Home Home > GIT Browse > SLE15-AZURE
summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorTakashi Iwai <tiwai@suse.de>2019-02-14 11:39:11 +0100
committerTakashi Iwai <tiwai@suse.de>2019-02-14 11:39:12 +0100
commit8ea778d5a19146f9a230c09a7ea06bf00af59ed7 (patch)
treedec6f4cf2c3afa26d3cf371735c2e80537b0aaf7
parent3501ab2c47de969c3782dbb2b1a98591eb8e4cfc (diff)
ipsec: check return value of skb_to_sgvec always (bsc#1051510).
-rw-r--r--patches.fixes/ipsec-check-return-value-of-skb_to_sgvec-always.patch167
-rw-r--r--series.conf1
2 files changed, 168 insertions, 0 deletions
diff --git a/patches.fixes/ipsec-check-return-value-of-skb_to_sgvec-always.patch b/patches.fixes/ipsec-check-return-value-of-skb_to_sgvec-always.patch
new file mode 100644
index 0000000000..3e658bac34
--- /dev/null
+++ b/patches.fixes/ipsec-check-return-value-of-skb_to_sgvec-always.patch
@@ -0,0 +1,167 @@
+From 3f29770723fe498a5c5f57c3a31a996ebdde03e1 Mon Sep 17 00:00:00 2001
+From: "Jason A. Donenfeld" <Jason@zx2c4.com>
+Date: Sun, 4 Jun 2017 04:16:23 +0200
+Subject: [PATCH] ipsec: check return value of skb_to_sgvec always
+Git-commit: 3f29770723fe498a5c5f57c3a31a996ebdde03e1
+Patch-mainline: v4.13-rc1
+References: bsc#1051510
+
+Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
+Cc: Steffen Klassert <steffen.klassert@secunet.com>
+Cc: Herbert Xu <herbert@gondor.apana.org.au>
+Cc: "David S. Miller" <davem@davemloft.net>
+Signed-off-by: David S. Miller <davem@davemloft.net>
+Acked-by: Takashi Iwai <tiwai@suse.de>
+
+---
+ net/ipv4/ah4.c | 8 ++++++--
+ net/ipv4/esp4.c | 20 +++++++++++++-------
+ net/ipv6/ah6.c | 8 ++++++--
+ net/ipv6/esp6.c | 20 +++++++++++++-------
+ 4 files changed, 38 insertions(+), 18 deletions(-)
+
+diff --git a/net/ipv4/ah4.c b/net/ipv4/ah4.c
+index 22377c8ff14b..e8f862358518 100644
+--- a/net/ipv4/ah4.c
++++ b/net/ipv4/ah4.c
+@@ -220,7 +220,9 @@ static int ah_output(struct xfrm_state *x, struct sk_buff *skb)
+ ah->seq_no = htonl(XFRM_SKB_CB(skb)->seq.output.low);
+
+ sg_init_table(sg, nfrags + sglists);
+- skb_to_sgvec_nomark(skb, sg, 0, skb->len);
++ err = skb_to_sgvec_nomark(skb, sg, 0, skb->len);
++ if (unlikely(err < 0))
++ goto out_free;
+
+ if (x->props.flags & XFRM_STATE_ESN) {
+ /* Attach seqhi sg right after packet payload */
+@@ -393,7 +395,9 @@ static int ah_input(struct xfrm_state *x, struct sk_buff *skb)
+ skb_push(skb, ihl);
+
+ sg_init_table(sg, nfrags + sglists);
+- skb_to_sgvec_nomark(skb, sg, 0, skb->len);
++ err = skb_to_sgvec_nomark(skb, sg, 0, skb->len);
++ if (unlikely(err < 0))
++ goto out_free;
+
+ if (x->props.flags & XFRM_STATE_ESN) {
+ /* Attach seqhi sg right after packet payload */
+diff --git a/net/ipv4/esp4.c b/net/ipv4/esp4.c
+index 93322f895eab..d815d1755473 100644
+--- a/net/ipv4/esp4.c
++++ b/net/ipv4/esp4.c
+@@ -377,9 +377,11 @@ int esp_output_tail(struct xfrm_state *x, struct sk_buff *skb, struct esp_info *
+ esp->esph = esph;
+
+ sg_init_table(sg, esp->nfrags);
+- skb_to_sgvec(skb, sg,
+- (unsigned char *)esph - skb->data,
+- assoclen + ivlen + esp->clen + alen);
++ err = skb_to_sgvec(skb, sg,
++ (unsigned char *)esph - skb->data,
++ assoclen + ivlen + esp->clen + alen);
++ if (unlikely(err < 0))
++ goto error;
+
+ if (!esp->inplace) {
+ int allocsize;
+@@ -403,9 +405,11 @@ int esp_output_tail(struct xfrm_state *x, struct sk_buff *skb, struct esp_info *
+ spin_unlock_bh(&x->lock);
+
+ sg_init_table(dsg, skb_shinfo(skb)->nr_frags + 1);
+- skb_to_sgvec(skb, dsg,
+- (unsigned char *)esph - skb->data,
+- assoclen + ivlen + esp->clen + alen);
++ err = skb_to_sgvec(skb, dsg,
++ (unsigned char *)esph - skb->data,
++ assoclen + ivlen + esp->clen + alen);
++ if (unlikely(err < 0))
++ goto error;
+ }
+
+ if ((x->props.flags & XFRM_STATE_ESN))
+@@ -690,7 +694,9 @@ static int esp_input(struct xfrm_state *x, struct sk_buff *skb)
+ esp_input_set_header(skb, seqhi);
+
+ sg_init_table(sg, nfrags);
+- skb_to_sgvec(skb, sg, 0, skb->len);
++ err = skb_to_sgvec(skb, sg, 0, skb->len);
++ if (unlikely(err < 0))
++ goto out;
+
+ skb->ip_summed = CHECKSUM_NONE;
+
+diff --git a/net/ipv6/ah6.c b/net/ipv6/ah6.c
+index dda6035e3b84..755f38271dd5 100644
+--- a/net/ipv6/ah6.c
++++ b/net/ipv6/ah6.c
+@@ -423,7 +423,9 @@ static int ah6_output(struct xfrm_state *x, struct sk_buff *skb)
+ ah->seq_no = htonl(XFRM_SKB_CB(skb)->seq.output.low);
+
+ sg_init_table(sg, nfrags + sglists);
+- skb_to_sgvec_nomark(skb, sg, 0, skb->len);
++ err = skb_to_sgvec_nomark(skb, sg, 0, skb->len);
++ if (unlikely(err < 0))
++ goto out_free;
+
+ if (x->props.flags & XFRM_STATE_ESN) {
+ /* Attach seqhi sg right after packet payload */
+@@ -606,7 +608,9 @@ static int ah6_input(struct xfrm_state *x, struct sk_buff *skb)
+ ip6h->hop_limit = 0;
+
+ sg_init_table(sg, nfrags + sglists);
+- skb_to_sgvec_nomark(skb, sg, 0, skb->len);
++ err = skb_to_sgvec_nomark(skb, sg, 0, skb->len);
++ if (unlikely(err < 0))
++ goto out_free;
+
+ if (x->props.flags & XFRM_STATE_ESN) {
+ /* Attach seqhi sg right after packet payload */
+diff --git a/net/ipv6/esp6.c b/net/ipv6/esp6.c
+index 1fe99ba8066c..2ede4e459c4e 100644
+--- a/net/ipv6/esp6.c
++++ b/net/ipv6/esp6.c
+@@ -346,9 +346,11 @@ int esp6_output_tail(struct xfrm_state *x, struct sk_buff *skb, struct esp_info
+ esph = esp_output_set_esn(skb, x, ip_esp_hdr(skb), seqhi);
+
+ sg_init_table(sg, esp->nfrags);
+- skb_to_sgvec(skb, sg,
+- (unsigned char *)esph - skb->data,
+- assoclen + ivlen + esp->clen + alen);
++ err = skb_to_sgvec(skb, sg,
++ (unsigned char *)esph - skb->data,
++ assoclen + ivlen + esp->clen + alen);
++ if (unlikely(err < 0))
++ goto error;
+
+ if (!esp->inplace) {
+ int allocsize;
+@@ -372,9 +374,11 @@ int esp6_output_tail(struct xfrm_state *x, struct sk_buff *skb, struct esp_info
+ spin_unlock_bh(&x->lock);
+
+ sg_init_table(dsg, skb_shinfo(skb)->nr_frags + 1);
+- skb_to_sgvec(skb, dsg,
+- (unsigned char *)esph - skb->data,
+- assoclen + ivlen + esp->clen + alen);
++ err = skb_to_sgvec(skb, dsg,
++ (unsigned char *)esph - skb->data,
++ assoclen + ivlen + esp->clen + alen);
++ if (unlikely(err < 0))
++ goto error;
+ }
+
+ if ((x->props.flags & XFRM_STATE_ESN))
+@@ -618,7 +622,9 @@ static int esp6_input(struct xfrm_state *x, struct sk_buff *skb)
+ esp_input_set_header(skb, seqhi);
+
+ sg_init_table(sg, nfrags);
+- skb_to_sgvec(skb, sg, 0, skb->len);
++ ret = skb_to_sgvec(skb, sg, 0, skb->len);
++ if (unlikely(ret < 0))
++ goto out;
+
+ skb->ip_summed = CHECKSUM_NONE;
+
+--
+2.16.4
+
diff --git a/series.conf b/series.conf
index 6cb6eefdb7..4cfe5820c1 100644
--- a/series.conf
+++ b/series.conf
@@ -1734,6 +1734,7 @@
patches.drivers/netxen-remove-writeq-readq-function-definitions.patch
patches.drivers/neigh-Really-delete-an-arp-neigh-entry-on-ip-neigh-d.patch
patches.arch/00-perf-bpf-add-bpf-support-to-all-perf_event-types.patch
+ patches.fixes/ipsec-check-return-value-of-skb_to_sgvec-always.patch
patches.drivers/qed-Add-bitmaps-for-VF-CIDs.patch
patches.drivers/qed-Create-L2-queue-database.patch
patches.drivers/qed-L2-interface-to-use-the-SB-structures-directly.patch