From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-2.5 required=3.0 tests=DKIMWL_WL_HIGH,DKIM_SIGNED, DKIM_VALID,HEADER_FROM_DIFFERENT_DOMAINS,MAILING_LIST_MULTI,SPF_PASS, USER_AGENT_MUTT autolearn=ham autolearn_force=no version=3.4.0 Received: from mail.kernel.org (mail.kernel.org [198.145.29.99]) by smtp.lore.kernel.org (Postfix) with ESMTP id 754C8C43381 for ; Tue, 12 Mar 2019 21:00:58 +0000 (UTC) Received: from vger.kernel.org (vger.kernel.org [209.132.180.67]) by mail.kernel.org (Postfix) with ESMTP id 333FB2171F for ; Tue, 12 Mar 2019 21:00:58 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org; s=default; t=1552424458; bh=GZdyVY+KCPX2XKGwlikeqqg8gIwp7x3YO0MSB/GZtoc=; h=Date:From:To:Cc:Subject:References:In-Reply-To:List-ID:From; b=LSXJQs3J+/40IHnDWECTBfhM3kvwGzOTbJXOPa1Qj99TzA2GLnOcKc3CcLGoaBBIe WW1+RG9k3GnaPDGyGJT/g8pqzO9PmJXoomK07J2SeG6edvK9xiEgnMZlfuqW9KXd6I xBl5vGMgiM8oEgU4YJI4ptU2OqQuNL6STos487oU= Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1725894AbfCLVA5 (ORCPT ); Tue, 12 Mar 2019 17:00:57 -0400 Received: from mail.kernel.org ([198.145.29.99]:59610 "EHLO mail.kernel.org" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1726422AbfCLVA5 (ORCPT ); Tue, 12 Mar 2019 17:00:57 -0400 Received: from localhost (unknown [104.133.8.98]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by mail.kernel.org (Postfix) with ESMTPSA id 8EF48214AE; Tue, 12 Mar 2019 21:00:56 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org; s=default; t=1552424456; bh=GZdyVY+KCPX2XKGwlikeqqg8gIwp7x3YO0MSB/GZtoc=; h=Date:From:To:Cc:Subject:References:In-Reply-To:From; b=yg7oXP74CMPzrS41okPjedcKhSzUUdwrF8J1T/7uFCNbT0ruxOWTrKkt2guVPjorC 04G+LduAgvACMYyV3FuP4dbRqspWTX178fmkt1oBM3uoHioeYrVwKcugWwPdAjoPYr gKUybU20zL/7MtUfDDFA04oe8/WwCN7cNKHIRJOc= Date: Tue, 12 Mar 2019 14:00:56 -0700 From: Greg KH To: Zubin Mithra Cc: stable@vger.kernel.org, groeck@chromium.org, phil.turnbull@oracle.com, pablo@netfilter.org, kadlec@blackhole.kfki.hu, fw@strlen.de, davem@davemloft.net Subject: Re: 017b1b6d28c4 ("netfilter: nfnetlink_acct: validate NFACCT_FILTER parameters") Message-ID: <20190312210056.GA9552@kroah.com> References: <20190312200413.GA128459@google.com> MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <20190312200413.GA128459@google.com> User-Agent: Mutt/1.11.3 (2019-02-01) Sender: stable-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: stable@vger.kernel.org On Tue, Mar 12, 2019 at 01:04:15PM -0700, Zubin Mithra wrote: > Hello, > > Syzkaller has triggered a GPF when fuzzing a 4.4 kernel with the following stacktrace. > Call Trace: > [] nfnetlink_rcv_msg+0xa59/0xbc0 net/netfilter/nfnetlink.c:215 > [] netlink_rcv_skb+0x149/0x380 net/netlink/af_netlink.c:2296 > [] nfnetlink_rcv+0x2ac/0x1190 net/netfilter/nfnetlink.c:479 > [] netlink_unicast_kernel net/netlink/af_netlink.c:1223 [inline] > [] netlink_unicast+0x51e/0x760 net/netlink/af_netlink.c:1249 > [] netlink_sendmsg+0x8c5/0xc20 net/netlink/af_netlink.c:1803 > [] sock_sendmsg_nosec net/socket.c:625 [inline] > [] sock_sendmsg+0xcf/0x110 net/socket.c:635 > [] sock_write_iter+0x222/0x3a0 net/socket.c:834 > [] new_sync_write fs/read_write.c:478 [inline] > [] __vfs_write+0x32e/0x440 fs/read_write.c:491 > [] vfs_write+0x16c/0x4a0 fs/read_write.c:538 > [] SYSC_write fs/read_write.c:585 [inline] > [] SyS_write+0xd9/0x1b0 fs/read_write.c:577 > [] entry_SYSCALL_64_fastpath+0x12/0x72 > Code: c0 49 89 c4 0f 84 64 04 00 00 e8 ea b7 f6 fe 49 8b 95 68 ff ff ff 48 b8 00 00 00 00 00 fc ff df 48 8d 7a 04 48 89 f9 48 c1 e9 03 <0f> b6 0c 01 48 89 f8 83 e0 07 83 c0 03 38 c8 7c 17 84 c9 74 13 > RIP [] nla_get_be32 include/net/netlink.h:1003 [inline] > RIP [] nfacct_filter_alloc net/netfilter/nfnetlink_acct.c:250 [inline] > RIP [] nfnl_acct_get+0x1f2/0x6d0 net/netfilter/nfnetlink_acct.c:274 > RSP > ---[ end trace a8de975a65b4d2ea ]--- > > Could the following patch be applied to v4.4.y? The patch is present in v4.9.y. > * 017b1b6d28c4 ("netfilter: nfnetlink_acct: validate NFACCT_FILTER parameters") > > Tests run: > * Chrome OS tryjobs > * Syzkaller reproducer Now applied, thanks. greg k-h