017b1b6d28c4 ("netfilter: nfnetlink_acct: validate NFACCT

All of lore.kernel.org
 help / color / mirror / Atom feed

* 017b1b6d28c4 ("netfilter: nfnetlink_acct: validate NFACCT_FILTER parameters")
@ 2019-03-12 20:04 Zubin Mithra
  2019-03-12 21:00 ` Greg KH
  0 siblings, 1 reply; 2+ messages in thread
From: Zubin Mithra @ 2019-03-12 20:04 UTC (permalink / raw)
  To: stable; +Cc: groeck, gregkh, phil.turnbull, pablo, kadlec, fw, davem

Hello,

Syzkaller has triggered a GPF when fuzzing a 4.4 kernel with the following stacktrace.
Call Trace:
 [<ffffffff823936f9>] nfnetlink_rcv_msg+0xa59/0xbc0 net/netfilter/nfnetlink.c:215
 [<ffffffff82382be9>] netlink_rcv_skb+0x149/0x380 net/netlink/af_netlink.c:2296
 [<ffffffff82391b6c>] nfnetlink_rcv+0x2ac/0x1190 net/netfilter/nfnetlink.c:479
 [<ffffffff8238178e>] netlink_unicast_kernel net/netlink/af_netlink.c:1223 [inline]
 [<ffffffff8238178e>] netlink_unicast+0x51e/0x760 net/netlink/af_netlink.c:1249
 [<ffffffff82382295>] netlink_sendmsg+0x8c5/0xc20 net/netlink/af_netlink.c:1803
 [<ffffffff821f45ff>] sock_sendmsg_nosec net/socket.c:625 [inline]
 [<ffffffff821f45ff>] sock_sendmsg+0xcf/0x110 net/socket.c:635
 [<ffffffff821f4862>] sock_write_iter+0x222/0x3a0 net/socket.c:834
 [<ffffffff8150b3fe>] new_sync_write fs/read_write.c:478 [inline]
 [<ffffffff8150b3fe>] __vfs_write+0x32e/0x440 fs/read_write.c:491
 [<ffffffff8150cf2c>] vfs_write+0x16c/0x4a0 fs/read_write.c:538
 [<ffffffff8150f599>] SYSC_write fs/read_write.c:585 [inline]
 [<ffffffff8150f599>] SyS_write+0xd9/0x1b0 fs/read_write.c:577
 [<ffffffff82a0b3b2>] entry_SYSCALL_64_fastpath+0x12/0x72
Code: c0 49 89 c4 0f 84 64 04 00 00 e8 ea b7 f6 fe 49 8b 95 68 ff ff ff 48 b8 00 00 00 00 00 fc ff df 48 8d 7a 04 48 89 f9 48 c1 e9 03 <0f> b6 0c 01 48 89 f8 83 e0 07 83 c0 03 38 c8 7c 17 84 c9 74 13 
RIP  [<ffffffff823956f2>] nla_get_be32 include/net/netlink.h:1003 [inline]
RIP  [<ffffffff823956f2>] nfacct_filter_alloc net/netfilter/nfnetlink_acct.c:250 [inline]
RIP  [<ffffffff823956f2>] nfnl_acct_get+0x1f2/0x6d0 net/netfilter/nfnetlink_acct.c:274
 RSP <ffff8801d7def6a8>
---[ end trace a8de975a65b4d2ea ]---

Could the following patch be applied to v4.4.y? The patch is present in v4.9.y.
* 017b1b6d28c4 ("netfilter: nfnetlink_acct: validate NFACCT_FILTER parameters")

Tests run:
* Chrome OS tryjobs
* Syzkaller reproducer


Thanks,
- Zubin

^ permalink raw reply	[flat|nested] 2+ messages in thread

* Re: 017b1b6d28c4 ("netfilter: nfnetlink_acct: validate NFACCT_FILTER parameters")
  2019-03-12 20:04 017b1b6d28c4 ("netfilter: nfnetlink_acct: validate NFACCT_FILTER parameters") Zubin Mithra
@ 2019-03-12 21:00 ` Greg KH
  0 siblings, 0 replies; 2+ messages in thread
From: Greg KH @ 2019-03-12 21:00 UTC (permalink / raw)
  To: Zubin Mithra; +Cc: stable, groeck, phil.turnbull, pablo, kadlec, fw, davem

On Tue, Mar 12, 2019 at 01:04:15PM -0700, Zubin Mithra wrote:
> Hello,
> 
> Syzkaller has triggered a GPF when fuzzing a 4.4 kernel with the following stacktrace.
> Call Trace:
>  [<ffffffff823936f9>] nfnetlink_rcv_msg+0xa59/0xbc0 net/netfilter/nfnetlink.c:215
>  [<ffffffff82382be9>] netlink_rcv_skb+0x149/0x380 net/netlink/af_netlink.c:2296
>  [<ffffffff82391b6c>] nfnetlink_rcv+0x2ac/0x1190 net/netfilter/nfnetlink.c:479
>  [<ffffffff8238178e>] netlink_unicast_kernel net/netlink/af_netlink.c:1223 [inline]
>  [<ffffffff8238178e>] netlink_unicast+0x51e/0x760 net/netlink/af_netlink.c:1249
>  [<ffffffff82382295>] netlink_sendmsg+0x8c5/0xc20 net/netlink/af_netlink.c:1803
>  [<ffffffff821f45ff>] sock_sendmsg_nosec net/socket.c:625 [inline]
>  [<ffffffff821f45ff>] sock_sendmsg+0xcf/0x110 net/socket.c:635
>  [<ffffffff821f4862>] sock_write_iter+0x222/0x3a0 net/socket.c:834
>  [<ffffffff8150b3fe>] new_sync_write fs/read_write.c:478 [inline]
>  [<ffffffff8150b3fe>] __vfs_write+0x32e/0x440 fs/read_write.c:491
>  [<ffffffff8150cf2c>] vfs_write+0x16c/0x4a0 fs/read_write.c:538
>  [<ffffffff8150f599>] SYSC_write fs/read_write.c:585 [inline]
>  [<ffffffff8150f599>] SyS_write+0xd9/0x1b0 fs/read_write.c:577
>  [<ffffffff82a0b3b2>] entry_SYSCALL_64_fastpath+0x12/0x72
> Code: c0 49 89 c4 0f 84 64 04 00 00 e8 ea b7 f6 fe 49 8b 95 68 ff ff ff 48 b8 00 00 00 00 00 fc ff df 48 8d 7a 04 48 89 f9 48 c1 e9 03 <0f> b6 0c 01 48 89 f8 83 e0 07 83 c0 03 38 c8 7c 17 84 c9 74 13 
> RIP  [<ffffffff823956f2>] nla_get_be32 include/net/netlink.h:1003 [inline]
> RIP  [<ffffffff823956f2>] nfacct_filter_alloc net/netfilter/nfnetlink_acct.c:250 [inline]
> RIP  [<ffffffff823956f2>] nfnl_acct_get+0x1f2/0x6d0 net/netfilter/nfnetlink_acct.c:274
>  RSP <ffff8801d7def6a8>
> ---[ end trace a8de975a65b4d2ea ]---
> 
> Could the following patch be applied to v4.4.y? The patch is present in v4.9.y.
> * 017b1b6d28c4 ("netfilter: nfnetlink_acct: validate NFACCT_FILTER parameters")
> 
> Tests run:
> * Chrome OS tryjobs
> * Syzkaller reproducer

Now applied, thanks.

greg k-h

^ permalink raw reply	[flat|nested] 2+ messages in thread

end of thread, other threads:[~2019-03-12 21:00 UTC | newest]

Thread overview: 2+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2019-03-12 20:04 017b1b6d28c4 ("netfilter: nfnetlink_acct: validate NFACCT_FILTER parameters") Zubin Mithra
2019-03-12 21:00 ` Greg KH

This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.