Re: [PATCH net] rtnetlink: Refine sanity checks in rtnl_fdb_{add|del}

All of lore.kernel.org
 help / color / mirror / Atom feed

From: Ido Schimmel <idosch@idosch.org>
To: Eric Dumazet <edumazet@google.com>
Cc: "David S . Miller" <davem@davemloft.net>,
	netdev <netdev@vger.kernel.org>,
	Eric Dumazet <eric.dumazet@gmail.com>,
	syzbot <syzkaller@googlegroups.com>,
	Ido Schimmel <idosch@mellanox.com>,
	David Ahern <dsahern@gmail.com>
Subject: Re: [PATCH net] rtnetlink: Refine sanity checks in rtnl_fdb_{add|del}
Date: Fri, 30 Nov 2018 16:58:32 +0200	[thread overview]
Message-ID: <20181130145832.GA18412@splinter.mtl.com> (raw)
In-Reply-To: <20181130133501.62251-1-edumazet@google.com>

On Fri, Nov 30, 2018 at 05:35:01AM -0800, 'Eric Dumazet' via syzkaller wrote:
> Commit da71577545a5 ("rtnetlink: Disallow FDB configuration
> for non-Ethernet device") added a test against dev->type.
> 
> kmsan was still able to trigger a kernel-infoleak using a gre device,
> with a correct device type (ARPHRD_ETHER), but with a not
> correct dev->addr_len (4 bytes instead of the expected 6 bytes)

Hi,

Can you please share the reproducer (assuming it exists)? I don't really
understand the fix. None of the functions you patched are in the trace.
Also, looking at IPv4 GRE code, while GRE device has dev->addr_len set
to 4, dev->type is set to ARPHRD_IPGRE.

Thanks

next prev parent reply	other threads:[~2018-12-01  2:08 UTC|newest]

Thread overview: 15+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2018-11-30 13:35 [PATCH net] rtnetlink: Refine sanity checks in rtnl_fdb_{add|del} Eric Dumazet
2018-11-30 14:58 ` Ido Schimmel [this message]
2018-11-30 15:14   ` Eric Dumazet
2018-11-30 15:59     ` David Ahern
2018-11-30 16:02       ` Ido Schimmel
2018-11-30 16:10         ` Dmitry Vyukov
2018-11-30 16:17           ` Eric Dumazet
2018-11-30 17:00             ` Ido Schimmel
2018-12-03 23:52               ` David Miller
2018-12-04 15:58                 ` Eric Dumazet
2018-11-30 15:36   ` David Ahern
2018-11-30 15:40     ` Eric Dumazet
2018-11-30 15:46       ` Eric Dumazet
2018-11-30 15:51         ` Eric Dumazet
2018-11-30 16:00           ` Ido Schimmel

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=20181130145832.GA18412@splinter.mtl.com \
    --to=idosch@idosch.org \
    --cc=davem@davemloft.net \
    --cc=dsahern@gmail.com \
    --cc=edumazet@google.com \
    --cc=eric.dumazet@gmail.com \
    --cc=idosch@mellanox.com \
    --cc=netdev@vger.kernel.org \
    --cc=syzkaller@googlegroups.com \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

Be sure your reply has a Subject: header at the top and a blank line before the message body.

This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.