From: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
To: linux-kernel@vger.kernel.org
Cc: Greg Kroah-Hartman <gregkh@linuxfoundation.org>,
stable@vger.kernel.org, Jussi Maki <joamaki@gmail.com>,
Daniel Borkmann <daniel@iogearbox.net>,
Sasha Levin <sashal@kernel.org>
Subject: [PATCH 4.14 70/79] bpf: Set mac_len in bpf_skb_change_head
Date: Mon, 31 May 2021 15:14:55 +0200 [thread overview]
Message-ID: <20210531130638.237257360@linuxfoundation.org> (raw)
In-Reply-To: <20210531130636.002722319@linuxfoundation.org>
From: Jussi Maki <joamaki@gmail.com>
[ Upstream commit 84316ca4e100d8cbfccd9f774e23817cb2059868 ]
The skb_change_head() helper did not set "skb->mac_len", which is
problematic when it's used in combination with skb_redirect_peer().
Without it, redirecting a packet from a L3 device such as wireguard to
the veth peer device will cause skb->data to point to the middle of the
IP header on entry to tcp_v4_rcv() since the L2 header is not pulled
correctly due to mac_len=0.
Fixes: 3a0af8fd61f9 ("bpf: BPF for lightweight tunnel infrastructure")
Signed-off-by: Jussi Maki <joamaki@gmail.com>
Signed-off-by: Daniel Borkmann <daniel@iogearbox.net>
Link: https://lore.kernel.org/bpf/20210519154743.2554771-2-joamaki@gmail.com
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
net/core/filter.c | 1 +
1 file changed, 1 insertion(+)
diff --git a/net/core/filter.c b/net/core/filter.c
index a33cf7b28e4d..40b378bed603 100644
--- a/net/core/filter.c
+++ b/net/core/filter.c
@@ -2438,6 +2438,7 @@ BPF_CALL_3(bpf_skb_change_head, struct sk_buff *, skb, u32, head_room,
__skb_push(skb, head_room);
memset(skb->data, 0, head_room);
skb_reset_mac_header(skb);
+ skb_reset_mac_len(skb);
}
bpf_compute_data_end(skb);
--
2.30.2
next prev parent reply other threads:[~2021-05-31 14:09 UTC|newest]
Thread overview: 83+ messages / expand[flat|nested] mbox.gz Atom feed top
2021-05-31 13:13 [PATCH 4.14 00/79] 4.14.235-rc1 review Greg Kroah-Hartman
2021-05-31 13:13 ` [PATCH 4.14 01/79] mm, vmstat: drop zone->lock in /proc/pagetypeinfo Greg Kroah-Hartman
2021-05-31 13:13 ` [PATCH 4.14 02/79] tweewide: Fix most Shebang lines Greg Kroah-Hartman
2021-05-31 13:13 ` [PATCH 4.14 03/79] scripts: switch explicitly to Python 3 Greg Kroah-Hartman
2021-05-31 13:13 ` [PATCH 4.14 04/79] usb: dwc3: gadget: Enable suspend events Greg Kroah-Hartman
2021-05-31 13:13 ` [PATCH 4.14 05/79] netfilter: x_tables: Use correct memory barriers Greg Kroah-Hartman
2021-05-31 13:13 ` [PATCH 4.14 06/79] NFC: nci: fix memory leak in nci_allocate_device Greg Kroah-Hartman
2021-05-31 13:13 ` [PATCH 4.14 07/79] NFSv4: Fix a NULL pointer dereference in pnfs_mark_matching_lsegs_return() Greg Kroah-Hartman
2021-05-31 13:13 ` [PATCH 4.14 08/79] iommu/vt-d: Fix sysfs leak in alloc_iommu() Greg Kroah-Hartman
2021-05-31 13:13 ` [PATCH 4.14 09/79] perf intel-pt: Fix sample instruction bytes Greg Kroah-Hartman
2021-05-31 13:13 ` [PATCH 4.14 10/79] perf intel-pt: Fix transaction abort handling Greg Kroah-Hartman
2021-05-31 13:13 ` [PATCH 4.14 11/79] proc: Check /proc/$pid/attr/ writes against file opener Greg Kroah-Hartman
2021-05-31 13:13 ` [PATCH 4.14 12/79] net: hso: fix control-request directions Greg Kroah-Hartman
2021-05-31 13:13 ` [PATCH 4.14 13/79] mac80211: assure all fragments are encrypted Greg Kroah-Hartman
2021-05-31 13:13 ` [PATCH 4.14 14/79] mac80211: prevent mixed key and fragment cache attacks Greg Kroah-Hartman
2021-05-31 13:14 ` [PATCH 4.14 15/79] cfg80211: mitigate A-MSDU aggregation attacks Greg Kroah-Hartman
2021-05-31 13:14 ` [PATCH 4.14 16/79] mac80211: check defrag PN against current frame Greg Kroah-Hartman
2021-05-31 13:14 ` [PATCH 4.14 17/79] ath10k: Validate first subframe of A-MSDU before processing the list Greg Kroah-Hartman
2021-05-31 13:14 ` [PATCH 4.14 18/79] dm snapshot: properly fix a crash when an origin has no snapshots Greg Kroah-Hartman
2021-05-31 13:14 ` [PATCH 4.14 19/79] kgdb: fix gcc-11 warnings harder Greg Kroah-Hartman
2021-05-31 13:14 ` [PATCH 4.14 20/79] misc/uss720: fix memory leak in uss720_probe Greg Kroah-Hartman
2021-05-31 13:14 ` [PATCH 4.14 21/79] thunderbolt: dma_port: Fix NVM read buffer bounds and offset issue Greg Kroah-Hartman
2021-05-31 13:14 ` [PATCH 4.14 22/79] mei: request autosuspend after sending rx flow control Greg Kroah-Hartman
2021-05-31 13:14 ` [PATCH 4.14 23/79] staging: iio: cdc: ad7746: avoid overwrite of num_channels Greg Kroah-Hartman
2021-05-31 13:14 ` [PATCH 4.14 24/79] iio: adc: ad7793: Add missing error code in ad7793_setup() Greg Kroah-Hartman
2021-05-31 13:14 ` [PATCH 4.14 25/79] USB: trancevibrator: fix control-request direction Greg Kroah-Hartman
2021-05-31 13:14 ` [PATCH 4.14 26/79] serial: sh-sci: Fix off-by-one error in FIFO threshold register setting Greg Kroah-Hartman
2021-05-31 13:14 ` [PATCH 4.14 27/79] serial: rp2: use request_firmware instead of request_firmware_nowait Greg Kroah-Hartman
2021-05-31 13:14 ` [PATCH 4.14 28/79] USB: serial: ti_usb_3410_5052: add startech.com device id Greg Kroah-Hartman
2021-05-31 13:14 ` [PATCH 4.14 29/79] USB: serial: option: add Telit LE910-S1 compositions 0x7010, 0x7011 Greg Kroah-Hartman
2021-05-31 13:14 ` [PATCH 4.14 30/79] USB: serial: ftdi_sio: add IDs for IDS GmbH Products Greg Kroah-Hartman
2021-05-31 13:14 ` [PATCH 4.14 31/79] USB: serial: pl2303: add device id for ADLINK ND-6530 GC Greg Kroah-Hartman
2021-05-31 13:14 ` [PATCH 4.14 32/79] usb: gadget: udc: renesas_usb3: Fix a race in usb3_start_pipen() Greg Kroah-Hartman
2021-05-31 13:14 ` [PATCH 4.14 33/79] net: usb: fix memory leak in smsc75xx_bind Greg Kroah-Hartman
2021-05-31 13:14 ` [PATCH 4.14 34/79] Bluetooth: cmtp: fix file refcount when cmtp_attach_device fails Greg Kroah-Hartman
2021-05-31 13:14 ` [PATCH 4.14 35/79] NFS: fix an incorrect limit in filelayout_decode_layout() Greg Kroah-Hartman
2021-05-31 13:14 ` [PATCH 4.14 36/79] NFS: Dont corrupt the value of pg_bytes_written in nfs_do_recoalesce() Greg Kroah-Hartman
2021-05-31 13:14 ` [PATCH 4.14 37/79] NFSv4: Fix v4.0/v4.1 SEEK_DATA return -ENOTSUPP when set NFS_V4_2 config Greg Kroah-Hartman
2021-05-31 13:14 ` [PATCH 4.14 38/79] drm/meson: fix shutdown crash when component not probed Greg Kroah-Hartman
2021-05-31 13:14 ` [PATCH 4.14 39/79] net/mlx4: Fix EEPROM dump support Greg Kroah-Hartman
2021-05-31 13:14 ` [PATCH 4.14 40/79] Revert "net:tipc: Fix a double free in tipc_sk_mcast_rcv" Greg Kroah-Hartman
2021-05-31 13:14 ` [PATCH 4.14 41/79] tipc: skb_linearize the head skb when reassembling msgs Greg Kroah-Hartman
2021-05-31 13:14 ` [PATCH 4.14 42/79] i2c: s3c2410: fix possible NULL pointer deref on read message after write Greg Kroah-Hartman
2021-05-31 13:14 ` [PATCH 4.14 43/79] i2c: i801: Dont generate an interrupt on bus reset Greg Kroah-Hartman
2021-05-31 13:14 ` [PATCH 4.14 44/79] perf jevents: Fix getting maximum number of fds Greg Kroah-Hartman
2021-05-31 13:14 ` [PATCH 4.14 45/79] platform/x86: hp_accel: Avoid invoking _INI to speed up resume Greg Kroah-Hartman
2021-05-31 13:14 ` [PATCH 4.14 46/79] serial: max310x: unregister uart driver in case of failure and abort Greg Kroah-Hartman
2021-05-31 13:14 ` [PATCH 4.14 47/79] net: fujitsu: fix potential null-ptr-deref Greg Kroah-Hartman
2021-05-31 13:14 ` [PATCH 4.14 48/79] net: caif: remove BUG_ON(dev == NULL) in caif_xmit Greg Kroah-Hartman
2021-05-31 13:14 ` [PATCH 4.14 49/79] char: hpet: add checks after calling ioremap Greg Kroah-Hartman
2021-05-31 13:14 ` [PATCH 4.14 50/79] ALSA: sb8: Add a comment note regarding an unused pointer Greg Kroah-Hartman
2021-05-31 13:14 ` [PATCH 4.14 51/79] isdn: mISDNinfineon: check/cleanup ioremap failure correctly in setup_io Greg Kroah-Hartman
2021-05-31 13:14 ` [PATCH 4.14 52/79] dmaengine: qcom_hidma: comment platform_driver_register call Greg Kroah-Hartman
2021-05-31 13:14 ` [PATCH 4.14 53/79] libertas: register sysfs groups properly Greg Kroah-Hartman
2021-05-31 13:14 ` [PATCH 4.14 54/79] media: dvb: Add check on sp8870_readreg return Greg Kroah-Hartman
2021-05-31 13:14 ` [PATCH 4.14 55/79] media: gspca: properly check for errors in po1030_probe() Greg Kroah-Hartman
2021-05-31 13:14 ` [PATCH 4.14 56/79] scsi: BusLogic: Fix 64-bit system enumeration error for Buslogic Greg Kroah-Hartman
2021-05-31 13:14 ` [PATCH 4.14 57/79] openrisc: Define memory barrier mb Greg Kroah-Hartman
2021-05-31 13:14 ` [PATCH 4.14 58/79] btrfs: do not BUG_ON in link_to_fixup_dir Greg Kroah-Hartman
2021-05-31 13:14 ` [PATCH 4.14 59/79] platform/x86: hp-wireless: add AMDs hardware id to the supported list Greg Kroah-Hartman
2021-05-31 13:14 ` [PATCH 4.14 60/79] platform/x86: intel_punit_ipc: Append MODULE_DEVICE_TABLE for ACPI Greg Kroah-Hartman
2021-05-31 13:14 ` [PATCH 4.14 61/79] SMB3: incorrect file id in requests compounded with open Greg Kroah-Hartman
2021-05-31 13:14 ` [PATCH 4.14 62/79] drm/amdgpu: Fix a use-after-free Greg Kroah-Hartman
2021-05-31 13:14 ` [PATCH 4.14 63/79] net: netcp: Fix an error message Greg Kroah-Hartman
2021-05-31 18:45 ` Marion & Christophe JAILLET
2021-05-31 13:14 ` [PATCH 4.14 64/79] net: mdio: thunder: Fix a double free issue in the .remove function Greg Kroah-Hartman
2021-05-31 13:14 ` [PATCH 4.14 65/79] net: mdio: octeon: Fix some double free issues Greg Kroah-Hartman
2021-05-31 13:14 ` [PATCH 4.14 66/79] net: bnx2: Fix error return code in bnx2_init_board() Greg Kroah-Hartman
2021-05-31 13:14 ` [PATCH 4.14 67/79] mld: fix panic in mld_newpack() Greg Kroah-Hartman
2021-05-31 13:14 ` [PATCH 4.14 68/79] staging: emxx_udc: fix loop in _nbu2ss_nuke() Greg Kroah-Hartman
2021-05-31 13:14 ` [PATCH 4.14 69/79] ASoC: cs35l33: fix an error code in probe() Greg Kroah-Hartman
2021-05-31 13:14 ` Greg Kroah-Hartman [this message]
2021-05-31 13:14 ` [PATCH 4.14 71/79] ixgbe: fix large MTU request from VF Greg Kroah-Hartman
2021-05-31 13:14 ` [PATCH 4.14 72/79] scsi: libsas: Use _safe() loop in sas_resume_port() Greg Kroah-Hartman
2021-05-31 13:14 ` [PATCH 4.14 73/79] ipv6: record frag_max_size in atomic fragments in input path Greg Kroah-Hartman
2021-05-31 13:14 ` [PATCH 4.14 74/79] sch_dsmark: fix a NULL deref in qdisc_reset() Greg Kroah-Hartman
2021-05-31 13:15 ` [PATCH 4.14 75/79] MIPS: alchemy: xxs1500: add gpio-au1000.h header file Greg Kroah-Hartman
2021-05-31 13:15 ` [PATCH 4.14 76/79] MIPS: ralink: export rt_sysc_membase for rt2880_wdt.c Greg Kroah-Hartman
2021-05-31 13:15 ` [PATCH 4.14 77/79] hugetlbfs: hugetlb_fault_mutex_hash() cleanup Greg Kroah-Hartman
2021-05-31 13:15 ` [PATCH 4.14 78/79] drivers/net/ethernet: clean up unused assignments Greg Kroah-Hartman
2021-05-31 13:15 ` [PATCH 4.14 79/79] usb: core: reduce power-on-good delay time of root hub Greg Kroah-Hartman
2021-06-01 10:36 ` [PATCH 4.14 00/79] 4.14.235-rc1 review Naresh Kamboju
2021-06-02 1:46 ` Samuel Zou
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20210531130638.237257360@linuxfoundation.org \
--to=gregkh@linuxfoundation.org \
--cc=daniel@iogearbox.net \
--cc=joamaki@gmail.com \
--cc=linux-kernel@vger.kernel.org \
--cc=sashal@kernel.org \
--cc=stable@vger.kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).