Magnus Karlsson 99e3a236dd xsk: Add missing check on user supplied headroom size ... Add a check that the headroom cannot be larger than the available space in the chunk. In the current code, a malicious user can set the headroom to a value larger than the chunk size minus the fixed XDP headroom. That way packets with a length larger than the supported size in the umem could get accepted and result in an out-of-bounds write. Fixes: c0c77d8fb7 ("xsk: add user memory registration support sockopt") Reported-by: Bui Quang Minh <minhquangbui99@gmail.com> Signed-off-by: Magnus Karlsson <magnus.karlsson@intel.com> Signed-off-by: Daniel Borkmann <daniel@iogearbox.net> Link: https://bugzilla.kernel.org/show_bug.cgi?id=207225 Link: https://lore.kernel.org/bpf/1586849715-23490-1-git-send-email-magnus.karlsson@intel.com		2020-04-15 13:07:18 +02:00
..
Kconfig	treewide: Add SPDX license identifier - Makefile/Kconfig	2019-05-21 10:50:46 +02:00
Makefile	treewide: Add SPDX license identifier - Makefile/Kconfig	2019-05-21 10:50:46 +02:00
xdp_umem.c	xsk: Add missing check on user supplied headroom size	2020-04-15 13:07:18 +02:00
xdp_umem.h	xdp: fix hang while unregistering device bound to xdp socket	2019-07-03 15:10:55 +02:00
xsk.c	xsk: Fix out of boundary write in __xsk_rcv_memcpy	2020-04-06 21:48:05 +02:00
xsk.h	xsk: add support for need_wakeup flag in AF_XDP rings	2019-08-17 23:07:32 +02:00
xsk_diag.c	xsk: lock the control mutex in sock_diag interface	2019-09-05 14:11:52 +02:00
xsk_queue.c	xsk: Use struct_size() helper	2019-12-20 16:00:09 -08:00
xsk_queue.h	xdp: Replace zero-length array with flexible-array member	2020-02-28 12:08:37 -08:00