linux-stable

mirror of https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git synced 2024-09-15 23:25:07 +00:00

History

Eric Dumazet aa54069507 netlink: do not hard code device address lenth in fdb dumps syzbot reports that some netdev devices do not have a six bytes address [1] Replace ETH_ALEN by dev->addr_len. [1] (Case of a device where dev->addr_len = 4) BUG: KMSAN: kernel-infoleak in instrument_copy_to_user include/linux/instrumented.h:114 [inline] BUG: KMSAN: kernel-infoleak in copyout+0xb8/0x100 lib/iov_iter.c:169 instrument_copy_to_user include/linux/instrumented.h:114 [inline] copyout+0xb8/0x100 lib/iov_iter.c:169 _copy_to_iter+0x6d8/0x1d00 lib/iov_iter.c:536 copy_to_iter include/linux/uio.h:206 [inline] simple_copy_to_iter+0x68/0xa0 net/core/datagram.c:513 __skb_datagram_iter+0x123/0xdc0 net/core/datagram.c:419 skb_copy_datagram_iter+0x5c/0x200 net/core/datagram.c:527 skb_copy_datagram_msg include/linux/skbuff.h:3960 [inline] netlink_recvmsg+0x4ae/0x15a0 net/netlink/af_netlink.c:1970 sock_recvmsg_nosec net/socket.c:1019 [inline] sock_recvmsg net/socket.c:1040 [inline] ____sys_recvmsg+0x283/0x7f0 net/socket.c:2722 ___sys_recvmsg+0x223/0x840 net/socket.c:2764 do_recvmmsg+0x4f9/0xfd0 net/socket.c:2858 __sys_recvmmsg net/socket.c:2937 [inline] __do_sys_recvmmsg net/socket.c:2960 [inline] __se_sys_recvmmsg net/socket.c:2953 [inline] __x64_sys_recvmmsg+0x397/0x490 net/socket.c:2953 do_syscall_x64 arch/x86/entry/common.c:50 [inline] do_syscall_64+0x41/0xc0 arch/x86/entry/common.c:80 entry_SYSCALL_64_after_hwframe+0x63/0xcd Uninit was stored to memory at: __nla_put lib/nlattr.c:1009 [inline] nla_put+0x1c6/0x230 lib/nlattr.c:1067 nlmsg_populate_fdb_fill+0x2b8/0x600 net/core/rtnetlink.c:4071 nlmsg_populate_fdb net/core/rtnetlink.c:4418 [inline] ndo_dflt_fdb_dump+0x616/0x840 net/core/rtnetlink.c:4456 rtnl_fdb_dump+0x14ff/0x1fc0 net/core/rtnetlink.c:4629 netlink_dump+0x9d1/0x1310 net/netlink/af_netlink.c:2268 netlink_recvmsg+0xc5c/0x15a0 net/netlink/af_netlink.c:1995 sock_recvmsg_nosec+0x7a/0x120 net/socket.c:1019 ____sys_recvmsg+0x664/0x7f0 net/socket.c:2720 ___sys_recvmsg+0x223/0x840 net/socket.c:2764 do_recvmmsg+0x4f9/0xfd0 net/socket.c:2858 __sys_recvmmsg net/socket.c:2937 [inline] __do_sys_recvmmsg net/socket.c:2960 [inline] __se_sys_recvmmsg net/socket.c:2953 [inline] __x64_sys_recvmmsg+0x397/0x490 net/socket.c:2953 do_syscall_x64 arch/x86/entry/common.c:50 [inline] do_syscall_64+0x41/0xc0 arch/x86/entry/common.c:80 entry_SYSCALL_64_after_hwframe+0x63/0xcd Uninit was created at: slab_post_alloc_hook+0x12d/0xb60 mm/slab.h:716 slab_alloc_node mm/slub.c:3451 [inline] __kmem_cache_alloc_node+0x4ff/0x8b0 mm/slub.c:3490 kmalloc_trace+0x51/0x200 mm/slab_common.c:1057 kmalloc include/linux/slab.h:559 [inline] __hw_addr_create net/core/dev_addr_lists.c:60 [inline] __hw_addr_add_ex+0x2e5/0x9e0 net/core/dev_addr_lists.c:118 __dev_mc_add net/core/dev_addr_lists.c:867 [inline] dev_mc_add+0x9a/0x130 net/core/dev_addr_lists.c:885 igmp6_group_added+0x267/0xbc0 net/ipv6/mcast.c:680 ipv6_mc_up+0x296/0x3b0 net/ipv6/mcast.c:2754 ipv6_mc_remap+0x1e/0x30 net/ipv6/mcast.c:2708 addrconf_type_change net/ipv6/addrconf.c:3731 [inline] addrconf_notify+0x4d3/0x1d90 net/ipv6/addrconf.c:3699 notifier_call_chain kernel/notifier.c:93 [inline] raw_notifier_call_chain+0xe4/0x430 kernel/notifier.c:461 call_netdevice_notifiers_info net/core/dev.c:1935 [inline] call_netdevice_notifiers_extack net/core/dev.c:1973 [inline] call_netdevice_notifiers+0x1ee/0x2d0 net/core/dev.c:1987 bond_enslave+0xccd/0x53f0 drivers/net/bonding/bond_main.c:1906 do_set_master net/core/rtnetlink.c:2626 [inline] rtnl_newlink_create net/core/rtnetlink.c:3460 [inline] __rtnl_newlink net/core/rtnetlink.c:3660 [inline] rtnl_newlink+0x378c/0x40e0 net/core/rtnetlink.c:3673 rtnetlink_rcv_msg+0x16a6/0x1840 net/core/rtnetlink.c:6395 netlink_rcv_skb+0x371/0x650 net/netlink/af_netlink.c:2546 rtnetlink_rcv+0x34/0x40 net/core/rtnetlink.c:6413 netlink_unicast_kernel net/netlink/af_netlink.c:1339 [inline] netlink_unicast+0xf28/0x1230 net/netlink/af_netlink.c:1365 netlink_sendmsg+0x122f/0x13d0 net/netlink/af_netlink.c:1913 sock_sendmsg_nosec net/socket.c:724 [inline] sock_sendmsg net/socket.c:747 [inline] ____sys_sendmsg+0x999/0xd50 net/socket.c:2503 ___sys_sendmsg+0x28d/0x3c0 net/socket.c:2557 __sys_sendmsg net/socket.c:2586 [inline] __do_sys_sendmsg net/socket.c:2595 [inline] __se_sys_sendmsg net/socket.c:2593 [inline] __x64_sys_sendmsg+0x304/0x490 net/socket.c:2593 do_syscall_x64 arch/x86/entry/common.c:50 [inline] do_syscall_64+0x41/0xc0 arch/x86/entry/common.c:80 entry_SYSCALL_64_after_hwframe+0x63/0xcd Bytes 2856-2857 of 3500 are uninitialized Memory access of size 3500 starts at ffff888018d99104 Data copied to user address 0000000020000480 Fixes: `d83b060360` ("net: add fdb generic dump routine") Reported-by: syzbot <syzkaller@googlegroups.com> Signed-off-by: Eric Dumazet <edumazet@google.com> Reviewed-by: Jiri Pirko <jiri@nvidia.com> Link: https://lore.kernel.org/r/20230621174720.1845040-1-edumazet@google.com Signed-off-by: Jakub Kicinski <kuba@kernel.org>		2023-06-22 19:36:58 -07:00
..
bpf_sk_storage.c	bpf: Teach verifier that certain helpers accept NULL pointer.	2023-04-04 16:57:16 -07:00
datagram.c	net: datagram: fix data-races in datagram_poll()	2023-05-10 19:06:49 -07:00
dev.c	net: sched: add rcu annotations around qdisc->qdisc_sleeping	2023-06-07 10:25:39 +01:00
dev.h	net-sysctl: factor-out rpm mask manipulation helpers	2023-02-09 17:45:55 -08:00
dev_addr_lists.c	net: extract a few internals from netdevice.h	2022-04-07 20:32:09 -07:00
dev_addr_lists_test.c	kunit: Use KUNIT_EXPECT_MEMEQ macro	2022-10-27 02:40:14 -06:00
dev_ioctl.c	net: dsa: replace NETDEV_PRE_CHANGE_HWTSTAMP notifier with a stub	2023-04-09 15:35:49 +01:00
drop_monitor.c	net: extend drop reasons for multiple subsystems	2023-04-20 20:20:49 -07:00
dst.c	net: dst: fix missing initialization of rt_uncached	2023-04-21 20:26:56 -07:00
dst_cache.c
failover.c	net: failover: use IFF_NO_ADDRCONF flag to prevent ipv6 addrconf	2022-12-12 15:18:25 -08:00
fib_notifier.c
fib_rules.c
filter.c	bpf: minimal support for programs hooked into netfilter framework	2023-04-21 11:34:14 -07:00
flow_dissector.c	Merge git://git.kernel.org/pub/scm/linux/kernel/git/netdev/net	2022-11-29 13:04:52 -08:00
flow_offload.c	net: flow_offload: add support for ARP frame matching	2022-11-14 11:24:16 +00:00
gen_estimator.c	treewide: Convert del_timer() to timer_shutdown()	2022-12-25 13:38:09 -08:00
gen_stats.c	net: Remove the obsolte u64_stats_fetch_*_irq() users (net).	2022-10-28 20:13:54 -07:00
gro.c	net: skbuff: update and rename __kfree_skb_defer()	2023-04-20 19:25:08 -07:00
gro_cells.c	net: drop the weight argument from netif_napi_add	2022-09-28 18:57:14 -07:00
hwbm.c
link_watch.c	net: linkwatch: only report IF_OPER_LOWERLAYERDOWN if iflink is actually down	2022-11-16 09:45:00 +00:00
lwt_bpf.c	bpf, lwt: Fix crash when using bpf_skb_set_tunnel_key() from bpf_xmit lwt hook	2022-04-22 17:45:25 +02:00
lwtunnel.c	xfrm: lwtunnel: squelch kernel warning in case XFRM encap type is not available	2022-10-12 10:45:51 +02:00
Makefile	netdev-genl: create a simple family for netdev stuff	2023-02-02 20:48:23 -08:00
neighbour.c	neighbour: switch to standard rcu, instead of rcu_bh	2023-03-21 21:32:18 -07:00
net-procfs.c	net-sysfs: display two backlog queue len separately	2023-03-22 12:03:52 +01:00
net-sysfs.c	net: make default_rps_mask a per netns attribute	2023-02-20 11:22:54 +00:00
net-sysfs.h
net-traces.c	net: bridge: Add a tracepoint for MDB overflows	2023-02-06 08:48:25 +00:00
net_namespace.c	kill the last remaining user of proc_ns_fget()	2023-04-20 22:55:35 -04:00
netclassid_cgroup.c	core: Variable type completion	2022-08-31 09:40:34 +01:00
netdev-genl-gen.c	tools: ynl: skip the explicit op array size when not needed	2023-03-21 21:45:31 -07:00
netdev-genl-gen.h	ynl: broaden the license even more	2023-03-16 21:20:32 -07:00
netdev-genl.c	netdev-genl: create a simple family for netdev stuff	2023-02-02 20:48:23 -08:00
netevent.c
netpoll.c	net: don't let netpoll invoke NAPI if in xmit context	2023-04-02 13:26:21 +01:00
netprio_cgroup.c
of_net.c	of: net: export of_get_mac_address_nvmem()	2022-11-29 10:45:53 +01:00
page_pool.c	page_pool: fix inconsistency for page_pool_ring_[un]lock()	2023-05-23 20:25:13 -07:00
pktgen.c	treewide: use get_random_u32_inclusive() when possible	2022-11-18 02:18:02 +01:00
ptp_classifier.c
request_sock.c
rtnetlink.c	netlink: do not hard code device address lenth in fdb dumps	2023-06-22 19:36:58 -07:00
scm.c	net: Ensure ->msg_control_user is used for user buffers	2023-04-14 11:09:27 +01:00
secure_seq.c	tcp: Fix data-races around sysctl knobs related to SYN option.	2022-07-20 10:14:49 +01:00
selftests.c
skbuff.c	net: fix skb leak in __skb_tstamp_tx()	2023-05-23 20:51:43 -07:00
skmsg.c	bpf, sockmap: Avoid potential NULL dereference in sk_psock_verdict_data_ready()	2023-06-01 14:44:53 +02:00
sock.c	revert "net: align SO_RCVMARK required privileges with SO_MARK"	2023-06-22 11:45:23 +02:00
sock_destructor.h
sock_diag.c	net: fix __sock_gen_cookie()	2022-11-21 20:36:30 -08:00
sock_map.c	bpf, sockmap: Convert schedule_work into delayed_work	2023-05-23 16:09:56 +02:00
sock_reuseport.c	soreuseport: Fix socket selection for SO_INCOMING_CPU.	2022-10-25 11:35:16 +02:00
stream.c	net: deal with most data-races in sk_wait_event()	2023-05-10 10:03:32 +01:00
sysctl_net_core.c	net/sysctl: Rename kvfree_rcu() to kvfree_rcu_mightsleep()	2023-04-05 13:48:04 +00:00
timestamping.c
tso.c	net: tso: inline tso_count_descs()	2022-12-12 15:04:39 -08:00
utils.c	net: core: inet[46]_pton strlen len types	2022-11-01 21:14:39 -07:00
xdp.c	bpf-next-for-netdev	2023-04-13 16:43:38 -07:00