MIRRORS/linux-yocto
1
0
Fork 0
mirror of git://git.yoctoproject.org/linux-yocto.git synced 2025-12-22 18:47:06 +01:00
Code Issues Actions Packages Projects Releases Wiki Activity
d5dc97879a
linux-yocto/net/smc
History
D. Wythe 35a306bb53 net/smc: fix mismatch between CLC header and proposal 
[ Upstream commit ec33f2e5a2 ]

The current CLC proposal message construction uses a mix of
`ini->smc_type_v1/v2` and `pclc_base->hdr.typev1/v2` to decide whether
to include optional extensions (IPv6 prefix extension for v1, and v2
extension). This leads to a critical inconsistency: when
`smc_clc_prfx_set()` fails - for example, in IPv6-only environments with
only link-local addresses, or when the local IP address and the outgoing
interface’s network address are not in the same subnet.

As a result, the proposal message is assembled using the stale
`ini->smc_type_v1` value—causing the IPv6 prefix extension to be
included even though the header indicates v1 is not supported.
The peer then receives a malformed CLC proposal where the header type
does not match the payload, and immediately resets the connection.

The fix ensures consistency between the CLC header flags and the actual
payload by synchronizing `ini->smc_type_v1` with `pclc_base->hdr.typev1`
when prefix setup fails.

Fixes: 8c3dca341a ("net/smc: build and send V2 CLC proposal")
Signed-off-by: D. Wythe <alibuda@linux.alibaba.com>
Reviewed-by: Alexandra Winter <wintera@linux.ibm.com>
Link: https://patch.msgid.link/20251107024029.88753-1-alibuda@linux.alibaba.com
Signed-off-by: Jakub Kicinski <kuba@kernel.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
2025-11-24 10:35:50 +01:00
..
af_smc.c net/smc: fix UAF on smcsk after smc_listen_out() 2025-08-28 16:31:14 +02:00
Kconfig
Makefile
smc_cdc.c
smc_cdc.h
smc_clc.c net/smc: fix mismatch between CLC header and proposal 2025-11-24 10:35:50 +01:00
smc_clc.h net/smc: check smcd_v2_ext_offset when receiving proposal msg 2024-12-27 14:02:02 +01:00
smc_close.c
smc_close.h
smc_core.c net/smc: protect link down work from execute after lgr freed 2024-12-27 14:02:01 +01:00
smc_core.h
smc_diag.c
smc_ib.c net/smc: fix one NULL pointer dereference in smc_ib_is_sg_need_sync() 2025-09-09 18:58:08 +02:00
smc_ib.h
smc_inet.c net/smc: fix general protection fault in __smc_diag_dump 2025-10-29 14:08:54 +01:00
smc_inet.h
smc_ism.c
smc_ism.h
smc_llc.c
smc_llc.h
smc_loopback.c net/smc: fix warning in smc_rx_splice() when calling get_page() 2025-10-02 13:44:10 +02:00
smc_loopback.h
smc_netlink.c
smc_netlink.h
smc_netns.h
smc_pnet.c net/smc: use the correct ndev to find pnetid by pnetid table 2025-05-29 11:02:18 +02:00
smc_pnet.h
smc_rx.c net/smc: fix data error when recvmsg with MSG_PEEK flag 2025-02-08 09:57:16 +01:00
smc_rx.h net/smc: fix data error when recvmsg with MSG_PEEK flag 2025-02-08 09:57:16 +01:00
smc_stats.c
smc_stats.h
smc_sysctl.c
smc_sysctl.h
smc_tracepoint.c
smc_tracepoint.h
smc_tx.c
smc_tx.h
smc_wr.c
smc_wr.h
smc.h smc: Fix various oops due to inet_sock type confusion. 2025-07-24 08:56:31 +02:00