From: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
To: linux-kernel@vger.kernel.org
Cc: Greg Kroah-Hartman <gregkh@linuxfoundation.org>,
stable@vger.kernel.org, Eric Dumazet <edumazet@google.com>,
syzbot <syzkaller@googlegroups.com>,
Pablo Neira Ayuso <pablo@netfilter.org>
Subject: [PATCH 4.14 48/54] netfilter: nf_queue: augment nfqa_cfg_policy
Date: Mon, 16 Jul 2018 09:35:45 +0200 [thread overview]
Message-ID: <20180716073459.629944502@linuxfoundation.org> (raw)
In-Reply-To: <20180716073450.534886211@linuxfoundation.org>
4.14-stable review patch. If anyone has any objections, please let me know.
------------------
From: Eric Dumazet <edumazet@google.com>
commit ba062ebb2cd561d404e0fba8ee4b3f5ebce7cbfc upstream.
Three attributes are currently not verified, thus can trigger KMSAN
warnings such as :
BUG: KMSAN: uninit-value in __arch_swab32 arch/x86/include/uapi/asm/swab.h:10 [inline]
BUG: KMSAN: uninit-value in __fswab32 include/uapi/linux/swab.h:59 [inline]
BUG: KMSAN: uninit-value in nfqnl_recv_config+0x939/0x17d0 net/netfilter/nfnetlink_queue.c:1268
CPU: 1 PID: 4521 Comm: syz-executor120 Not tainted 4.17.0+ #5
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
Call Trace:
__dump_stack lib/dump_stack.c:77 [inline]
dump_stack+0x185/0x1d0 lib/dump_stack.c:113
kmsan_report+0x188/0x2a0 mm/kmsan/kmsan.c:1117
__msan_warning_32+0x70/0xc0 mm/kmsan/kmsan_instr.c:620
__arch_swab32 arch/x86/include/uapi/asm/swab.h:10 [inline]
__fswab32 include/uapi/linux/swab.h:59 [inline]
nfqnl_recv_config+0x939/0x17d0 net/netfilter/nfnetlink_queue.c:1268
nfnetlink_rcv_msg+0xb2e/0xc80 net/netfilter/nfnetlink.c:212
netlink_rcv_skb+0x37e/0x600 net/netlink/af_netlink.c:2448
nfnetlink_rcv+0x2fe/0x680 net/netfilter/nfnetlink.c:513
netlink_unicast_kernel net/netlink/af_netlink.c:1310 [inline]
netlink_unicast+0x1680/0x1750 net/netlink/af_netlink.c:1336
netlink_sendmsg+0x104f/0x1350 net/netlink/af_netlink.c:1901
sock_sendmsg_nosec net/socket.c:629 [inline]
sock_sendmsg net/socket.c:639 [inline]
___sys_sendmsg+0xec8/0x1320 net/socket.c:2117
__sys_sendmsg net/socket.c:2155 [inline]
__do_sys_sendmsg net/socket.c:2164 [inline]
__se_sys_sendmsg net/socket.c:2162 [inline]
__x64_sys_sendmsg+0x331/0x460 net/socket.c:2162
do_syscall_64+0x15b/0x230 arch/x86/entry/common.c:287
entry_SYSCALL_64_after_hwframe+0x44/0xa9
RIP: 0033:0x43fd59
RSP: 002b:00007ffde0e30d28 EFLAGS: 00000213 ORIG_RAX: 000000000000002e
RAX: ffffffffffffffda RBX: 00000000004002c8 RCX: 000000000043fd59
RDX: 0000000000000000 RSI: 0000000020000080 RDI: 0000000000000003
RBP: 00000000006ca018 R08: 00000000004002c8 R09: 00000000004002c8
R10: 00000000004002c8 R11: 0000000000000213 R12: 0000000000401680
R13: 0000000000401710 R14: 0000000000000000 R15: 0000000000000000
Uninit was created at:
kmsan_save_stack_with_flags mm/kmsan/kmsan.c:279 [inline]
kmsan_internal_poison_shadow+0xb8/0x1b0 mm/kmsan/kmsan.c:189
kmsan_kmalloc+0x94/0x100 mm/kmsan/kmsan.c:315
kmsan_slab_alloc+0x10/0x20 mm/kmsan/kmsan.c:322
slab_post_alloc_hook mm/slab.h:446 [inline]
slab_alloc_node mm/slub.c:2753 [inline]
__kmalloc_node_track_caller+0xb35/0x11b0 mm/slub.c:4395
__kmalloc_reserve net/core/skbuff.c:138 [inline]
__alloc_skb+0x2cb/0x9e0 net/core/skbuff.c:206
alloc_skb include/linux/skbuff.h:988 [inline]
netlink_alloc_large_skb net/netlink/af_netlink.c:1182 [inline]
netlink_sendmsg+0x76e/0x1350 net/netlink/af_netlink.c:1876
sock_sendmsg_nosec net/socket.c:629 [inline]
sock_sendmsg net/socket.c:639 [inline]
___sys_sendmsg+0xec8/0x1320 net/socket.c:2117
__sys_sendmsg net/socket.c:2155 [inline]
__do_sys_sendmsg net/socket.c:2164 [inline]
__se_sys_sendmsg net/socket.c:2162 [inline]
__x64_sys_sendmsg+0x331/0x460 net/socket.c:2162
do_syscall_64+0x15b/0x230 arch/x86/entry/common.c:287
entry_SYSCALL_64_after_hwframe+0x44/0xa9
Fixes: fdb694a01f1f ("netfilter: Add fail-open support")
Fixes: 829e17a1a602 ("[NETFILTER]: nfnetlink_queue: allow changing queue length through netlink")
Signed-off-by: Eric Dumazet <edumazet@google.com>
Reported-by: syzbot <syzkaller@googlegroups.com>
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
net/netfilter/nfnetlink_queue.c | 3 +++
1 file changed, 3 insertions(+)
--- a/net/netfilter/nfnetlink_queue.c
+++ b/net/netfilter/nfnetlink_queue.c
@@ -1228,6 +1228,9 @@ static int nfqnl_recv_unsupp(struct net
static const struct nla_policy nfqa_cfg_policy[NFQA_CFG_MAX+1] = {
[NFQA_CFG_CMD] = { .len = sizeof(struct nfqnl_msg_config_cmd) },
[NFQA_CFG_PARAMS] = { .len = sizeof(struct nfqnl_msg_config_params) },
+ [NFQA_CFG_QUEUE_MAXLEN] = { .type = NLA_U32 },
+ [NFQA_CFG_MASK] = { .type = NLA_U32 },
+ [NFQA_CFG_FLAGS] = { .type = NLA_U32 },
};
static const struct nf_queue_handler nfqh = {
next prev parent reply other threads:[~2018-07-16 7:42 UTC|newest]
Thread overview: 57+ messages / expand[flat|nested] mbox.gz Atom feed top
2018-07-16 7:34 [PATCH 4.14 00/54] 4.14.56-stable review Greg Kroah-Hartman
2018-07-16 7:34 ` [PATCH 4.14 01/54] media: rc: mce_kbd decoder: fix stuck keys Greg Kroah-Hartman
2018-07-16 7:34 ` [PATCH 4.14 02/54] ASoC: mediatek: preallocate pages use platform device Greg Kroah-Hartman
2018-07-16 7:35 ` [PATCH 4.14 03/54] MIPS: Call dump_stack() from show_regs() Greg Kroah-Hartman
2018-07-16 7:35 ` [PATCH 4.14 04/54] MIPS: Use async IPIs for arch_trigger_cpumask_backtrace() Greg Kroah-Hartman
2018-07-16 7:35 ` [PATCH 4.14 05/54] MIPS: Fix ioremap() RAM check Greg Kroah-Hartman
2018-07-16 7:35 ` [PATCH 4.14 06/54] mmc: sdhci-esdhc-imx: allow 1.8V modes without 100/200MHz pinctrl states Greg Kroah-Hartman
2018-07-16 7:35 ` [PATCH 4.14 07/54] mmc: dw_mmc: fix card threshold control configuration Greg Kroah-Hartman
2018-07-16 7:35 ` [PATCH 4.14 08/54] ibmasm: dont write out of bounds in read handler Greg Kroah-Hartman
2018-07-16 7:35 ` [PATCH 4.14 09/54] staging: rtl8723bs: Prevent an underflow in rtw_check_beacon_data() Greg Kroah-Hartman
2018-07-16 7:35 ` [PATCH 4.14 10/54] staging: r8822be: Fix RTL8822be cant find any wireless AP Greg Kroah-Hartman
2018-07-16 7:35 ` [PATCH 4.14 11/54] ata: Fix ZBC_OUT command block check Greg Kroah-Hartman
2018-07-16 7:35 ` [PATCH 4.14 12/54] ata: Fix ZBC_OUT all bit handling Greg Kroah-Hartman
2018-07-16 7:35 ` [PATCH 4.14 13/54] vmw_balloon: fix inflation with batching Greg Kroah-Hartman
2018-07-16 7:35 ` [PATCH 4.14 14/54] ahci: Disable LPM on Lenovo 50 series laptops with a too old BIOS Greg Kroah-Hartman
2018-07-16 7:35 ` [PATCH 4.14 15/54] USB: serial: ch341: fix type promotion bug in ch341_control_in() Greg Kroah-Hartman
2018-07-16 7:35 ` [PATCH 4.14 16/54] USB: serial: cp210x: add another USB ID for Qivicon ZigBee stick Greg Kroah-Hartman
2018-07-16 7:35 ` [PATCH 4.14 17/54] USB: serial: keyspan_pda: fix modem-status error handling Greg Kroah-Hartman
2018-07-16 7:35 ` [PATCH 4.14 18/54] USB: yurex: fix out-of-bounds uaccess in read handler Greg Kroah-Hartman
2018-07-16 7:35 ` [PATCH 4.14 19/54] USB: serial: mos7840: fix status-register error handling Greg Kroah-Hartman
2018-07-16 7:35 ` [PATCH 4.14 20/54] usb: quirks: add delay quirks for Corsair Strafe Greg Kroah-Hartman
2018-07-16 7:35 ` [PATCH 4.14 21/54] xhci: xhci-mem: off by one in xhci_stream_id_to_ring() Greg Kroah-Hartman
2018-07-16 7:35 ` [PATCH 4.14 22/54] devpts: hoist out check for DEVPTS_SUPER_MAGIC Greg Kroah-Hartman
2018-07-16 7:35 ` [PATCH 4.14 23/54] devpts: resolve devpts bind-mounts Greg Kroah-Hartman
2018-07-16 7:35 ` [PATCH 4.14 24/54] Fix up non-directory creation in SGID directories Greg Kroah-Hartman
2018-07-16 7:35 ` [PATCH 4.14 25/54] genirq/affinity: assign vectors to all possible CPUs Greg Kroah-Hartman
2018-07-16 7:35 ` [PATCH 4.14 26/54] scsi: megaraid_sas: use adapter_type for all gen controllers Greg Kroah-Hartman
2018-07-16 7:35 ` [PATCH 4.14 27/54] scsi: megaraid_sas: replace instance->ctrl_context checks with instance->adapter_type Greg Kroah-Hartman
2018-07-16 7:35 ` [PATCH 4.14 28/54] scsi: megaraid_sas: replace is_ventura with adapter_type checks Greg Kroah-Hartman
2018-07-16 7:35 ` [PATCH 4.14 29/54] scsi: megaraid_sas: Create separate functions to allocate ctrl memory Greg Kroah-Hartman
2018-07-16 7:35 ` [PATCH 4.14 30/54] scsi: megaraid_sas: fix selection of reply queue Greg Kroah-Hartman
2018-07-16 7:35 ` [PATCH 4.14 31/54] ALSA: hda/realtek - two more lenovo models need fixup of MIC_LOCATION Greg Kroah-Hartman
2018-07-16 7:35 ` [PATCH 4.14 32/54] ALSA: hda - Handle pm failure during hotplug Greg Kroah-Hartman
2018-07-16 7:35 ` [PATCH 4.14 33/54] mm: do not drop unused pages when userfaultd is running Greg Kroah-Hartman
2018-07-16 7:35 ` [PATCH 4.14 34/54] fs/proc/task_mmu.c: fix Locked field in /proc/pid/smaps* Greg Kroah-Hartman
2018-07-16 7:35 ` [PATCH 4.14 35/54] fs, elf: make sure to page align bss in load_elf_library Greg Kroah-Hartman
2018-07-16 7:35 ` [PATCH 4.14 36/54] mm: do not bug_on on incorrect length in __mm_populate() Greg Kroah-Hartman
2018-07-16 7:35 ` [PATCH 4.14 37/54] tracing: Reorder display of TGID to be after PID Greg Kroah-Hartman
2018-07-16 7:35 ` [PATCH 4.14 38/54] kbuild: delete INSTALL_FW_PATH from kbuild documentation Greg Kroah-Hartman
2018-07-16 7:35 ` [PATCH 4.14 39/54] arm64: neon: Fix function may_use_simd() return error status Greg Kroah-Hartman
2018-07-16 7:35 ` [PATCH 4.14 40/54] tools build: fix # escaping in .cmd files for future Make Greg Kroah-Hartman
2018-07-16 7:35 ` [PATCH 4.14 41/54] IB/hfi1: Fix incorrect mixing of ERR_PTR and NULL return values Greg Kroah-Hartman
2018-07-16 7:35 ` [PATCH 4.14 42/54] i2c: tegra: Fix NACK error handling Greg Kroah-Hartman
2018-07-16 7:35 ` [PATCH 4.14 43/54] iw_cxgb4: correctly enforce the max reg_mr depth Greg Kroah-Hartman
2018-07-16 7:35 ` [PATCH 4.14 44/54] xen: setup pv irq ops vector earlier Greg Kroah-Hartman
2018-07-16 7:35 ` [PATCH 4.14 45/54] nvme-pci: Remap CMB SQ entries on every controller reset Greg Kroah-Hartman
2018-07-16 7:35 ` [PATCH 4.14 46/54] crypto: x86/salsa20 - remove x86 salsa20 implementations Greg Kroah-Hartman
2018-07-16 7:35 ` [PATCH 4.14 47/54] uprobes/x86: Remove incorrect WARN_ON() in uprobe_init_insn() Greg Kroah-Hartman
2018-07-16 7:35 ` Greg Kroah-Hartman [this message]
2018-07-16 7:35 ` [PATCH 4.14 49/54] netfilter: x_tables: initialise match/target check parameter struct Greg Kroah-Hartman
2018-07-16 7:35 ` [PATCH 4.14 50/54] loop: add recursion validation to LOOP_CHANGE_FD Greg Kroah-Hartman
2018-07-16 7:35 ` [PATCH 4.14 51/54] PM / hibernate: Fix oops at snapshot_write() Greg Kroah-Hartman
2018-07-16 7:35 ` [PATCH 4.14 52/54] RDMA/ucm: Mark UCM interface as BROKEN Greg Kroah-Hartman
2018-07-16 7:35 ` [PATCH 4.14 53/54] loop: remember whether sysfs_create_group() was done Greg Kroah-Hartman
2018-07-16 7:35 ` [PATCH 4.14 54/54] f2fs: give message and set need_fsck given broken node id Greg Kroah-Hartman
2018-07-16 16:26 ` [PATCH 4.14 00/54] 4.14.56-stable review Guenter Roeck
2018-07-17 8:04 ` Naresh Kamboju
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20180716073459.629944502@linuxfoundation.org \
--to=gregkh@linuxfoundation.org \
--cc=edumazet@google.com \
--cc=linux-kernel@vger.kernel.org \
--cc=pablo@netfilter.org \
--cc=stable@vger.kernel.org \
--cc=syzkaller@googlegroups.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.