From: Jiri Pirko <jiri@resnulli.us>
To: Anastasia Belova <abelova@astralinux.ru>
Cc: "David S. Miller" <davem@davemloft.net>,
Eric Dumazet <edumazet@google.com>,
Jakub Kicinski <kuba@kernel.org>,
netdev@vger.kernel.org, linux-kernel@vger.kernel.org,
lvc-project@linuxtesting.org
Subject: Re: [PATCH] flow_dissector: prevent NULL pointer dereference in __skb_flow_dissect
Date: Thu, 21 Mar 2024 13:42:58 +0100 [thread overview]
Message-ID: <ZfwrUmU-HROSmULc@nanopsycho> (raw)
In-Reply-To: <bec13e5c-0632-4841-adf9-38a47d290ffd@astralinux.ru>
Thu, Mar 21, 2024 at 01:04:22PM CET, abelova@astralinux.ru wrote:
>
>
>21/03/24 13:57, Jiri Pirko пишет:
>> Thu, Mar 21, 2024 at 10:36:53AM CET, abelova@astralinux.ru wrote:
>> >
>> > 20/03/24 16:38, Jiri Pirko пишет:
>> > > Wed, Mar 20, 2024 at 01:56:35PM CET, abelova@astralinux.ru wrote:
>> > > > skb is an optional parameter, so it may be NULL.
>> > > > Add check defore dereference in eth_hdr.
>> > > >
>> > > > Found by Linux Verification Center (linuxtesting.org) with SVACE.
>> > > Either drop this line which provides no value, or attach a link to the
>> > > actual report.
>> > >
>> > It is an established practice for our project. You can find 700+ applied
>> > patches with similar line:
>> > https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/log/?qt=grep&q=linuxtesting.org
>> Okay. So would it be possible to attach a link to the actual report?
>
>Unfortunately no as far as results of the SVACE static analysis tool are
>not available publicly at the moment.
So, don't mention it, has no value what so ever. No place for
advertisements like this.
>
>
>Also I agree that this is quite a minor fix, but I still insist
>that it would be better to add a check.
It is not possible (prove us wrong) to hit this bug in real world.
No point to fix nobug.
>
>>
>> >
>> > > > Fixes: 67a900cc0436 ("flow_dissector: introduce support for Ethernet addresses")
>> > > This looks incorrect. I believe that this is the offending commit:
>> > > commit 690e36e726d00d2528bc569809048adf61550d80
>> > > Author: David S. Miller <davem@davemloft.net>
>> > > Date: Sat Aug 23 12:13:41 2014 -0700
>> > >
>> > > net: Allow raw buffers to be passed into the flow dissector.
>> > >
>> > Got it.
>> >
>> > > > Signed-off-by: Anastasia Belova <abelova@astralinux.ru>
>> > > > ---
>> > > > net/core/flow_dissector.c | 2 +-
>> > > > 1 file changed, 1 insertion(+), 1 deletion(-)
>> > > >
>> > > > diff --git a/net/core/flow_dissector.c b/net/core/flow_dissector.c
>> > > > index 272f09251343..05db3a8aa771 100644
>> > > > --- a/net/core/flow_dissector.c
>> > > > +++ b/net/core/flow_dissector.c
>> > > > @@ -1137,7 +1137,7 @@ bool __skb_flow_dissect(const struct net *net,
>> > > > rcu_read_unlock();
>> > > > }
>> > > >
>> > > > - if (dissector_uses_key(flow_dissector,
>> > > > + if (skb && dissector_uses_key(flow_dissector,
>> > > > FLOW_DISSECTOR_KEY_ETH_ADDRS)) {
>> > > > struct ethhdr *eth = eth_hdr(skb);
>> > > > struct flow_dissector_key_eth_addrs *key_eth_addrs;
>> > > Looks like FLOW_DISSECT_RET_OUT_BAD should be returned in case the
>> > > FLOW_DISSECTOR_KEY_ETH_ADDRS are selected and there is no skb, no?
>> > I agree, I'll send the second version.
>> >
>> > Anastasia Belova
>> >
>
>
next prev parent reply other threads:[~2024-03-21 12:43 UTC|newest]
Thread overview: 14+ messages / expand[flat|nested] mbox.gz Atom feed top
2024-03-20 12:56 [PATCH] flow_dissector: prevent NULL pointer dereference in __skb_flow_dissect Anastasia Belova
2024-03-20 13:38 ` Jiri Pirko
2024-03-20 13:43 ` Eric Dumazet
2024-03-20 13:54 ` Jiri Pirko
2024-03-21 9:36 ` Anastasia Belova
2024-03-21 10:57 ` Jiri Pirko
2024-03-21 11:39 ` Denis Kirjanov
2024-03-21 12:04 ` Anastasia Belova
2024-03-21 12:42 ` Jiri Pirko [this message]
2024-03-21 12:34 ` [PATCH v2] " Anastasia Belova
2024-03-21 12:52 ` Denis Kirjanov
2024-03-21 13:09 ` Jiri Pirko
2024-03-21 17:16 ` Eric Dumazet
2024-03-22 11:41 ` Simon Horman
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=ZfwrUmU-HROSmULc@nanopsycho \
--to=jiri@resnulli.us \
--cc=abelova@astralinux.ru \
--cc=davem@davemloft.net \
--cc=edumazet@google.com \
--cc=kuba@kernel.org \
--cc=linux-kernel@vger.kernel.org \
--cc=lvc-project@linuxtesting.org \
--cc=netdev@vger.kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.