Donate to e Foundation | Murena handsets with /e/OS | Own a part of Murena! Learn more

Skip to content
Unverified Commit 53df5bf8 authored by Willem de Bruijn's avatar Willem de Bruijn Committed by Harsh Shandilya
Browse files

tun: read vnet_hdr_sz once 



commit e1edab87faf6ca30cd137e0795bc73aa9a9a22ec upstream.

When IFF_VNET_HDR is enabled, a virtio_net header must precede data.
Data length is verified to be greater than or equal to expected header
length tun->vnet_hdr_sz before copying.

Read this value once and cache locally, as it can be updated between
the test and use (TOCTOU).

[js] we have TUN_VNET_HDR in 3.12

Signed-off-by: default avatarWillem de Bruijn <willemb@google.com>
Reported-by: default avatarDmitry Vyukov <dvyukov@google.com>
CC: Eric Dumazet <edumazet@google.com>
Acked-by: default avatarEric Dumazet <edumazet@google.com>
Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
Signed-off-by: default avatarJiri Slaby <jslaby@suse.cz>
[wt: s/READ_ONCE/ACCESS_ONCE]
Signed-off-by: default avatarWilly Tarreau <w@1wt.eu>
parent da6addfb
Hide whitespace changes
Inline Side-by-side
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Please register or to comment