LKML Archive on lore.kernel.org
help / color / mirror / Atom feed
From: Willem de Bruijn <willemdebruijn.kernel@gmail.com>
To: Shreyansh Chouhan <chouhan.shreyansh630@gmail.com>
Cc: davem@davemloft.net, yoshfuji@linux-ipv6.org, dsahern@kernel.org,
	kuba@kernel.org, willemdebruijn.kernel@gmail.com,
	netdev@vger.kernel.org, linux-kernel@vger.kernel.org,
	syzbot+ff8e1b9f2f36481e2efc@syzkaller.appspotmail.com
Subject: Re: [PATCH] ip_gre/ip6_gre: add check for invalid csum_start
Date: Thu, 19 Aug 2021 12:56:59 -0400	[thread overview]
Message-ID: <CA+FuTSdsLzjMapC-OGugkSP-ML99xF5UC-FjDhFS1_BDDSJ2sg@mail.gmail.com> (raw)
In-Reply-To: <20210819143447.314539-1-chouhan.shreyansh630@gmail.com>

On Thu, Aug 19, 2021 at 10:35 AM Shreyansh Chouhan
<chouhan.shreyansh630@gmail.com> wrote:
>
> If we get a ip gre packet with TUNNEL_CSUM set, an invalid csum_start
> value causes skb->csum_start offset to be less than the offset for
> skb->data after we pull the ip header from the packet during the
> ipgre_xmit call.
>
> This patch adds a sanity check to gre_handle_offloads, which checks the
> validity of skb->csum_start after we have pulled the ip header from the
> packet in the ipgre_xmit call.
>
> Reported-by: syzbot+ff8e1b9f2f36481e2efc@syzkaller.appspotmail.com
> Signed-off-by: Shreyansh Chouhan <chouhan.shreyansh630@gmail.com>

For the ipv4 portion:

Fixes: c54419321455 ("GRE: Refactor GRE tunneling code.")

For the ipv6 portion:

Fixes: b05229f44228 ("gre6: Cleanup GREv6 transmit path, call common
GRE functions")

It's possible that a similar bug exists before those, but the patch
wouldn't apply anyway.

Technically, for backporting purposes, the patch needs to be split
into two, each with their own Fixes tag. And target [PATCH net]

  reply	other threads:[~2021-08-19 16:57 UTC|newest]

Thread overview: 14+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2021-08-19 14:34 Shreyansh Chouhan
2021-08-19 16:56 ` Willem de Bruijn [this message]
2021-08-19 17:04   ` Jakub Kicinski
2021-08-21  7:14     ` [PATCH 1/2 net] ip_gre: add validation for csum_start Shreyansh Chouhan
2021-08-21 13:41       ` Willem de Bruijn
2021-09-01 11:53         ` Ido Schimmel
2021-09-01 13:46           ` Willem de Bruijn
2021-09-01 15:53             ` Ido Schimmel
2021-09-01 21:39               ` Willem de Bruijn
2021-08-22 20:30       ` patchwork-bot+netdevbpf
2021-08-21  7:14     ` [PATCH 2/2 net] ip6_gre: " Shreyansh Chouhan
2021-08-21 13:42       ` Willem de Bruijn
2021-08-21  7:18     ` [PATCH] ip_gre/ip6_gre: add check for invalid csum_start Shreyansh Chouhan
2021-08-21 13:44       ` Willem de Bruijn

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=CA+FuTSdsLzjMapC-OGugkSP-ML99xF5UC-FjDhFS1_BDDSJ2sg@mail.gmail.com \
    --to=willemdebruijn.kernel@gmail.com \
    --cc=chouhan.shreyansh630@gmail.com \
    --cc=davem@davemloft.net \
    --cc=dsahern@kernel.org \
    --cc=kuba@kernel.org \
    --cc=linux-kernel@vger.kernel.org \
    --cc=netdev@vger.kernel.org \
    --cc=syzbot+ff8e1b9f2f36481e2efc@syzkaller.appspotmail.com \
    --cc=yoshfuji@linux-ipv6.org \
    --subject='Re: [PATCH] ip_gre/ip6_gre: add check for invalid csum_start' \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).