From: David S. Miller <davem@davemloft.net>
Date: Mon, 5 Jun 2017 03:01:48 +0000 (-0400)
Subject: Merge branch 'skb-sgvec-overflow'
X-Git-Url: https://git.stricted.de/?a=commitdiff_plain;h=a619cc8bedd0df6dfbc389f4c904070be87a0e5c;p=GitHub%2Fmoto-9609%2Fandroid_kernel_motorola_exynos9610.git

Merge branch 'skb-sgvec-overflow'

Jason A. Donenfeld says:

====================
net: Avoiding stack overflow in skb_to_sgvec

The recent bug with macsec and historical one with virtio have
indicated that letting skb_to_sgvec trounce all over an sglist
without checking the length is probably a bad idea. And it's not
necessary either: an sglist already explicitly marks its last
item, and the initialization functions are diligent in doing so.
Thus there's a clear way of avoiding future overflows.

So, this patchset, from a high level, makes skb_to_sgvec return
a potential error code, and then adjusts all callers to check
for the error code. There are two situations in which skb_to_sgvec
might return such an error:

   1) When the passed in sglist is too small; and
   2) When the passed in skbuff is too deeply nested.

So, the first patch in this series handles the issues with
skb_to_sgvec directly, and the remaining ones then handle the call
sites.
====================

Signed-off-by: David S. Miller <davem@davemloft.net>
---

a619cc8bedd0df6dfbc389f4c904070be87a0e5c