Re: [PATCH net v2] net: nexthop: don't allow empty NHA_GROUP

All of lore.kernel.org
 help / color / mirror / Atom feed

From: David Ahern <dsahern@gmail.com>
To: Nikolay Aleksandrov <nikolay@cumulusnetworks.com>,
	netdev@vger.kernel.org
Cc: davem@davemloft.net,
	syzbot+a61aa19b0c14c8770bd9@syzkaller.appspotmail.com
Subject: Re: [PATCH net v2] net: nexthop: don't allow empty NHA_GROUP
Date: Sat, 22 Aug 2020 09:45:13 -0600	[thread overview]
Message-ID: <197f8d43-d6fa-e701-92ba-81148fc139a5@gmail.com> (raw)
In-Reply-To: <20200822120636.194237-1-nikolay@cumulusnetworks.com>

On 8/22/20 6:06 AM, Nikolay Aleksandrov wrote:
> Currently the nexthop code will use an empty NHA_GROUP attribute, but it
> requires at least 1 entry in order to function properly. Otherwise we
> end up derefencing null or random pointers all over the place due to not
> having any nh_grp_entry members allocated, nexthop code relies on having at
> least the first member present. Empty NHA_GROUP doesn't make any sense so
> just disallow it.
> Also add a WARN_ON for any future users of nexthop_create_group().
> 

...

> 
> CC: David Ahern <dsahern@gmail.com>
> Fixes: 430a049190de ("nexthop: Add support for nexthop groups")
> Reported-by: syzbot+a61aa19b0c14c8770bd9@syzkaller.appspotmail.com
> Signed-off-by: Nikolay Aleksandrov <nikolay@cumulusnetworks.com>
> ---
> Tested on 5.3 and latest -net by adding a nexthop with an empty NHA_GROUP
> (purposefully broken iproute2) and then adding a route which uses it.
> 
> v2: no changes, include stack trace in commit message
> 
>  net/ipv4/nexthop.c | 5 ++++-
>  1 file changed, 4 insertions(+), 1 deletion(-)
> 

Reviewed-by: David Ahern <dsahern@gmail.com>

Thanks, Nik

next prev parent reply	other threads:[~2020-08-22 15:45 UTC|newest]

Thread overview: 7+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2020-08-21 15:27 general protection fault in fib_dump_info (2) syzbot
2020-08-21 16:00 ` Nikolay Aleksandrov
2020-08-21 16:05   ` David Ahern
2020-08-22 10:33     ` [PATCH net] net: nexthop: don't allow empty NHA_GROUP Nikolay Aleksandrov
2020-08-22 12:06       ` [PATCH net v2] " Nikolay Aleksandrov
2020-08-22 15:45         ` David Ahern [this message]
2020-08-22 19:42         ` David Miller

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=197f8d43-d6fa-e701-92ba-81148fc139a5@gmail.com \
    --to=dsahern@gmail.com \
    --cc=davem@davemloft.net \
    --cc=netdev@vger.kernel.org \
    --cc=nikolay@cumulusnetworks.com \
    --cc=syzbot+a61aa19b0c14c8770bd9@syzkaller.appspotmail.com \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

Be sure your reply has a Subject: header at the top and a blank line before the message body.

This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.