From: Willem de Bruijn <willemdebruijn.ker...@gmail.com>
Date: Sun, 30 Dec 2018 17:24:36 -0500
> From: Willem de Bruijn <will...@google.com>
>
> KMSAN detected read beyond end of buffer in vti and sit devices when
> passing truncated packets with PF_PACKET. The issue affects additional
> ip tunnel devices.
>
> Extend commit 76c0ddd8c3a6 ("ip6_tunnel: be careful when accessing the
> inner header") and commit ccfec9e5cb2d ("ip_tunnel: be careful when
> accessing the inner header").
>
> Move the check to a separate helper and call at the start of each
> ndo_start_xmit function in net/ipv4 and net/ipv6.
>
> Minor changes:
> - convert dev_kfree_skb to kfree_skb on error path,
> as dev_kfree_skb calls consume_skb which is not for error paths.
> - use pskb_network_may_pull even though that is pedantic here,
> as the same as pskb_may_pull for devices without llheaders.
> - do not cache ipv6 hdrs if used only once
> (unsafe across pskb_may_pull, was more relevant to earlier patch)
>
> Reported-by: syzbot <syzkal...@googlegroups.com>
> Signed-off-by: Willem de Bruijn <will...@google.com>
Applied and queued up for -stable, thanks Willem.
