korg/linux
0
0
Fork 0
mirror of https://mirrors.bfsu.edu.cn/git/linux.git synced 2024-11-25 05:04:09 +08:00
Code Issues Packages Projects Releases Wiki Activity
687775cec0
linux/net
History
Eric Dumazet 687775cec0 ax25: fix setsockopt(SO_BINDTODEVICE) 
syzbot was able to trigger this trace [1], probably by using
a zero optlen.

While we are at it, cap optlen to IFNAMSIZ - 1 instead of IFNAMSIZ.

[1]
BUG: KMSAN: uninit-value in strnlen+0xf9/0x170 lib/string.c:569
CPU: 0 PID: 8807 Comm: syz-executor483 Not tainted 5.7.0-rc4-syzkaller #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
Call Trace:
 __dump_stack lib/dump_stack.c:77 [inline]
 dump_stack+0x1c9/0x220 lib/dump_stack.c:118
 kmsan_report+0xf7/0x1e0 mm/kmsan/kmsan_report.c:121
 __msan_warning+0x58/0xa0 mm/kmsan/kmsan_instr.c:215
 strnlen+0xf9/0x170 lib/string.c:569
 dev_name_hash net/core/dev.c:207 [inline]
 netdev_name_node_lookup net/core/dev.c:277 [inline]
 __dev_get_by_name+0x75/0x2b0 net/core/dev.c:778
 ax25_setsockopt+0xfa3/0x1170 net/ax25/af_ax25.c:654
 __compat_sys_setsockopt+0x4ed/0x910 net/compat.c:403
 __do_compat_sys_setsockopt net/compat.c:413 [inline]
 __se_compat_sys_setsockopt+0xdd/0x100 net/compat.c:410
 __ia32_compat_sys_setsockopt+0x62/0x80 net/compat.c:410
 do_syscall_32_irqs_on arch/x86/entry/common.c:339 [inline]
 do_fast_syscall_32+0x3bf/0x6d0 arch/x86/entry/common.c:398
 entry_SYSENTER_compat+0x68/0x77 arch/x86/entry/entry_64_compat.S:139
RIP: 0023:0xf7f57dd9
Code: 90 e8 0b 00 00 00 f3 90 0f ae e8 eb f9 8d 74 26 00 89 3c 24 c3 90 90 90 90 90 90 90 90 90 90 90 90 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 eb 0d 90 90 90 90 90 90 90 90 90 90 90 90
RSP: 002b:00000000ffae8c1c EFLAGS: 00000217 ORIG_RAX: 000000000000016e
RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000000000101
RDX: 0000000000000019 RSI: 0000000020000000 RDI: 0000000000000004
RBP: 0000000000000012 R08: 0000000000000000 R09: 0000000000000000
R10: 0000000000000000 R11: 0000000000000000 R12: 0000000000000000
R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000

Local variable ----devname@ax25_setsockopt created at:
 ax25_setsockopt+0xe6/0x1170 net/ax25/af_ax25.c:536
 ax25_setsockopt+0xe6/0x1170 net/ax25/af_ax25.c:536

Fixes: 1da177e4c3 ("Linux-2.6.12-rc2")
Signed-off-by: Eric Dumazet <edumazet@google.com>
Reported-by: syzbot <syzkaller@googlegroups.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
2020-05-20 20:59:07 -07:00
..
6lowpan
9p 9pnet: allow making incomplete read requests 2020-03-27 09:29:56 +00:00
802 net: 802: psnap.c: Use built-in RCU list checking 2020-02-24 13:02:53 -08:00
8021q net: vlan: suppress "failed to kill vid" warnings 2020-02-17 14:30:54 -08:00
appletalk
atm atm: fix a memory leak of vcc->user_back 2020-05-04 11:59:38 -07:00
ax25 ax25: fix setsockopt(SO_BINDTODEVICE) 2020-05-20 20:59:07 -07:00
batman-adv batman-adv: Fix refcnt leak in batadv_v_ogm_process 2020-04-21 10:08:05 +02:00
bluetooth Bluetooth: L2CAP: Use DEFER_SETUP to group ECRED connections 2020-03-25 22:16:08 +01:00
bpf bpf: Fix build warning regarding missing prototypes 2020-03-28 18:13:18 +01:00
bpfilter SPDX patches for 5.7-rc1. 2020-04-03 13:12:26 -07:00
bridge net: bridge: vlan: Add a schedule point during VLAN processing 2020-04-30 17:45:41 -07:00
caif net: caif: Add lockdep expression to RCU traversal primitive 2020-03-11 22:55:25 -07:00
can
ceph libceph: directly skip to the end of redirect reply 2020-03-30 12:42:41 +02:00
core __netif_receive_skb_core: pass skb by reference 2020-05-19 15:38:00 -07:00
dcb
dccp Merge git://git.kernel.org/pub/scm/linux/kernel/git/bpf/bpf-next 2020-02-29 15:53:35 -08:00
decnet Remove DST_HOST 2020-03-23 21:57:44 -07:00
dns_resolver KEYS: Don't write out to userspace while holding key semaphore 2020-03-29 12:40:41 +01:00
dsa net: dsa: mt7530: fix roaming from DSA user ports 2020-05-16 13:49:28 -07:00
ethernet net: remove eth_change_mtu 2020-01-27 11:09:31 +01:00
ethtool ethtool: provide timestamping information with TSINFO_GET request 2020-03-29 22:32:37 -07:00
hsr net: hsr: fix incorrect type usage for protocol variable 2020-05-06 15:00:20 -07:00
ieee802154 nl802154: add missing attribute validation for dev_type 2020-03-03 13:28:48 -08:00
ife
ipv4 net: inet_csk: Fix so_reuseport bind-address cache in tb->fast* 2020-05-19 15:36:21 -07:00
ipv6 ipv6: Fix suspicious RCU usage warning in ip6mr 2020-05-16 13:41:53 -07:00
iucv
kcm net: kcm: kcmproc.c: Fix RCU list suspicious usage warning 2020-03-16 17:14:02 -07:00
key
l2tp l2tp: Allow management of tunnels and session in user namespace 2020-04-08 14:30:46 -07:00
l3mdev
lapb
llc af_llc: fix if-statement empty body warning 2020-02-26 20:38:13 -08:00
mac80211 mac80211: sta_info: Add lockdep condition for RCU list usage 2020-04-24 11:31:20 +02:00
mac802154
mpls net: add net available in build_state 2020-03-29 22:30:57 -07:00
mptcp mptcp: use rightmost 64 bits in ADD_ADDR HMAC 2020-05-19 12:35:51 -07:00
ncsi net/ncsi: Support for multi host mellanox card 2020-01-09 18:36:22 -08:00
netfilter netfilter: nft_set_rbtree: Add missing expired checks 2020-05-12 13:19:34 +02:00
netlabel netlabel: cope with NULL catmap 2020-05-12 18:12:40 -07:00
netlink Merge git://git.kernel.org/pub/scm/linux/kernel/git/netdev/net 2020-03-25 18:58:11 -07:00
netrom net: netrom: Fix potential nr_neigh refcnt leak in nr_add_node 2020-04-18 13:09:46 -07:00
nfc Merge git://git.kernel.org/pub/scm/linux/kernel/git/netdev/net 2020-03-12 22:34:48 -07:00
nsh
openvswitch net: openvswitch: ovs_ct_exit to be done under ovs_lock 2020-04-20 10:53:54 -07:00
packet net/packet: tpacket_rcv: avoid a producer race condition 2020-03-15 00:25:25 -07:00
phonet
psample
qrtr net: qrtr: send msgs from local of same id as broadcast 2020-04-09 10:08:31 -07:00
rds net/rds: Use ERR_PTR for rds_message_alloc_sgs() 2020-04-15 12:33:29 -07:00
rfkill
rose Merge git://git.kernel.org/pub/scm/linux/kernel/git/netdev/net 2020-01-26 10:40:21 +01:00
rxrpc rxrpc: Fix DATA Tx to disable nofrag for UDP on AF_INET6 socket 2020-04-14 16:26:47 -07:00
sched net: flow_offload: skip hw stats check for FLOW_ACTION_HW_STATS_DONT_CARE 2020-05-06 20:13:10 -07:00
sctp sctp: Don't add the shutdown timer if its already been added 2020-05-19 15:46:52 -07:00
smc Merge git://git.kernel.org/pub/scm/linux/kernel/git/netdev/net 2020-03-12 22:34:48 -07:00
strparser
sunrpc Fixes: 2020-05-11 12:04:52 -07:00
switchdev net: switchdev: do not propagate bridge updates across bridges 2020-02-26 20:58:33 -08:00
tipc tipc: fix failed service subscription deletion 2020-05-13 12:33:19 -07:00
tls net/tls: Fix sk_psock refcnt leak when in tls_data_ready() 2020-04-27 11:22:38 -07:00
unix net: datagram: drop 'destructor' argument from several helpers 2020-02-28 12:12:53 -08:00
vmw_vsock vsock/virtio: fix multiple packet delivery to monitoring devices 2020-04-27 10:18:01 -07:00
wimax
wireless nl80211: fix NL80211_ATTR_FTM_RESPONDER policy 2020-04-14 12:28:48 +02:00
x25 net/x25: Fix null-ptr-deref in x25_disconnect 2020-04-28 14:08:59 -07:00
xdp xsk: Add missing check on user supplied headroom size 2020-04-15 13:07:18 +02:00
xfrm Merge branch 'master' of git://git.kernel.org/pub/scm/linux/kernel/git/klassert/ipsec-next 2020-03-30 10:59:20 -07:00
compat.c net: abstract out normal and compat msghdr import 2020-03-10 09:12:49 -06:00
Kconfig net: Fix CONFIG_NET_CLS_ACT=n and CONFIG_NFT_FWD_NETDEV={y, m} build 2020-03-25 12:24:33 -07:00
Makefile mptcp: Add MPTCP socket stubs 2020-01-24 13:44:07 +01:00
socket.c for-5.7/io_uring-2020-03-29 2020-03-30 12:18:49 -07:00
sysctl_net.c