git
/
linux
mirror of https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity
linux/net/ipv6
History
Jakub Kicinski 7a0f94361f net: psp: don't assume reply skbs will have a socket 
Rx path may be passing around unreferenced sockets, which means
that skb_set_owner_edemux() may not set skb->sk and PSP will crash:

  KASAN: null-ptr-deref in range [0x0000000000000010-0x0000000000000017]
  RIP: 0010:psp_reply_set_decrypted (./include/net/psp/functions.h:132 net/psp/psp_sock.c:287)
    tcp_v6_send_response.constprop.0 (net/ipv6/tcp_ipv6.c:979)
    tcp_v6_send_reset (net/ipv6/tcp_ipv6.c:1140 (discriminator 1))
    tcp_v6_do_rcv (net/ipv6/tcp_ipv6.c:1683)
    tcp_v6_rcv (net/ipv6/tcp_ipv6.c:1912)

Fixes: 659a2899a5 ("tcp: add datapath logic for PSP with inline key exchange")
Reviewed-by: Kuniyuki Iwashima <kuniyu@google.com>
Reviewed-by: Eric Dumazet <edumazet@google.com>
Link: https://patch.msgid.link/20251001022426.2592750-1-kuba@kernel.org
Signed-off-by: Jakub Kicinski <kuba@kernel.org>
 		2025-10-03 10:23:50 -07:00
..
ila ipv6: adopt dst_dev() helper 2025-07-02 14:32:30 -07:00
netfilter netfilter: nf_reject: don't reply to icmp error messages 2025-09-11 15:40:55 +02:00
Kconfig ipv6: sr: Use HMAC-SHA1 and HMAC-SHA256 library functions 2025-08-26 18:11:29 -07:00
Makefile
addrconf.c ipv6: Add sanity checks on ipv6_devconf.rpl_seg_enabled 2025-09-02 17:01:14 -07:00
addrconf_core.c
addrlabel.c net: replace ADDRLABEL with dynamic debug 2025-07-08 15:04:05 +02:00
af_inet6.c ipv6: make ipv6_pinfo.daddr_cache a boolean 2025-09-18 10:17:09 +02:00
ah6.c net: ipv6: fix field-spanning memcpy warning in AH output 2025-08-15 08:30:16 +02:00
anycast.c ipv6: start using dst_dev_rcu() 2025-08-29 19:36:32 -07:00
calipso.c net: ipv6: Fix spelling mistake 2025-07-02 15:42:29 -07:00
datagram.c net: add sk_drops_read(), sk_drops_inc() and sk_drops_reset() helpers 2025-08-28 13:14:50 +02:00
esp6.c tcp: Don't pass hashinfo to socket lookup helpers. 2025-08-25 17:53:35 -07:00
esp6_offload.c
exthdrs.c ipv6: annotate data-races around devconf->rpl_seg_enabled 2025-09-02 17:01:06 -07:00
exthdrs_core.c
exthdrs_offload.c
fib6_notifier.c
fib6_rules.c ipv6: fib_rules: Add DSCP mask matching 2025-02-21 16:08:48 -08:00
fou6.c
icmp.c ipv6: snmp: do not track per idev ICMP6_MIB_RATELIMITHOST 2025-09-08 18:06:20 -07:00
inet6_connection_sock.c ipv6: make ipv6_pinfo.daddr_cache a boolean 2025-09-18 10:17:09 +02:00
inet6_hashtables.c tcp: Remove inet6_hash(). 2025-09-22 11:38:43 -07:00
ioam6.c ipv6: adopt skb_dst_dev() and skb_dst_dev_net[_rcu]() helpers 2025-07-02 14:32:30 -07:00
ioam6_iptunnel.c ipv6: adopt dst_dev() helper 2025-07-02 14:32:30 -07:00
ip6_checksum.c
ip6_fib.c Merge git://git.kernel.org/pub/scm/linux/kernel/git/netdev/net 2025-07-26 11:49:45 -07:00
ip6_flowlabel.c treewide: Switch/rename to timer_delete[_sync]() 2025-04-05 10:30:12 +02:00
ip6_gre.c ipv6: ip6_gre: replace strcpy with strscpy for tunnel name 2025-08-19 18:06:24 -07:00
ip6_icmp.c icmp: fix icmp_ndo_send address translation for reply direction 2025-09-01 12:54:41 -07:00
ip6_input.c net: preserve MSG_ZEROCOPY with forwarding 2025-07-02 15:07:16 -07:00
ip6_offload.c ipv6: reject malicious packets in ipv6_gso_segment() 2025-08-01 14:40:53 -07:00
ip6_offload.h
ip6_output.c ipv6: make ipv6_pinfo.daddr_cache a boolean 2025-09-18 10:17:09 +02:00
ip6_tunnel.c ipv6: adopt skb_dst_dev() and skb_dst_dev_net[_rcu]() helpers 2025-07-02 14:32:30 -07:00
ip6_udp_tunnel.c ipv6: adopt dst_dev() helper 2025-07-02 14:32:30 -07:00
ip6_vti.c ipv6: adopt skb_dst_dev() and skb_dst_dev_net[_rcu]() helpers 2025-07-02 14:32:30 -07:00
ip6mr.c ipv6: ip6_mc_input() and ip6_mr_input() cleanups 2025-07-02 14:32:30 -07:00
ipcomp6.c xfrm: delete x->tunnel as we delete x 2025-07-08 13:28:27 +02:00
ipv6_sockglue.c net: psp: update the TCP MSS to reflect PSP packet overhead 2025-09-18 12:32:06 +02:00
mcast.c ipv6: start using dst_dev_rcu() 2025-08-29 19:36:32 -07:00
mcast_snoop.c
mip6.c
ndisc.c ipv6: start using dst_dev_rcu() 2025-08-29 19:36:32 -07:00
netfilter.c netfilter: Switch to skb_dstref_steal to clear dst_entry 2025-08-19 17:54:19 -07:00
output_core.c ipv6: start using dst_dev_rcu() 2025-08-29 19:36:32 -07:00
ping.c inet: ping: remove ping_hash() 2025-09-01 13:15:14 -07:00
proc.c ipv6: snmp: do not track per idev ICMP6_MIB_RATELIMITHOST 2025-09-08 18:06:20 -07:00
protocol.c
raw.c ipv6: np->rxpmtu race annotation 2025-09-18 10:17:09 +02:00
reassembly.c ipv6: adopt skb_dst_dev() and skb_dst_dev_net[_rcu]() helpers 2025-07-02 14:32:30 -07:00
route.c ipv6: make ipv6_pinfo.daddr_cache a boolean 2025-09-18 10:17:09 +02:00
rpl.c
rpl_iptunnel.c Merge git://git.kernel.org/pub/scm/linux/kernel/git/netdev/net 2025-07-17 11:00:33 -07:00
seg6.c ipv6: sr: Use HMAC-SHA1 and HMAC-SHA256 library functions 2025-08-26 18:11:29 -07:00
seg6_hmac.c ipv6: sr: Prepare HMAC key ahead of time 2025-08-26 18:11:29 -07:00
seg6_iptunnel.c ipv6: adopt skb_dst_dev() and skb_dst_dev_net[_rcu]() helpers 2025-07-02 14:32:30 -07:00
seg6_local.c ipv6: adopt dst_dev() helper 2025-07-02 14:32:30 -07:00
sit.c ipv6: sit: Add ipip6_tunnel_dst_find() for cleanup 2025-09-04 10:03:59 +02:00
syncookies.c tcp: accecn: AccECN negotiation 2025-09-18 08:47:51 +02:00
sysctl_net_ipv6.c
tcp_ao.c
tcp_ipv6.c net: psp: don't assume reply skbs will have a socket 2025-10-03 10:23:50 -07:00
tcpv6_offload.c tcp: Don't pass hashinfo to socket lookup helpers. 2025-08-25 17:53:35 -07:00
tunnel6.c
udp.c udp: remove busylock and add per NUMA queues 2025-09-23 16:38:39 -07:00
udp_impl.h udp: move udp_memory_allocated into net_aligned_data 2025-07-02 14:22:02 -07:00
udp_offload.c net: gro: remove is_ipv6 from napi_gro_cb 2025-09-25 12:42:49 +02:00
udplite.c udp: move udp_memory_allocated into net_aligned_data 2025-07-02 14:22:02 -07:00
xfrm6_input.c xfrm: Set transport header to fix UDP GRO handling 2025-07-02 09:19:56 +02:00
xfrm6_output.c ipv6: adopt skb_dst_dev() and skb_dst_dev_net[_rcu]() helpers 2025-07-02 14:32:30 -07:00
xfrm6_policy.c
xfrm6_protocol.c
xfrm6_state.c
xfrm6_tunnel.c xfrm: flush all states in xfrm_state_fini 2025-08-06 09:23:38 +02:00