From: Ido Schimmel <idosch@idosch.org>
To: Eric Dumazet <edumazet@google.com>
Cc: David Ahern <dsahern@gmail.com>,
David Miller <davem@davemloft.net>,
netdev <netdev@vger.kernel.org>,
Eric Dumazet <eric.dumazet@gmail.com>,
syzkaller@googlegroups.com, idosch@mellanox.com
Subject: Re: [PATCH net] rtnetlink: Refine sanity checks in rtnl_fdb_{add|del}
Date: Fri, 30 Nov 2018 18:00:59 +0200 [thread overview]
Message-ID: <20181130160059.GA22321@splinter.mtl.com> (raw)
In-Reply-To: <CANn89iLSVU+5nW+aku4SFmTTQi-h=HPkySX5YmepWfebh9SgCw@mail.gmail.com>
On Fri, Nov 30, 2018 at 07:51:34AM -0800, Eric Dumazet wrote:
> On Fri, Nov 30, 2018 at 7:46 AM Eric Dumazet <edumazet@google.com> wrote:
> >
> > On Fri, Nov 30, 2018 at 7:40 AM Eric Dumazet <edumazet@google.com> wrote:
> > >
> > > On Fri, Nov 30, 2018 at 7:36 AM David Ahern <dsahern@gmail.com> wrote:
> > > >
> > > > On 11/30/18 7:58 AM, Ido Schimmel wrote:
> > > > > Can you please share the reproducer (assuming it exists)? I don't really
> > > > > understand the fix. None of the functions you patched are in the trace.
> > > > > Also, looking at IPv4 GRE code, while GRE device has dev->addr_len set
> > > > > to 4, dev->type is set to ARPHRD_IPGRE.
> > > >
> > > > I had the same reaction ... you can not claim to be an ethernet device
> > > > and have a hw address that is not 6 bytes.
> > >
> > > This has been discussed a number of times.... TUNSETLINK can do that.
> > > (I have not checked what the repro does )
> >
> >
> > Oh well...ndo_dflt_fdb_dump() seems to be used on a gre device.
>
> What about :
>
> diff --git a/net/core/rtnetlink.c b/net/core/rtnetlink.c
> index 54cfbda0b58be34dcb164028f17cdde2826c857b..b4cfc139c8b05b19564e02f29bd030c5ff85b51b
> 100644
> --- a/net/core/rtnetlink.c
> +++ b/net/core/rtnetlink.c
> @@ -3800,6 +3800,9 @@ int ndo_dflt_fdb_dump(struct sk_buff *skb,
> {
> int err;
>
> + if (dev->type != ARPHRD_ETHER || dev->addr_len != ETH_ALEN)
> + return -EINVAL;
This makes more sense. I'm still compiling the kmsan kernel. I'll be
able to test the patch after compilation is done.
> +
> netif_addr_lock_bh(dev);
> err = nlmsg_populate_fdb(skb, cb, dev, idx, &dev->uc);
> if (err)
prev parent reply other threads:[~2018-12-01 3:10 UTC|newest]
Thread overview: 15+ messages / expand[flat|nested] mbox.gz Atom feed top
2018-11-30 13:35 [PATCH net] rtnetlink: Refine sanity checks in rtnl_fdb_{add|del} Eric Dumazet
2018-11-30 14:58 ` Ido Schimmel
2018-11-30 15:14 ` Eric Dumazet
2018-11-30 15:59 ` David Ahern
2018-11-30 16:02 ` Ido Schimmel
2018-11-30 16:10 ` Dmitry Vyukov
2018-11-30 16:17 ` Eric Dumazet
2018-11-30 17:00 ` Ido Schimmel
2018-12-03 23:52 ` David Miller
2018-12-04 15:58 ` Eric Dumazet
2018-11-30 15:36 ` David Ahern
2018-11-30 15:40 ` Eric Dumazet
2018-11-30 15:46 ` Eric Dumazet
2018-11-30 15:51 ` Eric Dumazet
2018-11-30 16:00 ` Ido Schimmel [this message]
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20181130160059.GA22321@splinter.mtl.com \
--to=idosch@idosch.org \
--cc=davem@davemloft.net \
--cc=dsahern@gmail.com \
--cc=edumazet@google.com \
--cc=eric.dumazet@gmail.com \
--cc=idosch@mellanox.com \
--cc=netdev@vger.kernel.org \
--cc=syzkaller@googlegroups.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.