tjh.dev / kernel
Linux kernel mirror (for testing) git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git
kernel os linux
fork atom

Merge branch 'fou-gue-fix-skb-memleak-with-inner-protocol-0'

Kuniyuki Iwashima says:

====================
fou/gue: Fix skb memleak with inner protocol 0.

syzbot reported memleak for a GUE packet with its inner
protocol number 0.

Patch 1 fixes the issue, and patch 3 fixes the same issue
in FOU.
====================

Link: https://patch.msgid.link/20260115172533.693652-1-kuniyu@google.com
Signed-off-by: Jakub Kicinski <kuba@kernel.org>

Jakub Kicinski 6a5e5a3d ff773794

+7 -2
+2
Documentation/netlink/specs/fou.yaml
··· 39 39 - 40 40 name: ipproto 41 41 type: u8 42 + checks: 43 + min: 1 42 44 - 43 45 name: type 44 46 type: u8
+3
net/ipv4/fou_core.c
··· 215 215 return gue_control_message(skb, guehdr); 216 216 217 217 proto_ctype = guehdr->proto_ctype; 218 + if (unlikely(!proto_ctype)) 219 + goto drop; 220 + 218 221 __skb_pull(skb, sizeof(struct udphdr) + hdrlen); 219 222 skb_reset_transport_header(skb); 220 223
+1 -1
net/ipv4/fou_nl.c
··· 15 15 const struct nla_policy fou_nl_policy[FOU_ATTR_IFINDEX + 1] = { 16 16 [FOU_ATTR_PORT] = { .type = NLA_BE16, }, 17 17 [FOU_ATTR_AF] = { .type = NLA_U8, }, 18 - [FOU_ATTR_IPPROTO] = { .type = NLA_U8, }, 18 + [FOU_ATTR_IPPROTO] = NLA_POLICY_MIN(NLA_U8, 1), 19 19 [FOU_ATTR_TYPE] = { .type = NLA_U8, }, 20 20 [FOU_ATTR_REMCSUM_NOPARTIAL] = { .type = NLA_FLAG, }, 21 21 [FOU_ATTR_LOCAL_V4] = { .type = NLA_U32, },
+1 -1
tools/net/ynl/ynl-regen.sh
··· 21 21 for f in $files; do 22 22 # params: 0 1 2 3 23 23 # $YAML YNL-GEN kernel $mode 24 - params=( $(git grep -B1 -h '/\* YNL-GEN' $f | sed 's@/\*\(.*\)\*/@\1@') ) 24 + params=( $(git grep --no-line-number -B1 -h '/\* YNL-GEN' $f | sed 's@/\*\(.*\)\*/@\1@') ) 25 25 args=$(sed -n 's@/\* YNL-ARG \(.*\) \*/@\1@p' $f) 26 26 27 27 if [ $f -nt ${params[0]} -a -z "$force" ]; then