.16 00/64] 4.16.18-stable review Naresh Kamboju
2018-06-25 17:20 ` Guenter Roeck
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20180624142744.063463910@linuxfoundation.org \
--to=gregkh@linuxfoundation.org \
--cc=bsingharora@gmail.com \
--cc=davem@davemloft.net \
--cc=edumazet@google.com \
--cc=fllinden@amazon.com \
--cc=linux-kernel@vger.kernel.org \
--cc=stable@vger.kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.