From mboxrd@z Thu Jan  1 00:00:00 1970
From: Ido Schimmel <idosch@idosch.org>
Subject: Re: [PATCH net] rtnetlink: Refine sanity checks in rtnl_fdb_{add|del}
Date: Fri, 30 Nov 2018 16:58:32 +0200
Message-ID: <20181130145832.GA18412@splinter.mtl.com>
References: <20181130133501.62251-1-edumazet@google.com>
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Cc: "David S . Miller" <davem@davemloft.net>,
        netdev <netdev@vger.kernel.org>,
        Eric Dumazet <eric.dumazet@gmail.com>,
        syzbot <syzkaller@googlegroups.com>,
        Ido Schimmel <idosch@mellanox.com>,
        David Ahern <dsahern@gmail.com>
To: Eric Dumazet <edumazet@google.com>
Return-path: <netdev-owner@vger.kernel.org>
Received: from out4-smtp.messagingengine.com ([66.111.4.28]:51235 "EHLO
        out4-smtp.messagingengine.com" rhost-flags-OK-OK-OK-OK)
        by vger.kernel.org with ESMTP id S1726563AbeLACIL (ORCPT
        <rfc822;netdev@vger.kernel.org>); Fri, 30 Nov 2018 21:08:11 -0500
Content-Disposition: inline
In-Reply-To: <20181130133501.62251-1-edumazet@google.com>
Sender: netdev-owner@vger.kernel.org
List-ID: <netdev.vger.kernel.org>

On Fri, Nov 30, 2018 at 05:35:01AM -0800, 'Eric Dumazet' via syzkaller wrote:
> Commit da71577545a5 ("rtnetlink: Disallow FDB configuration
> for non-Ethernet device") added a test against dev->type.
> 
> kmsan was still able to trigger a kernel-infoleak using a gre device,
> with a correct device type (ARPHRD_ETHER), but with a not
> correct dev->addr_len (4 bytes instead of the expected 6 bytes)

Hi,

Can you please share the reproducer (assuming it exists)? I don't really
understand the fix. None of the functions you patched are in the trace.
Also, looking at IPv4 GRE code, while GRE device has dev->addr_len set
to 4, dev->type is set to ARPHRD_IPGRE.

Thanks