Re: [PATCH net] sched: act_ct: take care of padding in struct zones_ht_key

All of lore.kernel.org
 help / color / mirror / Atom feed

From: Simon Horman <horms@kernel.org>
To: Eric Dumazet <edumazet@google.com>
Cc: "David S. Miller" <davem@davemloft.net>,
	Jakub Kicinski <kuba@kernel.org>, Paolo Abeni <pabeni@redhat.com>,
	Jamal Hadi Salim <jhs@mojatatu.com>,
	Cong Wang <xiyou.wangcong@gmail.com>,
	Jiri Pirko <jiri@resnulli.us>,
	netdev@vger.kernel.org, eric.dumazet@gmail.com,
	syzbot+1b5e4e187cc586d05ea0@syzkaller.appspotmail.com,
	Xin Long <lucien.xin@gmail.com>
Subject: Re: [PATCH net] sched: act_ct: take care of padding in struct zones_ht_key
Date: Thu, 25 Jul 2024 11:03:46 +0100	[thread overview]
Message-ID: <20240725100346.GK97837@kernel.org> (raw)
In-Reply-To: <20240725092745.1760161-1-edumazet@google.com>

On Thu, Jul 25, 2024 at 09:27:45AM +0000, Eric Dumazet wrote:
> Blamed commit increased lookup key size from 2 bytes to 16 bytes,
> because zones_ht_key got a struct net pointer.
> 
> Make sure rhashtable_lookup() is not using the padding bytes
> which are not initialized.
> 
>  BUG: KMSAN: uninit-value in rht_ptr_rcu include/linux/rhashtable.h:376 [inline]
>  BUG: KMSAN: uninit-value in __rhashtable_lookup include/linux/rhashtable.h:607 [inline]
>  BUG: KMSAN: uninit-value in rhashtable_lookup include/linux/rhashtable.h:646 [inline]
>  BUG: KMSAN: uninit-value in rhashtable_lookup_fast include/linux/rhashtable.h:672 [inline]
>  BUG: KMSAN: uninit-value in tcf_ct_flow_table_get+0x611/0x2260 net/sched/act_ct.c:329
>   rht_ptr_rcu include/linux/rhashtable.h:376 [inline]
>   __rhashtable_lookup include/linux/rhashtable.h:607 [inline]
>   rhashtable_lookup include/linux/rhashtable.h:646 [inline]
>   rhashtable_lookup_fast include/linux/rhashtable.h:672 [inline]
>   tcf_ct_flow_table_get+0x611/0x2260 net/sched/act_ct.c:329
>   tcf_ct_init+0xa67/0x2890 net/sched/act_ct.c:1408
>   tcf_action_init_1+0x6cc/0xb30 net/sched/act_api.c:1425
>   tcf_action_init+0x458/0xf00 net/sched/act_api.c:1488
>   tcf_action_add net/sched/act_api.c:2061 [inline]
>   tc_ctl_action+0x4be/0x19d0 net/sched/act_api.c:2118
>   rtnetlink_rcv_msg+0x12fc/0x1410 net/core/rtnetlink.c:6647
>   netlink_rcv_skb+0x375/0x650 net/netlink/af_netlink.c:2550
>   rtnetlink_rcv+0x34/0x40 net/core/rtnetlink.c:6665
>   netlink_unicast_kernel net/netlink/af_netlink.c:1331 [inline]
>   netlink_unicast+0xf52/0x1260 net/netlink/af_netlink.c:1357
>   netlink_sendmsg+0x10da/0x11e0 net/netlink/af_netlink.c:1901
>   sock_sendmsg_nosec net/socket.c:730 [inline]
>   __sock_sendmsg+0x30f/0x380 net/socket.c:745
>   ____sys_sendmsg+0x877/0xb60 net/socket.c:2597
>   ___sys_sendmsg+0x28d/0x3c0 net/socket.c:2651
>   __sys_sendmsg net/socket.c:2680 [inline]
>   __do_sys_sendmsg net/socket.c:2689 [inline]
>   __se_sys_sendmsg net/socket.c:2687 [inline]
>   __x64_sys_sendmsg+0x307/0x4a0 net/socket.c:2687
>   x64_sys_call+0x2dd6/0x3c10 arch/x86/include/generated/asm/syscalls_64.h:47
>   do_syscall_x64 arch/x86/entry/common.c:52 [inline]
>   do_syscall_64+0xcd/0x1e0 arch/x86/entry/common.c:83
>  entry_SYSCALL_64_after_hwframe+0x77/0x7f
> 
> Local variable key created at:
>   tcf_ct_flow_table_get+0x4a/0x2260 net/sched/act_ct.c:324
>   tcf_ct_init+0xa67/0x2890 net/sched/act_ct.c:1408
> 
> Fixes: 88c67aeb1407 ("sched: act_ct: add netns into the key of tcf_ct_flow_table")
> Reported-by: syzbot+1b5e4e187cc586d05ea0@syzkaller.appspotmail.com
> Signed-off-by: Eric Dumazet <edumazet@google.com>
> Cc: Xin Long <lucien.xin@gmail.com>

Reviewed-by: Simon Horman <horms@kernel.org>

next prev parent reply	other threads:[~2024-07-25 10:03 UTC|newest]

Thread overview: 4+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2024-07-25  9:27 [PATCH net] sched: act_ct: take care of padding in struct zones_ht_key Eric Dumazet
2024-07-25 10:03 ` Simon Horman [this message]
2024-07-25 14:30 ` Xin Long
2024-07-26 10:30 ` patchwork-bot+netdevbpf

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=20240725100346.GK97837@kernel.org \
    --to=horms@kernel.org \
    --cc=davem@davemloft.net \
    --cc=edumazet@google.com \
    --cc=eric.dumazet@gmail.com \
    --cc=jhs@mojatatu.com \
    --cc=jiri@resnulli.us \
    --cc=kuba@kernel.org \
    --cc=lucien.xin@gmail.com \
    --cc=netdev@vger.kernel.org \
    --cc=pabeni@redhat.com \
    --cc=syzbot+1b5e4e187cc586d05ea0@syzkaller.appspotmail.com \
    --cc=xiyou.wangcong@gmail.com \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

Be sure your reply has a Subject: header at the top and a blank line before the message body.

This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.