WSL2-Linux-Kernel/include/net/tc_act
Paolo Abeni b773640d5b net/sched: act_pedit: really ensure the skb is writable
[ Upstream commit 8b796475fd ]

Currently pedit tries to ensure that the accessed skb offset
is writable via skb_unclone(). The action potentially allows
touching any skb bytes, so it may end-up modifying shared data.

The above causes some sporadic MPTCP self-test failures, due to
this code:

	tc -n $ns2 filter add dev ns2eth$i egress \
		protocol ip prio 1000 \
		handle 42 fw \
		action pedit munge offset 148 u8 invert \
		pipe csum tcp \
		index 100

The above modifies a data byte outside the skb head and the skb is
a cloned one, carrying a TCP output packet.

This change addresses the issue by keeping track of a rough
over-estimate highest skb offset accessed by the action and ensuring
such offset is really writable.

Note that this may cause performance regressions in some scenarios,
but hopefully pedit is not in the critical path.

Fixes: db2c24175d ("act_pedit: access skb->data safely")
Acked-by: Mat Martineau <mathew.j.martineau@linux.intel.com>
Tested-by: Geliang Tang <geliang.tang@suse.com>
Signed-off-by: Paolo Abeni <pabeni@redhat.com>
Acked-by: Jamal Hadi Salim <jhs@mojatatu.com>
Link: https://lore.kernel.org/r/1fcf78e6679d0a287dd61bb0f04730ce33b3255d.1652194627.git.pabeni@redhat.com
Signed-off-by: Jakub Kicinski <kuba@kernel.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
2022-05-18 10:26:50 +02:00
..
tc_bpf.h treewide: Replace GPLv2 boilerplate/reference with SPDX - rule 152 2019-05-30 11:26:32 -07:00
tc_connmark.h License cleanup: add SPDX GPL-2.0 license identifier to files with no license 2017-11-02 11:10:55 +01:00
tc_csum.h net: Change TCA_ACT_* to TCA_ID_* to match that of TCA_ID_POLICE 2019-02-10 09:28:43 -08:00
tc_ct.h net/sched: act_ct: Make tcf_ct_flow_table_restore_skb inline 2020-06-15 18:06:52 -07:00
tc_ctinfo.h net: sched: act_ctinfo: tidy UAPI definition 2019-06-19 17:11:01 -04:00
tc_defact.h License cleanup: add SPDX GPL-2.0 license identifier to files with no license 2017-11-02 11:10:55 +01:00
tc_gact.h net/sched: don't dereference a->goto_chain to read the chain index 2019-03-21 13:26:42 -07:00
tc_gate.h net: schedule: add action gate offloading 2020-05-01 16:08:19 -07:00
tc_ife.h net: tc_act: drop include of module.h from tc_ife.h 2019-04-22 21:50:53 -07:00
tc_ipt.h License cleanup: add SPDX GPL-2.0 license identifier to files with no license 2017-11-02 11:10:55 +01:00
tc_mirred.h net: tc_act: add helpers to detect ingress mirred actions 2019-08-06 14:24:21 -07:00
tc_mpls.h net: sched: include mpls actions in hardware intermediate representation 2019-07-23 13:52:50 -07:00
tc_nat.h License cleanup: add SPDX GPL-2.0 license identifier to files with no license 2017-11-02 11:10:55 +01:00
tc_pedit.h net/sched: act_pedit: really ensure the skb is writable 2022-05-18 10:26:50 +02:00
tc_police.h net/sched: act_police: add support for packet-per-second policing 2021-03-13 14:18:09 -08:00
tc_sample.h net: sched: take reference to psample group in flow_action infra 2019-09-16 09:18:03 +02:00
tc_skbedit.h net: tc_skbedit: Make the skbedit priority offloadable 2020-03-19 21:09:19 -07:00
tc_skbmod.h treewide: Replace GPLv2 boilerplate/reference with SPDX - rule 152 2019-05-30 11:26:32 -07:00
tc_tunnel_key.h net: sched: Fix suspicious RCU usage while accessing tcf_tunnel_info 2020-10-15 09:10:11 -07:00
tc_vlan.h net/sched: act_vlan: Fix modify to allow 0 2021-06-01 16:54:42 -07:00