diff options
| author | Jakub Kicinski <kuba@kernel.org> | 2026-01-18 03:00:27 +0300 |
|---|---|---|
| committer | Jakub Kicinski <kuba@kernel.org> | 2026-01-18 03:00:28 +0300 |
| commit | 6a5e5a3da3557ab1ccc3716b2cdb67aab658dc45 (patch) | |
| tree | fdc733ddc7b075e476fefd235269a2692868bf08 | |
| parent | ff7737946812eb59faad70d497b803c4f59200b9 (diff) | |
| parent | 7a9bc9e3f42391e4c187e099263cf7a1c4b69ff5 (diff) | |
| download | linux-6a5e5a3da3557ab1ccc3716b2cdb67aab658dc45.tar.xz | |
Merge branch 'fou-gue-fix-skb-memleak-with-inner-protocol-0'
Kuniyuki Iwashima says:
====================
fou/gue: Fix skb memleak with inner protocol 0.
syzbot reported memleak for a GUE packet with its inner
protocol number 0.
Patch 1 fixes the issue, and patch 3 fixes the same issue
in FOU.
====================
Link: https://patch.msgid.link/20260115172533.693652-1-kuniyu@google.com
Signed-off-by: Jakub Kicinski <kuba@kernel.org>
| -rw-r--r-- | Documentation/netlink/specs/fou.yaml | 2 | ||||
| -rw-r--r-- | net/ipv4/fou_core.c | 3 | ||||
| -rw-r--r-- | net/ipv4/fou_nl.c | 2 | ||||
| -rwxr-xr-x | tools/net/ynl/ynl-regen.sh | 2 |
4 files changed, 7 insertions, 2 deletions
diff --git a/Documentation/netlink/specs/fou.yaml b/Documentation/netlink/specs/fou.yaml index 8e7974ec453f..331f1b342b3a 100644 --- a/Documentation/netlink/specs/fou.yaml +++ b/Documentation/netlink/specs/fou.yaml @@ -39,6 +39,8 @@ attribute-sets: - name: ipproto type: u8 + checks: + min: 1 - name: type type: u8 diff --git a/net/ipv4/fou_core.c b/net/ipv4/fou_core.c index 3970b6b7ace5..ab8f309f8925 100644 --- a/net/ipv4/fou_core.c +++ b/net/ipv4/fou_core.c @@ -215,6 +215,9 @@ static int gue_udp_recv(struct sock *sk, struct sk_buff *skb) return gue_control_message(skb, guehdr); proto_ctype = guehdr->proto_ctype; + if (unlikely(!proto_ctype)) + goto drop; + __skb_pull(skb, sizeof(struct udphdr) + hdrlen); skb_reset_transport_header(skb); diff --git a/net/ipv4/fou_nl.c b/net/ipv4/fou_nl.c index 7a99639204b1..309d5ba983d0 100644 --- a/net/ipv4/fou_nl.c +++ b/net/ipv4/fou_nl.c @@ -15,7 +15,7 @@ const struct nla_policy fou_nl_policy[FOU_ATTR_IFINDEX + 1] = { [FOU_ATTR_PORT] = { .type = NLA_BE16, }, [FOU_ATTR_AF] = { .type = NLA_U8, }, - [FOU_ATTR_IPPROTO] = { .type = NLA_U8, }, + [FOU_ATTR_IPPROTO] = NLA_POLICY_MIN(NLA_U8, 1), [FOU_ATTR_TYPE] = { .type = NLA_U8, }, [FOU_ATTR_REMCSUM_NOPARTIAL] = { .type = NLA_FLAG, }, [FOU_ATTR_LOCAL_V4] = { .type = NLA_U32, }, diff --git a/tools/net/ynl/ynl-regen.sh b/tools/net/ynl/ynl-regen.sh index 81b4ecd89100..d9809276db98 100755 --- a/tools/net/ynl/ynl-regen.sh +++ b/tools/net/ynl/ynl-regen.sh @@ -21,7 +21,7 @@ files=$(git grep --files-with-matches '^/\* YNL-GEN \(kernel\|uapi\|user\)') for f in $files; do # params: 0 1 2 3 # $YAML YNL-GEN kernel $mode - params=( $(git grep -B1 -h '/\* YNL-GEN' $f | sed 's@/\*\(.*\)\*/@\1@') ) + params=( $(git grep --no-line-number -B1 -h '/\* YNL-GEN' $f | sed 's@/\*\(.*\)\*/@\1@') ) args=$(sed -n 's@/\* YNL-ARG \(.*\) \*/@\1@p' $f) if [ $f -nt ${params[0]} -a -z "$force" ]; then |