linux

korg/linux

mirror of https://mirrors.bfsu.edu.cn/git/linux.git synced 2024-11-29 15:14:18 +08:00

History

Eric Dumazet d8b57135fd net: hsr: avoid possible NULL deref in skb_clone() syzbot got a crash [1] in skb_clone(), caused by a bug in hsr_get_untagged_frame(). When/if create_stripped_skb_hsr() returns NULL, we must not attempt to call skb_clone(). While we are at it, replace a WARN_ONCE() by netdev_warn_once(). [1] general protection fault, probably for non-canonical address 0xdffffc000000000f: 0000 [#1] PREEMPT SMP KASAN KASAN: null-ptr-deref in range [0x0000000000000078-0x000000000000007f] CPU: 1 PID: 754 Comm: syz-executor.0 Not tainted 6.0.0-syzkaller-02734-g0326074ff465 #0 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/22/2022 RIP: 0010:skb_clone+0x108/0x3c0 net/core/skbuff.c:1641 Code: 93 02 00 00 49 83 7c 24 28 00 0f 85 e9 00 00 00 e8 5d 4a 29 fa 4c 8d 75 7e 48 b8 00 00 00 00 00 fc ff df 4c 89 f2 48 c1 ea 03 <0f> b6 04 02 4c 89 f2 83 e2 07 38 d0 7f 08 84 c0 0f 85 9e 01 00 00 RSP: 0018:ffffc90003ccf4e0 EFLAGS: 00010207 RAX: dffffc0000000000 RBX: ffffc90003ccf5f8 RCX: ffffc9000c24b000 RDX: 000000000000000f RSI: ffffffff8751cb13 RDI: 0000000000000000 RBP: 0000000000000000 R08: 00000000000000f0 R09: 0000000000000140 R10: fffffbfff181d972 R11: 0000000000000000 R12: ffff888161fc3640 R13: 0000000000000a20 R14: 000000000000007e R15: ffffffff8dc5f620 FS: 00007feb621e4700(0000) GS:ffff8880b9b00000(0000) knlGS:0000000000000000 CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 CR2: 00007feb621e3ff8 CR3: 00000001643a9000 CR4: 00000000003506e0 DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 Call Trace: <TASK> hsr_get_untagged_frame+0x4e/0x610 net/hsr/hsr_forward.c:164 hsr_forward_do net/hsr/hsr_forward.c:461 [inline] hsr_forward_skb+0xcca/0x1d50 net/hsr/hsr_forward.c:623 hsr_handle_frame+0x588/0x7c0 net/hsr/hsr_slave.c:69 __netif_receive_skb_core+0x9fe/0x38f0 net/core/dev.c:5379 __netif_receive_skb_one_core+0xae/0x180 net/core/dev.c:5483 __netif_receive_skb+0x1f/0x1c0 net/core/dev.c:5599 netif_receive_skb_internal net/core/dev.c:5685 [inline] netif_receive_skb+0x12f/0x8d0 net/core/dev.c:5744 tun_rx_batched+0x4ab/0x7a0 drivers/net/tun.c:1544 tun_get_user+0x2686/0x3a00 drivers/net/tun.c:1995 tun_chr_write_iter+0xdb/0x200 drivers/net/tun.c:2025 call_write_iter include/linux/fs.h:2187 [inline] new_sync_write fs/read_write.c:491 [inline] vfs_write+0x9e9/0xdd0 fs/read_write.c:584 ksys_write+0x127/0x250 fs/read_write.c:637 do_syscall_x64 arch/x86/entry/common.c:50 [inline] do_syscall_64+0x35/0xb0 arch/x86/entry/common.c:80 entry_SYSCALL_64_after_hwframe+0x63/0xcd Fixes: `f266a683a4` ("net/hsr: Better frame dispatch") Reported-by: syzbot <syzkaller@googlegroups.com> Signed-off-by: Eric Dumazet <edumazet@google.com> Link: https://lore.kernel.org/r/20221017165928.2150130-1-edumazet@google.com Signed-off-by: Jakub Kicinski <kuba@kernel.org>		2022-10-18 19:18:27 -07:00
..
6lowpan
9p	net/9p: clarify trans_fd parse_opt failure handling	2022-10-07 21:23:09 +09:00
802
8021q	net: gro: skb_gro_header helper function	2022-08-25 10:33:21 +02:00
appletalk
atm	net/atm: fix proc_mpc_write incorrect return value	2022-10-15 11:08:36 +01:00
ax25	ax25: move from strlcpy with unused retval to strscpy	2022-08-22 17:55:50 -07:00
batman-adv	Merge git://git.kernel.org/pub/scm/linux/kernel/git/netdev/net	2022-09-22 13:02:10 -07:00
bluetooth	Driver core changes for 6.1-rc1	2022-10-07 17:04:10 -07:00
bpf	selftests/bpf: Add tests for kfunc returning a memory pointer	2022-09-07 11:05:17 -07:00
bpfilter
bridge	net: bridge: assign path_cost for 2.5G and 5G link speed	2022-09-30 12:35:29 +01:00
caif	caif: move from strlcpy with unused retval to strscpy	2022-08-22 17:57:35 -07:00
can	can: bcm: check the result of can_send() in bcm_can_tx()	2022-09-23 13:53:10 +02:00
ceph	libceph: drop last_piece flag from ceph_msg_data_cursor	2022-10-04 19:18:08 +02:00
core	udp: Update reuse->has_conns under reuseport_lock.	2022-10-18 10:17:18 +02:00
dcb
dccp	tcp: Introduce optional per-netns ehash.	2022-09-20 10:21:50 -07:00
dns_resolver
dsa	net: dsa: uninitialized variable in dsa_slave_netdevice_event()	2022-10-15 11:15:27 +01:00
ethernet	net: gro: skb_gro_header helper function	2022-08-25 10:33:21 +02:00
ethtool	ethtool: add interface to interact with Ethernet Power Equipment	2022-10-03 17:33:57 -07:00
hsr	net: hsr: avoid possible NULL deref in skb_clone()	2022-10-18 19:18:27 -07:00
ieee802154	net/ieee802154: don't warn zero-sized raw_sendmsg()	2022-10-05 12:37:10 +02:00
ife
ipv4	udp: Update reuse->has_conns under reuseport_lock.	2022-10-18 10:17:18 +02:00
ipv6	ip6mr: fix UAF issue in ip6mr_sk_done() when addrconf_init_net() failed	2022-10-18 11:05:55 +02:00
iucv
kcm	kcm: avoid potential race in kcm_tx_work	2022-10-13 09:33:44 -07:00
key	Merge branch 'master' of git://git.kernel.org/pub/scm/linux/kernel/git/klassert/ipsec	2022-08-24 12:51:50 +01:00
l2tp	genetlink: start to validate reserved header bytes	2022-08-29 12:47:15 +01:00
l3mdev
lapb
llc
mac80211	Merge branch 'cve-fixes-2022-10-13'	2022-10-13 11:59:56 +02:00
mac802154	net: mac802154: Fix a condition in the receive path	2022-08-29 11:10:22 +02:00
mctp	mctp: prevent double key removal and unref	2022-10-12 13:30:50 +01:00
mpls	net: Use u64_stats_fetch_begin_irq() for stats fetch.	2022-08-29 13:02:27 +01:00
mptcp	mptcp: update misleading comments.	2022-10-03 11:18:53 +01:00
ncsi	genetlink: start to validate reserved header bytes	2022-08-29 12:47:15 +01:00
netfilter	cgroup changes for v6.1-rc1.	2022-10-10 11:12:25 -07:00
netlabel	genetlink: start to validate reserved header bytes	2022-08-29 12:47:15 +01:00
netlink	genetlink: reject use of nlmsg_flags for new commands	2022-09-30 17:43:09 -07:00
netrom
nfc	NFC: hci: Split memcpy() of struct hcp_message flexible array	2022-09-27 07:45:18 -07:00
nsh
openvswitch	openvswitch: add nf_ct_is_confirmed check before assigning the helper	2022-10-12 17:51:15 -07:00
packet	net/af_packet: registration process optimization in packet_init()	2022-09-21 12:59:22 +01:00
phonet
psample	genetlink: start to validate reserved header bytes	2022-08-29 12:47:15 +01:00
qrtr	net: qrtr: start MHI channel after endpoit creation	2022-08-15 11:21:42 +01:00
rds	Merge git://git.kernel.org/pub/scm/linux/kernel/git/netdev/net	2022-10-03 17:44:18 -07:00
rfkill
rose	rose: check NULL rose_loopback_neigh->loopback	2022-08-22 14:24:54 +01:00
rxrpc	rxrpc: remove rxrpc_max_call_lifetime declaration	2022-09-19 17:58:47 -07:00
sched	Revert "net/sched: taprio: make qdisc_leaf() see the per-netdev-queue pfifo child qdiscs"	2022-10-05 20:32:15 -07:00
sctp	sctp: handle the error returned from sctp_auth_asoc_init_active_key	2022-09-30 12:36:40 +01:00
smc	net/smc: Fix an error code in smc_lgr_create()	2022-10-15 11:12:12 +01:00
strparser	strparser: pad sk_skb_cb to avoid straddling cachelines	2022-07-08 18:38:44 -07:00
sunrpc	NFS Client Updates for Linux 6.1	2022-10-13 09:58:42 -07:00
switchdev
tipc	tipc: fix an information leak in tipc_topsrv_kern_subscr	2022-10-14 08:20:17 +01:00
tls	tls: strp: make sure the TCP skbs do not have overlapping data	2022-10-14 08:25:26 +01:00
unix	Scheduler changes for v6.1:	2022-10-10 09:10:28 -07:00
vmw_vsock	Merge git://git.kernel.org/pub/scm/linux/kernel/git/netdev/net	2022-10-03 17:44:18 -07:00
wireless	Merge branch 'cve-fixes-2022-10-13'	2022-10-13 11:59:56 +02:00
x25	net/x25: fix call timeouts in blocking connects	2022-08-08 20:48:51 -07:00
xdp	Merge git://git.kernel.org/pub/scm/linux/kernel/git/netdev/net	2022-10-03 17:44:18 -07:00
xfrm	Merge git://git.kernel.org/pub/scm/linux/kernel/git/netdev/net	2022-10-03 17:44:18 -07:00
compat.c	net: clear msg_get_inq in __get_compat_msghdr()	2022-09-20 08:23:20 -07:00
devres.c
Kconfig	Remove DECnet support from kernel	2022-08-22 14:26:30 +01:00
Kconfig.debug	net: make NET_(DEV\|NS)_REFCNT_TRACKER depend on NET	2022-09-20 14:23:56 -07:00
Makefile	Remove DECnet support from kernel	2022-08-22 14:26:30 +01:00
socket.c	d_path pile	2022-10-06 16:55:41 -07:00
sysctl_net.c