[PATCH 4.4 38/43] netfilter: nf_queue: augment nfqa_cfg_policy

All of lore.kernel.org
 help / color / mirror / Atom feed

From: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
To: linux-kernel@vger.kernel.org
Cc: Greg Kroah-Hartman <gregkh@linuxfoundation.org>,
	stable@vger.kernel.org, Eric Dumazet <edumazet@google.com>,
	syzbot <syzkaller@googlegroups.com>,
	Pablo Neira Ayuso <pablo@netfilter.org>
Subject: [PATCH 4.4 38/43] netfilter: nf_queue: augment nfqa_cfg_policy
Date: Mon, 16 Jul 2018 09:36:43 +0200	[thread overview]
Message-ID: <20180716073516.100412592@linuxfoundation.org> (raw)
In-Reply-To: <20180716073511.796555857@linuxfoundation.org>

4.4-stable review patch.  If anyone has any objections, please let me know.

------------------

From: Eric Dumazet <edumazet@google.com>

commit ba062ebb2cd561d404e0fba8ee4b3f5ebce7cbfc upstream.

Three attributes are currently not verified, thus can trigger KMSAN
warnings such as :

BUG: KMSAN: uninit-value in __arch_swab32 arch/x86/include/uapi/asm/swab.h:10 [inline]
BUG: KMSAN: uninit-value in __fswab32 include/uapi/linux/swab.h:59 [inline]
BUG: KMSAN: uninit-value in nfqnl_recv_config+0x939/0x17d0 net/netfilter/nfnetlink_queue.c:1268
CPU: 1 PID: 4521 Comm: syz-executor120 Not tainted 4.17.0+ #5
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
Call Trace:
 __dump_stack lib/dump_stack.c:77 [inline]
 dump_stack+0x185/0x1d0 lib/dump_stack.c:113
 kmsan_report+0x188/0x2a0 mm/kmsan/kmsan.c:1117
 __msan_warning_32+0x70/0xc0 mm/kmsan/kmsan_instr.c:620
 __arch_swab32 arch/x86/include/uapi/asm/swab.h:10 [inline]
 __fswab32 include/uapi/linux/swab.h:59 [inline]
 nfqnl_recv_config+0x939/0x17d0 net/netfilter/nfnetlink_queue.c:1268
 nfnetlink_rcv_msg+0xb2e/0xc80 net/netfilter/nfnetlink.c:212
 netlink_rcv_skb+0x37e/0x600 net/netlink/af_netlink.c:2448
 nfnetlink_rcv+0x2fe/0x680 net/netfilter/nfnetlink.c:513
 netlink_unicast_kernel net/netlink/af_netlink.c:1310 [inline]
 netlink_unicast+0x1680/0x1750 net/netlink/af_netlink.c:1336
 netlink_sendmsg+0x104f/0x1350 net/netlink/af_netlink.c:1901
 sock_sendmsg_nosec net/socket.c:629 [inline]
 sock_sendmsg net/socket.c:639 [inline]
 ___sys_sendmsg+0xec8/0x1320 net/socket.c:2117
 __sys_sendmsg net/socket.c:2155 [inline]
 __do_sys_sendmsg net/socket.c:2164 [inline]
 __se_sys_sendmsg net/socket.c:2162 [inline]
 __x64_sys_sendmsg+0x331/0x460 net/socket.c:2162
 do_syscall_64+0x15b/0x230 arch/x86/entry/common.c:287
 entry_SYSCALL_64_after_hwframe+0x44/0xa9
RIP: 0033:0x43fd59
RSP: 002b:00007ffde0e30d28 EFLAGS: 00000213 ORIG_RAX: 000000000000002e
RAX: ffffffffffffffda RBX: 00000000004002c8 RCX: 000000000043fd59
RDX: 0000000000000000 RSI: 0000000020000080 RDI: 0000000000000003
RBP: 00000000006ca018 R08: 00000000004002c8 R09: 00000000004002c8
R10: 00000000004002c8 R11: 0000000000000213 R12: 0000000000401680
R13: 0000000000401710 R14: 0000000000000000 R15: 0000000000000000

Uninit was created at:
 kmsan_save_stack_with_flags mm/kmsan/kmsan.c:279 [inline]
 kmsan_internal_poison_shadow+0xb8/0x1b0 mm/kmsan/kmsan.c:189
 kmsan_kmalloc+0x94/0x100 mm/kmsan/kmsan.c:315
 kmsan_slab_alloc+0x10/0x20 mm/kmsan/kmsan.c:322
 slab_post_alloc_hook mm/slab.h:446 [inline]
 slab_alloc_node mm/slub.c:2753 [inline]
 __kmalloc_node_track_caller+0xb35/0x11b0 mm/slub.c:4395
 __kmalloc_reserve net/core/skbuff.c:138 [inline]
 __alloc_skb+0x2cb/0x9e0 net/core/skbuff.c:206
 alloc_skb include/linux/skbuff.h:988 [inline]
 netlink_alloc_large_skb net/netlink/af_netlink.c:1182 [inline]
 netlink_sendmsg+0x76e/0x1350 net/netlink/af_netlink.c:1876
 sock_sendmsg_nosec net/socket.c:629 [inline]
 sock_sendmsg net/socket.c:639 [inline]
 ___sys_sendmsg+0xec8/0x1320 net/socket.c:2117
 __sys_sendmsg net/socket.c:2155 [inline]
 __do_sys_sendmsg net/socket.c:2164 [inline]
 __se_sys_sendmsg net/socket.c:2162 [inline]
 __x64_sys_sendmsg+0x331/0x460 net/socket.c:2162
 do_syscall_64+0x15b/0x230 arch/x86/entry/common.c:287
 entry_SYSCALL_64_after_hwframe+0x44/0xa9

Fixes: fdb694a01f1f ("netfilter: Add fail-open support")
Fixes: 829e17a1a602 ("[NETFILTER]: nfnetlink_queue: allow changing queue length through netlink")
Signed-off-by: Eric Dumazet <edumazet@google.com>
Reported-by: syzbot <syzkaller@googlegroups.com>
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>

---
 net/netfilter/nfnetlink_queue.c |    3 +++
 1 file changed, 3 insertions(+)

--- a/net/netfilter/nfnetlink_queue.c
+++ b/net/netfilter/nfnetlink_queue.c
@@ -1106,6 +1106,9 @@ nfqnl_recv_unsupp(struct sock *ctnl, str
 static const struct nla_policy nfqa_cfg_policy[NFQA_CFG_MAX+1] = {
 	[NFQA_CFG_CMD]		= { .len = sizeof(struct nfqnl_msg_config_cmd) },
 	[NFQA_CFG_PARAMS]	= { .len = sizeof(struct nfqnl_msg_config_params) },
+	[NFQA_CFG_QUEUE_MAXLEN]	= { .type = NLA_U32 },
+	[NFQA_CFG_MASK]		= { .type = NLA_U32 },
+	[NFQA_CFG_FLAGS]	= { .type = NLA_U32 },
 };
 
 static const struct nf_queue_handler nfqh = {

next prev parent reply	other threads:[~2018-07-16  7:45 UTC|newest]

Thread overview: 54+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2018-07-16  7:36 [PATCH 4.4 00/43] 4.4.141-stable review Greg Kroah-Hartman
2018-07-16  7:36 ` [PATCH 4.4 01/43] MIPS: Fix ioremap() RAM check Greg Kroah-Hartman
2018-07-16  7:36 ` [PATCH 4.4 02/43] ibmasm: dont write out of bounds in read handler Greg Kroah-Hartman
2018-07-16  7:36 ` [PATCH 4.4 03/43] vmw_balloon: fix inflation with batching Greg Kroah-Hartman
2018-07-16  7:36 ` [PATCH 4.4 04/43] ahci: Disable LPM on Lenovo 50 series laptops with a too old BIOS Greg Kroah-Hartman
2018-07-16  7:36 ` [PATCH 4.4 05/43] USB: serial: ch341: fix type promotion bug in ch341_control_in() Greg Kroah-Hartman
2018-07-16  7:36 ` [PATCH 4.4 06/43] USB: serial: cp210x: add another USB ID for Qivicon ZigBee stick Greg Kroah-Hartman
2018-07-16  7:36 ` [PATCH 4.4 07/43] USB: serial: keyspan_pda: fix modem-status error handling Greg Kroah-Hartman
2018-07-16  7:36 ` [PATCH 4.4 08/43] USB: yurex: fix out-of-bounds uaccess in read handler Greg Kroah-Hartman
2018-07-16  7:36 ` [PATCH 4.4 09/43] USB: serial: mos7840: fix status-register error handling Greg Kroah-Hartman
2018-07-16  7:36 ` [PATCH 4.4 10/43] usb: quirks: add delay quirks for Corsair Strafe Greg Kroah-Hartman
2018-07-16  7:36 ` [PATCH 4.4 11/43] xhci: xhci-mem: off by one in xhci_stream_id_to_ring() Greg Kroah-Hartman
2018-07-16  7:36 ` [PATCH 4.4 12/43] HID: usbhid: add quirk for innomedia INNEX GENESIS/ATARI adapter Greg Kroah-Hartman
2018-07-16  7:36 ` [PATCH 4.4 13/43] Fix up non-directory creation in SGID directories Greg Kroah-Hartman
2018-07-16  7:36 ` [PATCH 4.4 14/43] tools build: fix # escaping in .cmd files for future Make Greg Kroah-Hartman
2018-07-17 12:57   ` Konstantin Khlebnikov
2018-07-17 13:10     ` Greg Kroah-Hartman
2018-07-17 13:15     ` Greg Kroah-Hartman
2018-07-17 19:51       ` Konstantin Khlebnikov
2018-07-18  8:24         ` Greg Kroah-Hartman
2018-07-16  7:36 ` [PATCH 4.4 15/43] iw_cxgb4: correctly enforce the max reg_mr depth Greg Kroah-Hartman
2018-07-16  7:36 ` [PATCH 4.4 16/43] x86/cpufeature: Move some of the scattered feature bits to x86_capability Greg Kroah-Hartman
2018-07-16  7:36 ` [PATCH 4.4 17/43] x86/cpufeature: Cleanup get_cpu_cap() Greg Kroah-Hartman
2018-07-16  7:36 ` [PATCH 4.4 18/43] x86/cpu: Provide a config option to disable static_cpu_has Greg Kroah-Hartman
2018-07-16  7:36 ` [PATCH 4.4 19/43] x86/fpu: Add an XSTATE_OP() macro Greg Kroah-Hartman
2018-07-16  7:36 ` [PATCH 4.4 20/43] x86/fpu: Get rid of xstate_fault() Greg Kroah-Hartman
2018-07-16  7:36 ` [PATCH 4.4 21/43] x86/headers: Dont include asm/processor.h in asm/atomic.h Greg Kroah-Hartman
2018-07-16  7:36 ` [PATCH 4.4 22/43] x86/cpufeature: Carve out X86_FEATURE_* Greg Kroah-Hartman
2018-07-16  7:36 ` [PATCH 4.4 23/43] x86/cpufeature: Replace the old static_cpu_has() with safe variant Greg Kroah-Hartman
2018-07-16  7:36 ` [PATCH 4.4 24/43] x86/cpufeature: Get rid of the non-asm goto variant Greg Kroah-Hartman
2018-07-16  7:36 ` [PATCH 4.4 25/43] x86/alternatives: Add an auxilary section Greg Kroah-Hartman
2018-07-16  7:36 ` [PATCH 4.4 26/43] x86/alternatives: Discard dynamic check after init Greg Kroah-Hartman
2018-07-16  7:36 ` [PATCH 4.4 27/43] x86/vdso: Use static_cpu_has() Greg Kroah-Hartman
2018-07-16  7:36 ` [PATCH 4.4 28/43] x86/boot: Simplify kernel load address alignment check Greg Kroah-Hartman
2018-07-16  7:36 ` [PATCH 4.4 29/43] x86/cpufeature: Speed up cpu_feature_enabled() Greg Kroah-Hartman
2018-07-16  7:36 ` [PATCH 4.4 30/43] x86/cpufeature, x86/mm/pkeys: Add protection keys related CPUID definitions Greg Kroah-Hartman
2018-07-16  7:36 ` [PATCH 4.4 31/43] x86/mm/pkeys: Fix mismerge of protection keys CPUID bits Greg Kroah-Hartman
2018-07-16  7:36 ` [PATCH 4.4 33/43] x86/cpufeature, x86/mm/pkeys: Fix broken compile-time disabling of pkeys Greg Kroah-Hartman
2018-07-16  7:36 ` [PATCH 4.4 34/43] x86/cpufeature: Update cpufeaure macros Greg Kroah-Hartman
2018-07-16  7:36 ` [PATCH 4.4 35/43] x86/cpufeature: Make sure DISABLED/REQUIRED macros are updated Greg Kroah-Hartman
2018-07-16  7:36 ` [PATCH 4.4 36/43] x86/cpufeature: Add helper macro for mask check macros Greg Kroah-Hartman
2018-07-16  7:36 ` [PATCH 4.4 37/43] uprobes/x86: Remove incorrect WARN_ON() in uprobe_init_insn() Greg Kroah-Hartman
2018-07-16  7:36 ` Greg Kroah-Hartman [this message]
2018-07-16  7:36 ` [PATCH 4.4 39/43] netfilter: x_tables: initialise match/target check parameter struct Greg Kroah-Hartman
2018-07-16  7:36 ` [PATCH 4.4 40/43] loop: add recursion validation to LOOP_CHANGE_FD Greg Kroah-Hartman
2018-08-22 21:43   ` Ben Hutchings
2018-07-16  7:36 ` [PATCH 4.4 41/43] PM / hibernate: Fix oops at snapshot_write() Greg Kroah-Hartman
2018-07-16  7:36 ` [PATCH 4.4 42/43] RDMA/ucm: Mark UCM interface as BROKEN Greg Kroah-Hartman
2018-07-16  7:36 ` [PATCH 4.4 43/43] loop: remember whether sysfs_create_group() was done Greg Kroah-Hartman
2018-07-16 13:55 ` [PATCH 4.4 00/43] 4.4.141-stable review Nathan Chancellor
2018-07-16 16:22 ` Guenter Roeck
2018-07-17  8:06 ` Naresh Kamboju
  -- strict thread matches above, loose matches on Subject: below --
2018-07-16  7:36 [4.4,32/43] x86/cpu: Add detection of AMD RAS Capabilities Greg Kroah-Hartman
2018-07-16  7:36 ` [PATCH 4.4 32/43] " Greg Kroah-Hartman

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=20180716073516.100412592@linuxfoundation.org \
    --to=gregkh@linuxfoundation.org \
    --cc=edumazet@google.com \
    --cc=linux-kernel@vger.kernel.org \
    --cc=pablo@netfilter.org \
    --cc=stable@vger.kernel.org \
    --cc=syzkaller@googlegroups.com \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

Be sure your reply has a Subject: header at the top and a blank line before the message body.

This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.