diff options
| author | Linus Torvalds <torvalds@linux-foundation.org> | 2021-12-30 22:12:12 +0300 |
|---|---|---|
| committer | Linus Torvalds <torvalds@linux-foundation.org> | 2021-12-30 22:12:12 +0300 |
| commit | 74c78b4291b4466b44a57b3b7c3b98ad02628686 (patch) | |
| tree | 56ce20b0f82e52645e42b8afc84f61bea6d63bd1 /net/ipv6 | |
| parent | 9bad743e8d221c1be8fa80f0e76102234e472ac3 (diff) | |
| parent | bf2b09fedc17248b315f80fb249087b7d28a69a6 (diff) | |
| download | linux-74c78b4291b4466b44a57b3b7c3b98ad02628686.tar.xz | |
Merge tag 'net-5.16-rc8' of git://git.kernel.org/pub/scm/linux/kernel/git/netdev/net
Pull networking fixes from Jakub Kicinski:
"Including fixes from.. Santa?
No regressions on our radar at this point. The igc problem fixed here
was the last one I was tracking but it was broken in previous
releases, anyway. Mostly driver fixes and a couple of largish SMC
fixes.
Current release - regressions:
- xsk: initialise xskb free_list_node, fixup for a -rc7 fix
Current release - new code bugs:
- mlx5: handful of minor fixes:
- use first online CPU instead of hard coded CPU
- fix some error handling paths in 'mlx5e_tc_add_fdb_flow()'
- fix skb memory leak when TC classifier action offloads are disabled
- fix memory leak with rules with internal OvS port
Previous releases - regressions:
- igc: do not enable crosstimestamping for i225-V models
Previous releases - always broken:
- udp: use datalen to cap ipv6 udp max gso segments
- fix use-after-free in tw_timer_handler due to early free of stats
- smc: fix kernel panic caused by race of smc_sock
- smc: don't send CDC/LLC message if link not ready, avoid timeouts
- sctp: use call_rcu to free endpoint, avoid UAF in sock diag
- bridge: mcast: add and enforce query interval minimum
- usb: pegasus: do not drop long Ethernet frames
- mlx5e: fix ICOSQ recovery flow for XSK
- nfc: uapi: use kernel size_t to fix user-space builds"
* tag 'net-5.16-rc8' of git://git.kernel.org/pub/scm/linux/kernel/git/netdev/net: (47 commits)
fsl/fman: Fix missing put_device() call in fman_port_probe
selftests: net: using ping6 for IPv6 in udpgro_fwd.sh
Documentation: fix outdated interpretation of ip_no_pmtu_disc
net/ncsi: check for error return from call to nla_put_u32
net: bridge: mcast: fix br_multicast_ctx_vlan_global_disabled helper
net: fix use-after-free in tw_timer_handler
selftests: net: Fix a typo in udpgro_fwd.sh
selftests/net: udpgso_bench_tx: fix dst ip argument
net: bridge: mcast: add and enforce startup query interval minimum
net: bridge: mcast: add and enforce query interval minimum
ipv6: raw: check passed optlen before reading
xsk: Initialise xskb free_list_node
net/mlx5e: Fix wrong features assignment in case of error
net/mlx5e: TC, Fix memory leak with rules with internal port
ionic: Initialize the 'lif->dbid_inuse' bitmap
igc: Fix TX timestamp support for non-MSI-X platforms
igc: Do not enable crosstimestamping for i225-V models
net/smc: fix kernel panic caused by race of smc_sock
net/smc: don't send CDC/LLC message if link not ready
NFC: st21nfca: Fix memory leak in device probe and remove
...
Diffstat (limited to 'net/ipv6')
| -rw-r--r-- | net/ipv6/ip6_vti.c | 2 | ||||
| -rw-r--r-- | net/ipv6/raw.c | 3 | ||||
| -rw-r--r-- | net/ipv6/udp.c | 2 |
3 files changed, 6 insertions, 1 deletions
diff --git a/net/ipv6/ip6_vti.c b/net/ipv6/ip6_vti.c index 527e9ead7449..5e9474bc54fc 100644 --- a/net/ipv6/ip6_vti.c +++ b/net/ipv6/ip6_vti.c @@ -808,6 +808,8 @@ vti6_siocdevprivate(struct net_device *dev, struct ifreq *ifr, void __user *data struct net *net = dev_net(dev); struct vti6_net *ip6n = net_generic(net, vti6_net_id); + memset(&p1, 0, sizeof(p1)); + switch (cmd) { case SIOCGETTUNNEL: if (dev == ip6n->fb_tnl_dev) { diff --git a/net/ipv6/raw.c b/net/ipv6/raw.c index 60f1e4f5be5a..c51d5ce3711c 100644 --- a/net/ipv6/raw.c +++ b/net/ipv6/raw.c @@ -1020,6 +1020,9 @@ static int do_rawv6_setsockopt(struct sock *sk, int level, int optname, struct raw6_sock *rp = raw6_sk(sk); int val; + if (optlen < sizeof(val)) + return -EINVAL; + if (copy_from_sockptr(&val, optval, sizeof(val))) return -EFAULT; diff --git a/net/ipv6/udp.c b/net/ipv6/udp.c index a2caca6ccf11..8cde9efd7919 100644 --- a/net/ipv6/udp.c +++ b/net/ipv6/udp.c @@ -1204,7 +1204,7 @@ static int udp_v6_send_skb(struct sk_buff *skb, struct flowi6 *fl6, kfree_skb(skb); return -EINVAL; } - if (skb->len > cork->gso_size * UDP_MAX_SEGMENTS) { + if (datalen > cork->gso_size * UDP_MAX_SEGMENTS) { kfree_skb(skb); return -EINVAL; } |