linux/net/core
hannes@stressinduktion.org f60e5990d9 ipv6: protect skb->sk accesses from recursive dereference inside the stack
We should not consult skb->sk for output decisions in xmit recursion
levels > 0 in the stack. Otherwise local socket settings could influence
the result of e.g. tunnel encapsulation process.

ipv6 does not conform with this in three places:

1) ip6_fragment: we do consult ipv6_npinfo for frag_size

2) sk_mc_loop in ipv6 uses skb->sk and checks if we should
   loop the packet back to the local socket

3) ip6_skb_dst_mtu could query the settings from the user socket and
   force a wrong MTU

Furthermore:
In sk_mc_loop we could potentially land in WARN_ON(1) if we use a
PF_PACKET socket ontop of an IPv6-backed vxlan device.

Reuse xmit_recursion as we are currently only interested in protecting
tunnel devices.

Cc: Jiri Pirko <jiri@resnulli.us>
Signed-off-by: Hannes Frederic Sowa <hannes@stressinduktion.org>
Signed-off-by: David S. Miller <davem@davemloft.net>
2015-04-06 16:12:49 -04:00
..
datagram.c skb_copy_datagram_iovec() can die 2014-12-09 16:29:11 -05:00
dev_addr_lists.c net: fix spelling for synchronized 2014-11-18 15:26:32 -05:00
dev_ioctl.c dev_ioctl: use sizeof(x) instead of sizeof x 2014-11-18 15:27:32 -05:00
dev.c ipv6: protect skb->sk accesses from recursive dereference inside the stack 2015-04-06 16:12:49 -04:00
drop_monitor.c net: Replace get_cpu_var through this_cpu_ptr 2014-08-26 13:45:47 -04:00
dst.c dst: no need to take reference on DST_NOCACHE dsts 2014-12-09 16:08:17 -05:00
ethtool.c ethtool: Add hw-switch-offload to netdev_features_strings. 2015-02-20 16:36:43 -05:00
fib_rules.c net: move fib_rules_unregister() under rtnl lock 2015-04-02 20:52:34 -04:00
filter.c net: spelling fixes 2015-02-14 20:36:08 -08:00
flow_dissector.c xps: fix xps for stacked devices 2015-02-04 13:02:54 -08:00
flow.c flowcache: Fix kernel panic in flow_cache_flush_task 2015-02-05 14:38:53 -08:00
gen_estimator.c net: sched: make bstats per cpu and estimator RCU safe 2014-09-30 01:02:26 -04:00
gen_stats.c gen_stats.c: Duplicate xstats buffer for later use 2015-02-19 15:45:53 -05:00
link_watch.c net/core: include linux/types.h instead of asm/types.h 2014-11-18 15:26:32 -05:00
Makefile net: bury net/core/iovec.c - nothing in there is used anymore 2015-02-04 01:34:15 -05:00
neighbour.c netlink: Fix bugs in nlmsg_end() conversions. 2015-01-18 23:36:08 -05:00
net_namespace.c netns: don't allocate an id for dead netns 2015-04-03 12:36:31 -04:00
net-procfs.c
net-sysfs.c net: use %*pb[l] to print bitmaps including cpumasks and nodemasks 2015-02-13 21:21:38 -08:00
net-sysfs.h
net-traces.c
netclassid_cgroup.c cgroup: rename cgroup_subsys->base_cftypes to ->legacy_cftypes 2014-07-15 11:05:09 -04:00
netevent.c
netpoll.c net: rename vlan_tx_* helpers since "tx" is misleading there 2015-01-13 17:51:08 -05:00
netprio_cgroup.c cgroup: rename cgroup_subsys->base_cftypes to ->legacy_cftypes 2014-07-15 11:05:09 -04:00
pktgen.c net: pktgen: disable xmit_clone on virtual devices 2015-02-22 22:43:20 -05:00
ptp_classifier.c net: filter: split 'struct sk_filter' into socket and bpf parts 2014-08-02 15:03:58 -07:00
request_sock.c
rtnetlink.c net: use for_each_netdev_safe() in rtnl_group_changelink() 2015-03-24 13:02:32 -04:00
scm.c net: introduce helper macro for_each_cmsghdr 2014-12-10 22:41:55 -05:00
secure_seq.c net: use ktime_get_ns() and ktime_get_real_ns() helpers 2014-08-22 19:57:23 -07:00
skbuff.c sock: fix possible NULL sk dereference in __skb_tstamp_tx 2015-03-12 00:09:55 -04:00
sock_diag.c net: filter: split 'struct sk_filter' into socket and bpf parts 2014-08-02 15:03:58 -07:00
sock.c ipv6: protect skb->sk accesses from recursive dereference inside the stack 2015-04-06 16:12:49 -04:00
stream.c
sysctl_net_core.c net: sysctl_net_core: check SNDBUF and RCVBUF for min length 2015-03-11 21:25:13 -04:00
timestamping.c net-timestamp: Make the clone operation stand-alone from phy timestamping 2014-09-05 17:43:45 -07:00
tso.c net: tso: fix unaligned access to crafted TCP header in helper API 2014-10-22 12:52:55 -04:00
utils.c net: Convert LIMIT_NETDEBUG to net_dbg_ratelimited 2014-11-11 14:10:31 -05:00