From: patchwork-bot+netdevbpf@kernel.org
To: Eric Dumazet <edumazet@google.com>
Cc: davem@davemloft.net, kuba@kernel.org, pabeni@redhat.com,
netdev@vger.kernel.org, eric.dumazet@gmail.com,
syzbot+671e2853f9851d039551@syzkaller.appspotmail.com,
w-kwok2@ti.com, m-karicheri2@ti.com, danishanwar@ti.com,
jiri@nvidia.com, george.mccollister@gmail.com
Subject: Re: [PATCH net] net: hsr: avoid potential out-of-bound access in fill_frame_info()
Date: Sat, 30 Nov 2024 22:20:29 +0000 [thread overview]
Message-ID: <173300522975.2492979.17101494144631097796.git-patchwork-notify@kernel.org> (raw)
In-Reply-To: <20241126144344.4177332-1-edumazet@google.com>
Hello:
This patch was applied to netdev/net.git (main)
by Jakub Kicinski <kuba@kernel.org>:
On Tue, 26 Nov 2024 14:43:44 +0000 you wrote:
> syzbot is able to feed a packet with 14 bytes, pretending
> it is a vlan one.
>
> Since fill_frame_info() is relying on skb->mac_len already,
> extend the check to cover this case.
>
> BUG: KMSAN: uninit-value in fill_frame_info net/hsr/hsr_forward.c:709 [inline]
> BUG: KMSAN: uninit-value in hsr_forward_skb+0x9ee/0x3b10 net/hsr/hsr_forward.c:724
> fill_frame_info net/hsr/hsr_forward.c:709 [inline]
> hsr_forward_skb+0x9ee/0x3b10 net/hsr/hsr_forward.c:724
> hsr_dev_xmit+0x2f0/0x350 net/hsr/hsr_device.c:235
> __netdev_start_xmit include/linux/netdevice.h:5002 [inline]
> netdev_start_xmit include/linux/netdevice.h:5011 [inline]
> xmit_one net/core/dev.c:3590 [inline]
> dev_hard_start_xmit+0x247/0xa20 net/core/dev.c:3606
> __dev_queue_xmit+0x366a/0x57d0 net/core/dev.c:4434
> dev_queue_xmit include/linux/netdevice.h:3168 [inline]
> packet_xmit+0x9c/0x6c0 net/packet/af_packet.c:276
> packet_snd net/packet/af_packet.c:3146 [inline]
> packet_sendmsg+0x91ae/0xa6f0 net/packet/af_packet.c:3178
> sock_sendmsg_nosec net/socket.c:711 [inline]
> __sock_sendmsg+0x30f/0x380 net/socket.c:726
> __sys_sendto+0x594/0x750 net/socket.c:2197
> __do_sys_sendto net/socket.c:2204 [inline]
> __se_sys_sendto net/socket.c:2200 [inline]
> __x64_sys_sendto+0x125/0x1d0 net/socket.c:2200
> x64_sys_call+0x346a/0x3c30 arch/x86/include/generated/asm/syscalls_64.h:45
> do_syscall_x64 arch/x86/entry/common.c:52 [inline]
> do_syscall_64+0xcd/0x1e0 arch/x86/entry/common.c:83
> entry_SYSCALL_64_after_hwframe+0x77/0x7f
>
> [...]
Here is the summary with links:
- [net] net: hsr: avoid potential out-of-bound access in fill_frame_info()
https://git.kernel.org/netdev/net/c/b9653d19e556
You are awesome, thank you!
--
Deet-doot-dot, I am a bot.
https://korg.docs.kernel.org/patchwork/pwbot.html
next prev parent reply other threads:[~2024-11-30 22:20 UTC|newest]
Thread overview: 13+ messages / expand[flat|nested] mbox.gz Atom feed top
2024-11-26 14:43 [PATCH net] net: hsr: avoid potential out-of-bound access in fill_frame_info() Eric Dumazet
2024-11-30 22:20 ` patchwork-bot+netdevbpf [this message]
2025-01-17 11:30 ` Stephan Wurm
2025-01-17 13:22 ` Eric Dumazet
2025-01-17 14:15 ` Stephan Wurm
2025-01-17 18:14 ` Eric Dumazet
2025-01-17 18:18 ` Eric Dumazet
2025-01-20 7:31 ` Stephan Wurm
2025-01-20 12:24 ` Eric Dumazet
2025-01-21 15:14 ` Stephan Wurm
2025-01-21 15:35 ` Eric Dumazet
2025-01-22 10:26 ` Stephan Wurm
2025-01-22 10:29 ` Eric Dumazet
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=173300522975.2492979.17101494144631097796.git-patchwork-notify@kernel.org \
--to=patchwork-bot+netdevbpf@kernel.org \
--cc=danishanwar@ti.com \
--cc=davem@davemloft.net \
--cc=edumazet@google.com \
--cc=eric.dumazet@gmail.com \
--cc=george.mccollister@gmail.com \
--cc=jiri@nvidia.com \
--cc=kuba@kernel.org \
--cc=m-karicheri2@ti.com \
--cc=netdev@vger.kernel.org \
--cc=pabeni@redhat.com \
--cc=syzbot+671e2853f9851d039551@syzkaller.appspotmail.com \
--cc=w-kwok2@ti.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).