Merge git://git.kernel.org/pub/scm/linux/kernel/git/davem/net

Pull networking fixes from David Miller: "Fixes here and there, a couple new device IDs, as usual: 1) Fix BQL race in dpaa2-eth driver, from Ioana Ciornei. 2) Fix 64-bit division in iwlwifi, from Arnd Bergmann. 3) Fix documentation for some eBPF helpers, from Quentin Monnet. 4) Some UAPI bpf header sync with tools, also from Quentin Monnet. 5) Set descriptor ownership bit at the right time for jumbo frames in stmmac driver, from Aaro Koskinen. 6) Set IFF_UP properly in tun driver, from Eric Dumazet. 7) Fix load/store doubleword instruction generation in powerpc eBPF JIT, from Naveen N. Rao. 8) nla_nest_start() return value checks all over, from Kangjie Lu. 9) Fix asoc_id handling in SCTP after the SCTP_*_ASSOC changes this merge window. From Marcelo Ricardo Leitner and Xin Long. 10) Fix memory corruption with large MTUs in stmmac, from Aaro Koskinen. 11) Do not use ipv4 header for ipv6 flows in TCP and DCCP, from Eric Dumazet. 12) Fix topology subscription cancellation in tipc, from Erik Hugne. 13) Memory leak in genetlink error path, from Yue Haibing. 14) Valid control actions properly in packet scheduler, from Davide Caratti. 15) Even if we get EEXIST, we still need to rehash if a shrink was delayed. From Herbert Xu. 16) Fix interrupt mask handling in interrupt handler of r8169, from Heiner Kallweit. 17) Fix leak in ehea driver, from Wen Yang" * git://git.kernel.org/pub/scm/linux/kernel/git/davem/net: (168 commits) dpaa2-eth: fix race condition with bql frame accounting chelsio: use BUG() instead of BUG_ON(1) net: devlink: skip info_get op call if it is not defined in dumpit net: phy: bcm54xx: Encode link speed and activity into LEDs tipc: change to check tipc_own_id to return in tipc_net_stop net: usb: aqc111: Extend HWID table by QNAP device net: sched: Kconfig: update reference link for PIE net: dsa: qca8k: extend slave-bus implementations net: dsa: qca8k: remove leftover phy accessors dt-bindings: net: dsa: qca8k: support internal mdio-bus dt-bindings: net: dsa: qca8k: fix example net: phy: don't clear BMCR in genphy_soft_reset bpf, libbpf: clarify bump in libbpf version info bpf, libbpf: fix version info and add it to shared object rxrpc: avoid clang -Wuninitialized warning tipc: tipc clang warning net: sched: fix cleanup NULL pointer exception in act_mirr r8169: fix cable re-plugging issue net: ethernet: ti: fix possible object reference leak net: ibm: fix possible object reference leak ...
author: Linus Torvalds <torvalds@linux-foundation.org> 2019-03-27 15:22:57 -0400
committer: Linus Torvalds <torvalds@linux-foundation.org> 2019-03-27 15:22:57 -0400
commit: 1a9df9e29c2afecf6e3089442d429b377279ca3c (patch)
tree: 609a39b5f4a3f5bdeb7031aac765e503b6d9d759 /net/tipc/socket.c
parent: 14c741de93861749dfb60b4964028541f5c506ca (diff)
parent: 8c838f53e149871561a9261ac768a9c7071b43d0 (diff)
1 files changed, 17 insertions, 5 deletions
diff --git a/net/tipc/socket.c b/net/tipc/socket.c
index 3274ef625dba..b542f14ed444 100644
--- a/net/tipc/socket.c
+++ b/net/tipc/socket.c
@@ -2349,6 +2349,16 @@ static int tipc_wait_for_connect(struct socket *sock, long *timeo_p)
        return 0;
 }
+static bool tipc_sockaddr_is_sane(struct sockaddr_tipc *addr)
+{
+        if (addr->family != AF_TIPC)
+                return false;
+        if (addr->addrtype == TIPC_SERVICE_RANGE)
+                return (addr->addr.nameseq.lower <= addr->addr.nameseq.upper);
+        return (addr->addrtype == TIPC_SERVICE_ADDR ||
+                addr->addrtype == TIPC_SOCKET_ADDR);
+}
 /**
 * tipc_connect - establish a connection to another TIPC port
 * @sock: socket structure
@@ -2384,18 +2394,18 @@ static int tipc_connect(struct socket *sock, struct sockaddr *dest,
                if (!tipc_sk_type_connectionless(sk))
                        res = -EINVAL;
                goto exit;
-        } else if (dst->family != AF_TIPC) {
-                res = -EINVAL;
        }
-        if (dst->addrtype != TIPC_ADDR_ID && dst->addrtype != TIPC_ADDR_NAME)
+        if (!tipc_sockaddr_is_sane(dst)) {
                res = -EINVAL;
-        if (res)
                goto exit;
+        }
        /* DGRAM/RDM connect(), just save the destaddr */
        if (tipc_sk_type_connectionless(sk)) {
                memcpy(&tsk->peer, dest, destlen);
                goto exit;
+        } else if (dst->addrtype == TIPC_SERVICE_RANGE) {
+                res = -EINVAL;
+                goto exit;
        }
        previous = sk->sk_state;
@@ -3255,6 +3265,8 @@ static int __tipc_nl_add_sk_con(struct sk_buff *skb, struct tipc_sock *tsk)
        peer_port = tsk_peer_port(tsk);
        nest = nla_nest_start(skb, TIPC_NLA_SOCK_CON);
+        if (!nest)
+                return -EMSGSIZE;
        if (nla_put_u32(skb, TIPC_NLA_CON_NODE, peer_node))
                goto msg_full;
author	Linus Torvalds <torvalds@linux-foundation.org>	2019-03-27 15:22:57 -0400
committer	Linus Torvalds <torvalds@linux-foundation.org>	2019-03-27 15:22:57 -0400
commit	1a9df9e29c2afecf6e3089442d429b377279ca3c (patch)
tree	609a39b5f4a3f5bdeb7031aac765e503b6d9d759 /net/tipc/socket.c
parent	14c741de93861749dfb60b4964028541f5c506ca (diff)
parent	8c838f53e149871561a9261ac768a9c7071b43d0 (diff)

diff --git a/net/tipc/socket.c b/net/tipc/socket.c index 3274ef625dba..b542f14ed444 100644 --- a/net/tipc/socket.c +++ b/net/tipc/socket.c
@@ -2349,6 +2349,16 @@ static int tipc_wait_for_connect(struct socket sock, long timeo_p)
2349	return 0;	2349	return 0;
2350	}	2350	}
2351		2351
		2352	static bool tipc_sockaddr_is_sane(struct sockaddr_tipc *addr)
		2353	{
		2354	if (addr->family != AF_TIPC)
		2355	return false;
		2356	if (addr->addrtype == TIPC_SERVICE_RANGE)
		2357	return (addr->addr.nameseq.lower <= addr->addr.nameseq.upper);
		2358	return (addr->addrtype == TIPC_SERVICE_ADDR \|\|
		2359	addr->addrtype == TIPC_SOCKET_ADDR);
		2360	}
		2361
2352	/**	2362	/**
2353	* tipc_connect - establish a connection to another TIPC port	2363	* tipc_connect - establish a connection to another TIPC port
2354	* @sock: socket structure	2364	* @sock: socket structure
@@ -2384,18 +2394,18 @@ static int tipc_connect(struct socket sock, struct sockaddr dest,
2384	if (!tipc_sk_type_connectionless(sk))	2394	if (!tipc_sk_type_connectionless(sk))
2385	res = -EINVAL;	2395	res = -EINVAL;
2386	goto exit;	2396	goto exit;
2387	} else if (dst->family != AF_TIPC) {
2388	res = -EINVAL;
2389	}	2397	}
2390	if (dst->addrtype != TIPC_ADDR_ID && dst->addrtype != TIPC_ADDR_NAME)	2398	if (!tipc_sockaddr_is_sane(dst)) {
2391	res = -EINVAL;	2399	res = -EINVAL;
2392	if (res)
2393	goto exit;	2400	goto exit;
2394		2401	}
2395	/* DGRAM/RDM connect(), just save the destaddr */	2402	/* DGRAM/RDM connect(), just save the destaddr */
2396	if (tipc_sk_type_connectionless(sk)) {	2403	if (tipc_sk_type_connectionless(sk)) {
2397	memcpy(&tsk->peer, dest, destlen);	2404	memcpy(&tsk->peer, dest, destlen);
2398	goto exit;	2405	goto exit;
		2406	} else if (dst->addrtype == TIPC_SERVICE_RANGE) {
		2407	res = -EINVAL;
		2408	goto exit;
2399	}	2409	}
2400		2410
2401	previous = sk->sk_state;	2411	previous = sk->sk_state;
@@ -3255,6 +3265,8 @@ static int __tipc_nl_add_sk_con(struct sk_buff skb, struct tipc_sock tsk)
3255	peer_port = tsk_peer_port(tsk);	3265	peer_port = tsk_peer_port(tsk);
3256		3266
3257	nest = nla_nest_start(skb, TIPC_NLA_SOCK_CON);	3267	nest = nla_nest_start(skb, TIPC_NLA_SOCK_CON);
		3268	if (!nest)
		3269	return -EMSGSIZE;
3258		3270
3259	if (nla_put_u32(skb, TIPC_NLA_CON_NODE, peer_node))	3271	if (nla_put_u32(skb, TIPC_NLA_CON_NODE, peer_node))
3260	goto msg_full;	3272	goto msg_full;