[PATCH 4.9 24/96] net: avoid use IPCB in cipso_v4_error

public inbox for linux-kernel@vger.kernel.org
 help / color / mirror / Atom feed

From: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
To: linux-kernel@vger.kernel.org
Cc: Greg Kroah-Hartman <gregkh@linuxfoundation.org>,
	stable@vger.kernel.org, Sergey Nazarov <s-nazarov@yandex.ru>,
	Paul Moore <paul@paul-moore.com>,
	"David S. Miller" <davem@davemloft.net>
Subject: [PATCH 4.9 24/96] net: avoid use IPCB in cipso_v4_error
Date: Tue, 12 Mar 2019 10:09:42 -0700	[thread overview]
Message-ID: <20190312171036.336578669@linuxfoundation.org> (raw)
In-Reply-To: <20190312171034.530434962@linuxfoundation.org>

4.9-stable review patch.  If anyone has any objections, please let me know.

------------------

From: Nazarov Sergey <s-nazarov@yandex.ru>

[ Upstream commit 3da1ed7ac398f34fff1694017a07054d69c5f5c5 ]

Extract IP options in cipso_v4_error and use __icmp_send.

Signed-off-by: Sergey Nazarov <s-nazarov@yandex.ru>
Acked-by: Paul Moore <paul@paul-moore.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
 include/net/ip.h      |    2 ++
 net/ipv4/cipso_ipv4.c |   17 +++++++++++++++--
 net/ipv4/ip_options.c |   22 +++++++++++++++++-----
 3 files changed, 34 insertions(+), 7 deletions(-)

--- a/include/net/ip.h
+++ b/include/net/ip.h
@@ -570,6 +570,8 @@ static inline int ip_options_echo(struct
 }
 
 void ip_options_fragment(struct sk_buff *skb);
+int __ip_options_compile(struct net *net, struct ip_options *opt,
+			 struct sk_buff *skb, __be32 *info);
 int ip_options_compile(struct net *net, struct ip_options *opt,
 		       struct sk_buff *skb);
 int ip_options_get(struct net *net, struct ip_options_rcu **optp,
--- a/net/ipv4/cipso_ipv4.c
+++ b/net/ipv4/cipso_ipv4.c
@@ -1736,13 +1736,26 @@ validate_return:
  */
 void cipso_v4_error(struct sk_buff *skb, int error, u32 gateway)
 {
+	unsigned char optbuf[sizeof(struct ip_options) + 40];
+	struct ip_options *opt = (struct ip_options *)optbuf;
+
 	if (ip_hdr(skb)->protocol == IPPROTO_ICMP || error != -EACCES)
 		return;
 
+	/*
+	 * We might be called above the IP layer,
+	 * so we can not use icmp_send and IPCB here.
+	 */
+
+	memset(opt, 0, sizeof(struct ip_options));
+	opt->optlen = ip_hdr(skb)->ihl*4 - sizeof(struct iphdr);
+	if (__ip_options_compile(dev_net(skb->dev), opt, skb, NULL))
+		return;
+
 	if (gateway)
-		icmp_send(skb, ICMP_DEST_UNREACH, ICMP_NET_ANO, 0);
+		__icmp_send(skb, ICMP_DEST_UNREACH, ICMP_NET_ANO, 0, opt);
 	else
-		icmp_send(skb, ICMP_DEST_UNREACH, ICMP_HOST_ANO, 0);
+		__icmp_send(skb, ICMP_DEST_UNREACH, ICMP_HOST_ANO, 0, opt);
 }
 
 /**
--- a/net/ipv4/ip_options.c
+++ b/net/ipv4/ip_options.c
@@ -253,8 +253,9 @@ static void spec_dst_fill(__be32 *spec_d
  * If opt == NULL, then skb->data should point to IP header.
  */
 
-int ip_options_compile(struct net *net,
-		       struct ip_options *opt, struct sk_buff *skb)
+int __ip_options_compile(struct net *net,
+			 struct ip_options *opt, struct sk_buff *skb,
+			 __be32 *info)
 {
 	__be32 spec_dst = htonl(INADDR_ANY);
 	unsigned char *pp_ptr = NULL;
@@ -470,11 +471,22 @@ eol:
 		return 0;
 
 error:
-	if (skb) {
-		icmp_send(skb, ICMP_PARAMETERPROB, 0, htonl((pp_ptr-iph)<<24));
-	}
+	if (info)
+		*info = htonl((pp_ptr-iph)<<24);
 	return -EINVAL;
 }
+
+int ip_options_compile(struct net *net,
+		       struct ip_options *opt, struct sk_buff *skb)
+{
+	int ret;
+	__be32 info;
+
+	ret = __ip_options_compile(net, opt, skb, &info);
+	if (ret != 0 && skb)
+		icmp_send(skb, ICMP_PARAMETERPROB, 0, info);
+	return ret;
+}
 EXPORT_SYMBOL(ip_options_compile);
 
 /*

next prev parent reply	other threads:[~2019-03-12 17:27 UTC|newest]

Thread overview: 108+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2019-03-12 17:09 [PATCH 4.9 00/96] 4.9.163-stable review Greg Kroah-Hartman
2019-03-12 17:09 ` [PATCH 4.9 01/96] USB: serial: option: add Telit ME910 ECM composition Greg Kroah-Hartman
2019-03-12 17:09 ` [PATCH 4.9 02/96] USB: serial: cp210x: add ID for Ingenico 3070 Greg Kroah-Hartman
2019-03-12 17:09 ` [PATCH 4.9 03/96] USB: serial: ftdi_sio: add ID for Hjelmslund Electronics USB485 Greg Kroah-Hartman
2019-03-12 17:09 ` [PATCH 4.9 04/96] cpufreq: Use struct kobj_attribute instead of struct global_attr Greg Kroah-Hartman
2019-03-12 17:09 ` [PATCH 4.9 05/96] ncpfs: fix build warning of strncpy Greg Kroah-Hartman
2019-03-12 17:09 ` [PATCH 4.9 06/96] isdn: isdn_tty: " Greg Kroah-Hartman
2019-03-12 17:09 ` [PATCH 4.9 07/96] staging: comedi: ni_660x: fix missing break in switch statement Greg Kroah-Hartman
2019-03-12 17:09 ` [PATCH 4.9 08/96] staging: wilc1000: fix to set correct value for vif_num Greg Kroah-Hartman
2019-03-12 17:09 ` [PATCH 4.9 09/96] staging: android: ion: fix sys heap pools gfp_flags Greg Kroah-Hartman
2019-03-12 17:09 ` [PATCH 4.9 10/96] ip6mr: Do not call __IP6_INC_STATS() from preemptible context Greg Kroah-Hartman
2019-03-12 17:09 ` [PATCH 4.9 11/96] net-sysfs: Fix mem leak in netdev_register_kobject Greg Kroah-Hartman
2019-03-12 17:09 ` [PATCH 4.9 12/96] sky2: Disable MSI on Dell Inspiron 1545 and Gateway P-79 Greg Kroah-Hartman
2019-03-12 17:09 ` [PATCH 4.9 13/96] team: Free BPF filter when unregistering netdev Greg Kroah-Hartman
2019-03-12 17:09 ` [PATCH 4.9 14/96] bnxt_en: Drop oversize TX packets to prevent errors Greg Kroah-Hartman
2019-03-12 17:09 ` [PATCH 4.9 15/96] hv_netvsc: Fix IP header checksum for coalesced packets Greg Kroah-Hartman
2019-03-12 17:09 ` [PATCH 4.9 16/96] net: dsa: mv88e6xxx: Fix u64 statistics Greg Kroah-Hartman
2019-03-12 17:09 ` [PATCH 4.9 17/96] netlabel: fix out-of-bounds memory accesses Greg Kroah-Hartman
2019-03-12 17:09 ` [PATCH 4.9 18/96] net: netem: fix skb length BUG_ON in __skb_to_sgvec Greg Kroah-Hartman
2019-03-12 17:09 ` [PATCH 4.9 19/96] net: nfc: Fix NULL dereference on nfc_llcp_build_tlv fails Greg Kroah-Hartman
2019-03-12 17:09 ` [PATCH 4.9 20/96] net: sit: fix memory leak in sit_init_net() Greg Kroah-Hartman
2019-03-12 17:09 ` [PATCH 4.9 21/96] xen-netback: dont populate the hash cache on XenBus disconnect Greg Kroah-Hartman
2019-03-12 17:09 ` [PATCH 4.9 22/96] xen-netback: fix occasional leak of grant ref mappings under memory pressure Greg Kroah-Hartman
2019-03-12 17:09 ` [PATCH 4.9 23/96] net: Add __icmp_send helper Greg Kroah-Hartman
2019-03-12 17:09 ` Greg Kroah-Hartman [this message]
2019-03-12 17:09 ` [PATCH 4.9 25/96] tun: fix blocking read Greg Kroah-Hartman
2019-03-12 17:09 ` [PATCH 4.9 26/96] tun: remove unnecessary memory barrier Greg Kroah-Hartman
2019-03-12 17:09 ` [PATCH 4.9 27/96] net: phy: Micrel KSZ8061: link failure after cable connect Greg Kroah-Hartman
2019-03-12 17:09 ` [PATCH 4.9 28/96] x86/CPU/AMD: Set the CPB bit unconditionally on F17h Greg Kroah-Hartman
2019-03-12 17:09 ` [PATCH 4.9 29/96] applicom: Fix potential Spectre v1 vulnerabilities Greg Kroah-Hartman
2019-03-12 17:09 ` [PATCH 4.9 30/96] MIPS: irq: Allocate accurate order pages for irq stack Greg Kroah-Hartman
2019-03-12 17:09 ` [PATCH 4.9 31/96] hugetlbfs: fix races and page leaks during migration Greg Kroah-Hartman
2019-03-12 17:09 ` [PATCH 4.9 32/96] exec: Fix mem leak in kernel_read_file Greg Kroah-Hartman
2019-03-12 17:09 ` [PATCH 4.9 33/96] media: uvcvideo: Fix type check leading to overflow Greg Kroah-Hartman
2019-03-12 17:09 ` [PATCH 4.9 34/96] vti4: Fix a ipip packet processing bug in IPCOMP virtual tunnel Greg Kroah-Hartman
2019-03-12 17:09 ` [PATCH 4.9 35/96] perf core: Fix perf_proc_update_handler() bug Greg Kroah-Hartman
2019-03-12 17:09 ` [PATCH 4.9 36/96] perf tools: Handle TOPOLOGY headers with no CPU Greg Kroah-Hartman
2019-03-12 17:09 ` [PATCH 4.9 37/96] IB/{hfi1, qib}: Fix WC.byte_len calculation for UD_SEND_WITH_IMM Greg Kroah-Hartman
2019-03-12 17:09 ` [PATCH 4.9 38/96] iommu/amd: Call free_iova_fast with pfn in map_sg Greg Kroah-Hartman
2019-03-12 17:09 ` [PATCH 4.9 39/96] iommu/amd: Unmap all mapped pages in error path of map_sg Greg Kroah-Hartman
2019-03-12 17:09 ` [PATCH 4.9 40/96] ipvs: Fix signed integer overflow when setsockopt timeout Greg Kroah-Hartman
2019-03-12 17:09 ` [PATCH 4.9 41/96] iommu/amd: Fix IOMMU page flush when detach device from a domain Greg Kroah-Hartman
2019-03-12 17:10 ` [PATCH 4.9 42/96] xtensa: SMP: fix ccount_timer_shutdown Greg Kroah-Hartman
2019-03-12 17:10 ` [PATCH 4.9 43/96] xtensa: SMP: fix secondary CPU initialization Greg Kroah-Hartman
2019-03-12 17:10 ` [PATCH 4.9 44/96] xtensa: smp_lx200_defconfig: fix vectors clash Greg Kroah-Hartman
2019-03-12 17:10 ` [PATCH 4.9 45/96] xtensa: SMP: mark each possible CPU as present Greg Kroah-Hartman
2019-03-12 17:10 ` [PATCH 4.9 46/96] xtensa: SMP: limit number of possible CPUs by NR_CPUS Greg Kroah-Hartman
2019-03-12 17:10 ` [PATCH 4.9 47/96] net: altera_tse: fix msgdma_tx_completion on non-zero fill_level case Greg Kroah-Hartman
2019-03-12 17:10 ` [PATCH 4.9 48/96] net: hns: Fix for missing of_node_put() after of_parse_phandle() Greg Kroah-Hartman
2019-03-12 17:10 ` [PATCH 4.9 49/96] net: hns: Fix wrong read accesses via Clause 45 MDIO protocol Greg Kroah-Hartman
2019-03-12 17:10 ` [PATCH 4.9 50/96] net: stmmac: dwmac-rk: fix error handling in rk_gmac_powerup() Greg Kroah-Hartman
2019-03-12 17:10 ` [PATCH 4.9 51/96] gpio: vf610: Mask all GPIO interrupts Greg Kroah-Hartman
2019-03-12 17:10 ` [PATCH 4.9 52/96] nfs: Fix NULL pointer dereference of dev_name Greg Kroah-Hartman
2019-03-12 17:10 ` [PATCH 4.9 53/96] qed: Fix VF probe failure while FLR Greg Kroah-Hartman
2019-03-12 17:10 ` [PATCH 4.9 54/96] scsi: libfc: free skb when receiving invalid flogi resp Greg Kroah-Hartman
2019-03-12 17:10 ` [PATCH 4.9 55/96] platform/x86: Fix unmet dependency warning for SAMSUNG_Q10 Greg Kroah-Hartman
2019-03-12 17:10 ` [PATCH 4.9 56/96] cifs: fix computation for MAX_SMB2_HDR_SIZE Greg Kroah-Hartman
2019-03-12 17:10 ` [PATCH 4.9 57/96] arm64: kprobe: Always blacklist the KVM world-switch code Greg Kroah-Hartman
2019-03-12 17:10 ` [PATCH 4.9 58/96] x86/kexec: Dont setup EFI info if EFI runtime is not enabled Greg Kroah-Hartman
2019-03-12 17:10 ` [PATCH 4.9 59/96] x86_64: increase stack size for KASAN_EXTRA Greg Kroah-Hartman
2019-03-12 17:10 ` [PATCH 4.9 60/96] mm, memory_hotplug: is_mem_section_removable do not pass the end of a zone Greg Kroah-Hartman
2019-03-12 17:10 ` [PATCH 4.9 61/96] mm, memory_hotplug: test_pages_in_a_zone do not pass the end of zone Greg Kroah-Hartman
2019-03-12 17:10 ` [PATCH 4.9 62/96] fs/drop_caches.c: avoid softlockups in drop_pagecache_sb() Greg Kroah-Hartman
2019-03-12 17:10 ` [PATCH 4.9 63/96] autofs: drop dentry reference only when it is never used Greg Kroah-Hartman
2019-03-12 17:10 ` [PATCH 4.9 64/96] autofs: fix error return in autofs_fill_super() Greg Kroah-Hartman
2019-03-12 17:10 ` [PATCH 4.9 65/96] soc: fsl: qbman: avoid race in clearing QMan interrupt Greg Kroah-Hartman
2019-03-12 17:10 ` [PATCH 4.9 66/96] ARM: pxa: ssp: unneeded to free devm_ allocated data Greg Kroah-Hartman
2019-03-12 17:10 ` [PATCH 4.9 67/96] arm64: dts: add msm8996 compatible to gicv3 Greg Kroah-Hartman
2019-03-12 17:10 ` [PATCH 4.9 68/96] usb: phy: fix link errors Greg Kroah-Hartman
2019-03-12 17:10 ` [PATCH 4.9 69/96] irqchip/mmp: Only touch the PJ4 IRQ & FIQ bits on enable/disable Greg Kroah-Hartman
2019-03-12 17:10 ` [PATCH 4.9 70/96] drm/sun4i: tcon: Prepare and enable TCON channel 0 clock at init Greg Kroah-Hartman
2019-03-12 17:10 ` [PATCH 4.9 71/96] dmaengine: at_xdmac: Fix wrongfull report of a channel as in use Greg Kroah-Hartman
2019-03-12 17:10 ` [PATCH 4.9 72/96] vsock/virtio: fix kernel panic after device hot-unplug Greg Kroah-Hartman
2019-03-12 17:10 ` [PATCH 4.9 73/96] vsock/virtio: reset connected sockets on device removal Greg Kroah-Hartman
2019-03-12 17:10 ` [PATCH 4.9 74/96] dmaengine: dmatest: Abort test in case of mapping error Greg Kroah-Hartman
2019-03-12 17:10 ` [PATCH 4.9 75/96] selftests: netfilter: fix config fragment CONFIG_NF_TABLES_INET Greg Kroah-Hartman
2019-03-12 17:10 ` [PATCH 4.9 76/96] selftests: netfilter: add simple masq/redirect test cases Greg Kroah-Hartman
2019-03-12 17:10 ` [PATCH 4.9 77/96] netfilter: nf_nat: skip nat clash resolution for same-origin entries Greg Kroah-Hartman
2019-03-12 17:10 ` [PATCH 4.9 78/96] s390/qeth: fix use-after-free in error path Greg Kroah-Hartman
2019-03-12 17:10 ` [PATCH 4.9 79/96] perf symbols: Filter out hidden symbols from labels Greg Kroah-Hartman
2019-03-12 17:10 ` [PATCH 4.9 80/96] perf trace: Support multiple "vfs_getname" probes Greg Kroah-Hartman
2019-03-12 17:10 ` [PATCH 4.9 81/96] MIPS: Loongson: Introduce and use loongson_llsc_mb() Greg Kroah-Hartman
2019-03-12 17:10 ` [PATCH 4.9 82/96] MIPS: Remove function size check in get_frame_info() Greg Kroah-Hartman
2019-03-12 17:10 ` [PATCH 4.9 83/96] fs: ratelimit __find_get_block_slow() failure message Greg Kroah-Hartman
2019-03-12 17:10 ` [PATCH 4.9 84/96] Input: wacom_serial4 - add support for Wacom ArtPad II tablet Greg Kroah-Hartman
2019-03-12 17:10 ` [PATCH 4.9 85/96] Input: elan_i2c - add id for touchpad found in Lenovo s21e-20 Greg Kroah-Hartman
2019-03-12 17:10 ` [PATCH 4.9 86/96] iscsi_ibft: Fix missing break in switch statement Greg Kroah-Hartman
2019-03-12 17:10 ` [PATCH 4.9 87/96] scsi: aacraid: " Greg Kroah-Hartman
2019-03-12 17:10 ` [PATCH 4.9 88/96] futex,rt_mutex: Restructure rt_mutex_finish_proxy_lock() Greg Kroah-Hartman
2019-03-12 17:10 ` [PATCH 4.9 89/96] ARM: dts: exynos: Fix pinctrl definition for eMMC RTSN line on Odroid X2/U3 Greg Kroah-Hartman
2019-03-12 17:10 ` [PATCH 4.9 90/96] ARM: dts: exynos: Add minimal clkout parameters to Exynos3250 PMU Greg Kroah-Hartman
2019-03-12 17:10 ` [PATCH 4.9 91/96] drm: disable uncached DMA optimization for ARM and arm64 Greg Kroah-Hartman
2019-03-12 17:10 ` [PATCH 4.9 92/96] ARM: 8781/1: Fix Thumb-2 syscall return for binutils 2.29+ Greg Kroah-Hartman
2019-03-12 17:10 ` [PATCH 4.9 93/96] ARM: dts: exynos: Do not ignore real-world fuse values for thermal zone 0 on Exynos5420 Greg Kroah-Hartman
2019-03-12 17:10 ` [PATCH 4.9 94/96] perf/x86/intel: Make cpuc allocations consistent Greg Kroah-Hartman
2019-03-12 17:10 ` [PATCH 4.9 95/96] perf/x86/intel: Generalize dynamic constraint creation Greg Kroah-Hartman
2019-03-12 17:10 ` [PATCH 4.9 96/96] x86: Add TSX Force Abort CPUID/MSR Greg Kroah-Hartman
2019-03-12 23:02 ` [PATCH 4.9 00/96] 4.9.163-stable review kernelci.org bot
2019-03-13  3:32 ` Naresh Kamboju
2019-03-13 14:44 ` Guenter Roeck
2019-03-13 15:14   ` Greg Kroah-Hartman
2019-03-13 16:32     ` Guenter Roeck
2019-03-13 17:58     ` Greg Kroah-Hartman
2019-03-13 18:23       ` Daniel Díaz
2019-03-13 17:35 ` Jon Hunter
2019-03-13 20:34 ` Guenter Roeck
2019-03-13 20:49   ` Greg Kroah-Hartman
2019-03-13 22:06     ` Guenter Roeck

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=20190312171036.336578669@linuxfoundation.org \
    --to=gregkh@linuxfoundation.org \
    --cc=davem@davemloft.net \
    --cc=linux-kernel@vger.kernel.org \
    --cc=paul@paul-moore.com \
    --cc=s-nazarov@yandex.ru \
    --cc=stable@vger.kernel.org \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

Be sure your reply has a Subject: header at the top and a blank line before the message body.

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox