From: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
To: linux-kernel@vger.kernel.org
Cc: Greg Kroah-Hartman <gregkh@linuxfoundation.org>,
stable@vger.kernel.org, Eric Dumazet <edumazet@google.com>,
syzbot <syzkaller@googlegroups.com>,
"David S. Miller" <davem@davemloft.net>
Subject: [PATCH 4.16 10/72] net: fix uninit-value in __hw_addr_add_ex()
Date: Mon, 14 May 2018 08:48:27 +0200 [thread overview]
Message-ID: <20180514064823.481814672@linuxfoundation.org> (raw)
In-Reply-To: <20180514064823.033169170@linuxfoundation.org>
4.16-stable review patch. If anyone has any objections, please let me know.
------------------
From: Eric Dumazet <edumazet@google.com>
commit 77d36398d99f2565c0a8d43a86fd520a82e64bb8 upstream.
syzbot complained :
BUG: KMSAN: uninit-value in memcmp+0x119/0x180 lib/string.c:861
CPU: 0 PID: 3 Comm: kworker/0:0 Not tainted 4.16.0+ #82
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
Workqueue: ipv6_addrconf addrconf_dad_work
Call Trace:
__dump_stack lib/dump_stack.c:17 [inline]
dump_stack+0x185/0x1d0 lib/dump_stack.c:53
kmsan_report+0x142/0x240 mm/kmsan/kmsan.c:1067
__msan_warning_32+0x6c/0xb0 mm/kmsan/kmsan_instr.c:676
memcmp+0x119/0x180 lib/string.c:861
__hw_addr_add_ex net/core/dev_addr_lists.c:60 [inline]
__dev_mc_add+0x1c2/0x8e0 net/core/dev_addr_lists.c:670
dev_mc_add+0x6d/0x80 net/core/dev_addr_lists.c:687
igmp6_group_added+0x2db/0xa00 net/ipv6/mcast.c:662
ipv6_dev_mc_inc+0xe9e/0x1130 net/ipv6/mcast.c:914
addrconf_join_solict net/ipv6/addrconf.c:2078 [inline]
addrconf_dad_begin net/ipv6/addrconf.c:3828 [inline]
addrconf_dad_work+0x427/0x2150 net/ipv6/addrconf.c:3954
process_one_work+0x12c6/0x1f60 kernel/workqueue.c:2113
worker_thread+0x113c/0x24f0 kernel/workqueue.c:2247
kthread+0x539/0x720 kernel/kthread.c:239
Fixes: f001fde5eadd ("net: introduce a list of device addresses dev_addr_list (v6)")
Signed-off-by: Eric Dumazet <edumazet@google.com>
Reported-by: syzbot <syzkaller@googlegroups.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
net/core/dev_addr_lists.c | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
--- a/net/core/dev_addr_lists.c
+++ b/net/core/dev_addr_lists.c
@@ -57,8 +57,8 @@ static int __hw_addr_add_ex(struct netde
return -EINVAL;
list_for_each_entry(ha, &list->list, list) {
- if (!memcmp(ha->addr, addr, addr_len) &&
- ha->type == addr_type) {
+ if (ha->type == addr_type &&
+ !memcmp(ha->addr, addr, addr_len)) {
if (global) {
/* check if addr is already used as global */
if (ha->global_use)
next prev parent reply other threads:[~2018-05-14 6:48 UTC|newest]
Thread overview: 86+ messages / expand[flat|nested] mbox.gz Atom feed top
2018-05-14 6:48 [PATCH 4.16 00/72] 4.16.9-stable review Greg Kroah-Hartman
2018-05-14 6:48 ` [PATCH 4.16 01/72] ipvs: fix rtnl_lock lockups caused by start_sync_thread Greg Kroah-Hartman
2018-05-14 6:48 ` [PATCH 4.16 02/72] netfilter: ebtables: dont attempt to allocate 0-sized compat array Greg Kroah-Hartman
2018-05-14 6:48 ` [PATCH 4.16 03/72] clk: ti: fix flag space conflict with clkctrl clocks Greg Kroah-Hartman
2018-05-14 6:48 ` [PATCH 4.16 04/72] kcm: Call strp_stop before strp_done in kcm_attach Greg Kroah-Hartman
2018-05-14 6:48 ` [PATCH 4.16 05/72] rds: tcp: must use spin_lock_irq* and not spin_lock_bh with rds_tcp_conn_lock Greg Kroah-Hartman
2018-05-14 6:48 ` [PATCH 4.16 06/72] crypto: af_alg - fix possible uninit-value in alg_bind() Greg Kroah-Hartman
2018-05-14 6:48 ` [PATCH 4.16 07/72] netlink: fix uninit-value in netlink_sendmsg Greg Kroah-Hartman
2018-05-14 6:48 ` [PATCH 4.16 08/72] net: fix rtnh_ok() Greg Kroah-Hartman
2018-05-14 6:48 ` [PATCH 4.16 09/72] net: initialize skb->peeked when cloning Greg Kroah-Hartman
2018-05-14 6:48 ` Greg Kroah-Hartman [this message]
2018-05-14 6:48 ` [PATCH 4.16 11/72] dccp: initialize ireq->ir_mark Greg Kroah-Hartman
2018-05-14 6:48 ` [PATCH 4.16 12/72] ipv4: fix uninit-value in ip_route_output_key_hash_rcu() Greg Kroah-Hartman
2018-05-14 6:48 ` [PATCH 4.16 13/72] soreuseport: initialise timewait reuseport field Greg Kroah-Hartman
2018-05-14 6:48 ` [PATCH 4.16 14/72] inetpeer: fix uninit-value in inet_getpeer Greg Kroah-Hartman
2018-05-14 6:48 ` [PATCH 4.16 15/72] bpf/tracing: fix a deadlock in perf_event_detach_bpf_prog Greg Kroah-Hartman
2018-05-14 6:48 ` [PATCH 4.16 16/72] memcg: fix per_node_info cleanup Greg Kroah-Hartman
2018-05-14 6:48 ` [PATCH 4.16 17/72] perf: Remove superfluous allocation error check Greg Kroah-Hartman
2018-05-14 6:48 ` [PATCH 4.16 18/72] i2c: dev: prevent ZERO_SIZE_PTR deref in i2cdev_ioctl_rdwr() Greg Kroah-Hartman
2018-05-14 6:48 ` [PATCH 4.16 19/72] tcp: fix TCP_REPAIR_QUEUE bound checking Greg Kroah-Hartman
2018-05-14 6:48 ` [PATCH 4.16 20/72] bdi: wake up concurrent wb_shutdown() callers Greg Kroah-Hartman
2018-05-14 6:48 ` [PATCH 4.16 21/72] bdi: Fix use after free bug in debugfs_remove() Greg Kroah-Hartman
2018-05-14 6:48 ` [PATCH 4.16 22/72] bdi: Fix oops in wb_workfn() Greg Kroah-Hartman
2018-05-14 6:48 ` [PATCH 4.16 23/72] compat: fix 4-byte infoleak via uninitialized struct field Greg Kroah-Hartman
2018-05-14 6:48 ` [PATCH 4.16 24/72] gpioib: do not free unrequested descriptors Greg Kroah-Hartman
2018-05-14 6:48 ` [PATCH 4.16 25/72] gpio: fix aspeed_gpio unmask irq Greg Kroah-Hartman
2018-05-14 6:48 ` [PATCH 4.16 26/72] gpio: fix error path in lineevent_create Greg Kroah-Hartman
2018-05-14 6:48 ` [PATCH 4.16 27/72] rfkill: gpio: fix memory leak in probe error path Greg Kroah-Hartman
2018-05-14 6:48 ` [PATCH 4.16 28/72] libata: Apply NOLPM quirk for SanDisk SD7UB3Q*G1001 SSDs Greg Kroah-Hartman
2018-05-14 6:48 ` [PATCH 4.16 29/72] dm integrity: use kvfree for kvmallocd memory Greg Kroah-Hartman
2018-05-14 6:48 ` [PATCH 4.16 30/72] tracing: Fix regex_match_front() to not over compare the test string Greg Kroah-Hartman
2018-05-14 6:48 ` [PATCH 4.16 31/72] z3fold: fix reclaim lock-ups Greg Kroah-Hartman
2018-05-14 6:48 ` [PATCH 4.16 32/72] mm: sections are not offlined during memory hotremove Greg Kroah-Hartman
2018-05-14 6:48 ` [PATCH 4.16 33/72] mm, oom: fix concurrent munlock and oom reaper unmap, v3 Greg Kroah-Hartman
2018-05-14 6:48 ` [PATCH 4.16 34/72] ceph: fix rsize/wsize capping in ceph_direct_read_write() Greg Kroah-Hartman
2018-05-14 6:48 ` [PATCH 4.16 35/72] can: flexcan: fix endianess detection Greg Kroah-Hartman
2018-05-14 6:48 ` [PATCH 4.16 36/72] can: kvaser_usb: Increase correct stats counter in kvaser_usb_rx_can_msg() Greg Kroah-Hartman
2018-05-14 6:48 ` [PATCH 4.16 37/72] can: hi311x: Acquire SPI lock on ->do_get_berr_counter Greg Kroah-Hartman
2018-05-14 6:48 ` [PATCH 4.16 38/72] can: hi311x: Work around TX complete interrupt erratum Greg Kroah-Hartman
2018-05-14 6:48 ` [PATCH 4.16 39/72] mtd: rawnand: marvell: pass ms delay to wait_op Greg Kroah-Hartman
2018-05-14 6:48 ` [PATCH 4.16 40/72] mtd: rawnand: marvell: fix command xtype in BCH write hook Greg Kroah-Hartman
2018-05-14 6:48 ` [PATCH 4.16 41/72] mtd: rawnand: Make sure we wait tWB before polling the STATUS reg Greg Kroah-Hartman
2018-05-14 7:32 ` Geert Uytterhoeven
2018-05-14 9:04 ` Greg Kroah-Hartman
2018-05-14 9:09 ` Boris Brezillon
2018-05-14 10:54 ` Geert Uytterhoeven
2018-05-14 9:32 ` Geert Uytterhoeven
2018-05-14 16:50 ` Greg Kroah-Hartman
2018-05-14 6:48 ` [PATCH 4.16 42/72] drm/vc4: Fix scaling of uni-planar formats Greg Kroah-Hartman
2018-05-14 6:49 ` [PATCH 4.16 43/72] drm/ttm: Use GFP_TRANSHUGE_LIGHT for allocating huge pages Greg Kroah-Hartman
2018-05-14 6:49 ` [PATCH 4.16 44/72] drm/i915: Fix drm:intel_enable_lvds ERROR message in kernel log Greg Kroah-Hartman
2018-05-14 6:49 ` [PATCH 4.16 45/72] drm/i915: Adjust eDPs logical vco in a reliable place Greg Kroah-Hartman
2018-05-14 6:49 ` [PATCH 4.16 46/72] drm/nouveau: Fix deadlock in nv50_mstm_register_connector() Greg Kroah-Hartman
2018-05-14 6:49 ` [PATCH 4.16 47/72] drm/nouveau/ttm: dont dereference nvbo::cli, it can outlive client Greg Kroah-Hartman
2018-05-14 6:49 ` [PATCH 4.16 48/72] drm/atomic: Clean old_state/new_state in drm_atomic_state_default_clear() Greg Kroah-Hartman
2018-05-14 6:49 ` [PATCH 4.16 49/72] drm/atomic: Clean private obj " Greg Kroah-Hartman
2018-05-14 6:49 ` [PATCH 4.16 50/72] net: atm: Fix potential Spectre v1 Greg Kroah-Hartman
2018-05-14 6:49 ` [PATCH 4.16 51/72] atm: zatm: " Greg Kroah-Hartman
2018-05-14 6:49 ` [PATCH 4.16 52/72] PCI / PM: Always check PME wakeup capability for runtime wakeup support Greg Kroah-Hartman
2018-05-14 6:49 ` [PATCH 4.16 53/72] PCI / PM: Check device_may_wakeup() in pci_enable_wake() Greg Kroah-Hartman
2018-05-14 6:49 ` [PATCH 4.16 54/72] cpufreq: schedutil: Avoid using invalid next_freq Greg Kroah-Hartman
2018-05-14 6:49 ` [PATCH 4.16 55/72] arm: dts: imx[35]*: declare flexcan devices to be compatible to imx25s flexcan Greg Kroah-Hartman
2018-05-14 6:49 ` [PATCH 4.16 56/72] Revert "Bluetooth: btusb: Fix quirk for Atheros 1525/QCA6174" Greg Kroah-Hartman
2018-05-14 6:49 ` [PATCH 4.16 57/72] Bluetooth: btusb: Add Dell XPS 13 9360 to btusb_needs_reset_resume_table Greg Kroah-Hartman
2018-05-14 6:49 ` [PATCH 4.16 58/72] Bluetooth: btusb: Only check needs_reset_resume DMI table for QCA rome chipsets Greg Kroah-Hartman
2018-05-14 6:49 ` [PATCH 4.16 59/72] thermal: exynos: Reading temperature makes sense only when TMU is turned on Greg Kroah-Hartman
2018-05-14 6:49 ` [PATCH 4.16 60/72] thermal: exynos: Propagate error value from tmu_read() Greg Kroah-Hartman
2018-05-14 6:49 ` [PATCH 4.16 61/72] nvme: add quirk to force medium priority for SQ creation Greg Kroah-Hartman
2018-05-14 6:49 ` [PATCH 4.16 62/72] nvme: Fix sync controller reset return Greg Kroah-Hartman
2018-05-14 6:49 ` [PATCH 4.16 63/72] smb3: directory sync should not return an error Greg Kroah-Hartman
2018-05-14 6:49 ` [PATCH 4.16 64/72] swiotlb: silent unwanted warning "buffer is full" Greg Kroah-Hartman
2018-05-14 6:49 ` [PATCH 4.16 65/72] sched/core: Fix possible Spectre-v1 indexing for sched_prio_to_weight[] Greg Kroah-Hartman
2018-05-14 6:49 ` [PATCH 4.16 66/72] sched/autogroup: " Greg Kroah-Hartman
2018-05-14 6:49 ` [PATCH 4.16 67/72] tracing/uprobe_event: Fix strncpy corner case Greg Kroah-Hartman
2018-05-14 6:49 ` [PATCH 4.16 68/72] perf/x86: Fix possible Spectre-v1 indexing for hw_perf_event cache_* Greg Kroah-Hartman
2018-05-14 6:49 ` [PATCH 4.16 69/72] perf/x86/cstate: Fix possible Spectre-v1 indexing for pkg_msr Greg Kroah-Hartman
2018-05-14 6:49 ` [PATCH 4.16 70/72] perf/x86/msr: Fix possible Spectre-v1 indexing in the MSR driver Greg Kroah-Hartman
2018-05-14 6:49 ` [PATCH 4.16 71/72] perf/core: Fix possible Spectre-v1 indexing for ->aux_pages[] Greg Kroah-Hartman
2018-05-14 6:49 ` [PATCH 4.16 72/72] perf/x86: Fix possible Spectre-v1 indexing for x86_pmu::event_map() Greg Kroah-Hartman
2018-05-14 13:45 ` [PATCH 4.16 00/72] 4.16.9-stable review kernelci.org bot
2018-05-14 16:27 ` Guenter Roeck
2018-05-14 16:51 ` Greg Kroah-Hartman
2018-05-14 22:01 ` Shuah Khan
2018-05-15 6:47 ` Greg Kroah-Hartman
2018-05-15 5:31 ` Naresh Kamboju
2018-05-15 6:47 ` Greg Kroah-Hartman
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20180514064823.481814672@linuxfoundation.org \
--to=gregkh@linuxfoundation.org \
--cc=davem@davemloft.net \
--cc=edumazet@google.com \
--cc=linux-kernel@vger.kernel.org \
--cc=stable@vger.kernel.org \
--cc=syzkaller@googlegroups.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.