From: Martin Schiller <ms@dev.tdt.de>
To: Eric Dumazet <edumazet@google.com>
Cc: "David S . Miller" <davem@davemloft.net>,
Jakub Kicinski <kuba@kernel.org>, Paolo Abeni <pabeni@redhat.com>,
netdev@vger.kernel.org, eric.dumazet@gmail.com,
syzbot <syzkaller@googlegroups.com>
Subject: Re: [PATCH net] net: lapbether: only support ethernet devices
Date: Fri, 16 Jun 2023 07:50:18 +0200 [thread overview]
Message-ID: <b5fad6a3fa34760feb9192b697887ac7@dev.tdt.de> (raw)
In-Reply-To: <20230614161802.2715468-1-edumazet@google.com>
On 2023-06-14 18:18, Eric Dumazet wrote:
> It probbaly makes no sense to support arbitrary network devices
> for lapbether.
>
> syzbot reported:
>
> skbuff: skb_under_panic: text:ffff80008934c100 len:44 put:40
> head:ffff0000d18dd200 data:ffff0000d18dd1ea tail:0x16 end:0x140
> dev:bond1
> kernel BUG at net/core/skbuff.c:200 !
> Internal error: Oops - BUG: 00000000f2000800 [#1] PREEMPT SMP
> Modules linked in:
> CPU: 0 PID: 5643 Comm: dhcpcd Not tainted
> 6.4.0-rc5-syzkaller-g4641cff8e810 #0
> Hardware name: Google Google Compute Engine/Google Compute Engine,
> BIOS Google 05/25/2023
> pstate: 60400005 (nZCv daif +PAN -UAO -TCO -DIT -SSBS BTYPE=--)
> pc : skb_panic net/core/skbuff.c:196 [inline]
> pc : skb_under_panic+0x13c/0x140 net/core/skbuff.c:210
> lr : skb_panic net/core/skbuff.c:196 [inline]
> lr : skb_under_panic+0x13c/0x140 net/core/skbuff.c:210
> sp : ffff8000973b7260
> x29: ffff8000973b7270 x28: ffff8000973b7360 x27: dfff800000000000
> x26: ffff0000d85d8150 x25: 0000000000000016 x24: ffff0000d18dd1ea
> x23: ffff0000d18dd200 x22: 000000000000002c x21: 0000000000000140
> x20: 0000000000000028 x19: ffff80008934c100 x18: ffff8000973b68a0
> x17: 0000000000000000 x16: ffff80008a43bfbc x15: 0000000000000202
> x14: 0000000000000000 x13: 0000000000000001 x12: 0000000000000001
> x11: 0000000000000201 x10: 0000000000000000 x9 : f22f7eb937cced00
> x8 : f22f7eb937cced00 x7 : 0000000000000001 x6 : 0000000000000001
> x5 : ffff8000973b6b78 x4 : ffff80008df9ee80 x3 : ffff8000805974f4
> x2 : 0000000000000001 x1 : 0000000100000201 x0 : 0000000000000086
> Call trace:
> skb_panic net/core/skbuff.c:196 [inline]
> skb_under_panic+0x13c/0x140 net/core/skbuff.c:210
> skb_push+0xf0/0x108 net/core/skbuff.c:2409
> ip6gre_header+0xbc/0x738 net/ipv6/ip6_gre.c:1383
> dev_hard_header include/linux/netdevice.h:3137 [inline]
> lapbeth_data_transmit+0x1c4/0x298 drivers/net/wan/lapbether.c:257
> lapb_data_transmit+0x8c/0xb0 net/lapb/lapb_iface.c:447
> lapb_transmit_buffer+0x178/0x204 net/lapb/lapb_out.c:149
> lapb_send_control+0x220/0x320 net/lapb/lapb_subr.c:251
> lapb_establish_data_link+0x94/0xec
> lapb_device_event+0x348/0x4e0
> notifier_call_chain+0x1a4/0x510 kernel/notifier.c:93
> raw_notifier_call_chain+0x3c/0x50 kernel/notifier.c:461
> __dev_notify_flags+0x2bc/0x544
> dev_change_flags+0xd0/0x15c net/core/dev.c:8643
> devinet_ioctl+0x858/0x17e4 net/ipv4/devinet.c:1150
> inet_ioctl+0x2ac/0x4d8 net/ipv4/af_inet.c:979
> sock_do_ioctl+0x134/0x2dc net/socket.c:1201
> sock_ioctl+0x4ec/0x858 net/socket.c:1318
> vfs_ioctl fs/ioctl.c:51 [inline]
> __do_sys_ioctl fs/ioctl.c:870 [inline]
> __se_sys_ioctl fs/ioctl.c:856 [inline]
> __arm64_sys_ioctl+0x14c/0x1c8 fs/ioctl.c:856
> __invoke_syscall arch/arm64/kernel/syscall.c:38 [inline]
> invoke_syscall+0x98/0x2c0 arch/arm64/kernel/syscall.c:52
> el0_svc_common+0x138/0x244 arch/arm64/kernel/syscall.c:142
> do_el0_svc+0x64/0x198 arch/arm64/kernel/syscall.c:191
> el0_svc+0x4c/0x160 arch/arm64/kernel/entry-common.c:647
> el0t_64_sync_handler+0x84/0xfc arch/arm64/kernel/entry-common.c:665
> el0t_64_sync+0x190/0x194 arch/arm64/kernel/entry.S:591
> Code: aa1803e6 aa1903e7 a90023f5 947730f5 (d4210000)
>
> Fixes: 1da177e4c3f4 ("Linux-2.6.12-rc2")
> Reported-by: syzbot <syzkaller@googlegroups.com>
> Signed-off-by: Eric Dumazet <edumazet@google.com>
> Cc: Martin Schiller <ms@dev.tdt.de>
> ---
> drivers/net/wan/lapbether.c | 3 +++
> 1 file changed, 3 insertions(+)
>
> diff --git a/drivers/net/wan/lapbether.c b/drivers/net/wan/lapbether.c
> index
> d62a904d2e422d7e48cf67cba829df0568e99b01..56326f38fe8a30f45e88cdce7efd43e18041e52a
> 100644
> --- a/drivers/net/wan/lapbether.c
> +++ b/drivers/net/wan/lapbether.c
> @@ -384,6 +384,9 @@ static int lapbeth_new_device(struct net_device
> *dev)
>
> ASSERT_RTNL();
>
> + if (dev->type != ARPHRD_ETHER)
> + return -EINVAL;
> +
> ndev = alloc_netdev(sizeof(*lapbeth), "lapb%d", NET_NAME_UNKNOWN,
> lapbeth_setup);
> if (!ndev)
Reviewed-by: Martin Schiller <ms@dev.tdt.de>
prev parent reply other threads:[~2023-06-16 6:09 UTC|newest]
Thread overview: 3+ messages / expand[flat|nested] mbox.gz Atom feed top
2023-06-14 16:18 [PATCH net] net: lapbether: only support ethernet devices Eric Dumazet
2023-06-15 14:47 ` Simon Horman
2023-06-16 5:50 ` Martin Schiller [this message]
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=b5fad6a3fa34760feb9192b697887ac7@dev.tdt.de \
--to=ms@dev.tdt.de \
--cc=davem@davemloft.net \
--cc=edumazet@google.com \
--cc=eric.dumazet@gmail.com \
--cc=kuba@kernel.org \
--cc=netdev@vger.kernel.org \
--cc=pabeni@redhat.com \
--cc=syzkaller@googlegroups.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.