From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-9.1 required=3.0 tests=DKIMWL_WL_HIGH,DKIM_SIGNED, DKIM_VALID,DKIM_VALID_AU,INCLUDES_PATCH,MAILING_LIST_MULTI,SIGNED_OFF_BY, SPF_PASS,USER_AGENT_GIT autolearn=ham autolearn_force=no version=3.4.0 Received: from mail.kernel.org (mail.kernel.org [198.145.29.99]) by smtp.lore.kernel.org (Postfix) with ESMTP id E9E10C10F11 for ; Wed, 24 Apr 2019 17:43:41 +0000 (UTC) Received: from vger.kernel.org (vger.kernel.org [209.132.180.67]) by mail.kernel.org (Postfix) with ESMTP id B1E0F2064A for ; Wed, 24 Apr 2019 17:43:41 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org; s=default; t=1556127821; bh=EU7oklEaYePynX7uRZ0WoqceiAwQlHbkrgmntBhuI5w=; h=From:To:Cc:Subject:Date:List-ID:From; b=e1SGyqE70fd4he1wcb3UXrH1iPIpmH89bim3Ly3oS1icf7Sb5NdKtrc/Iz+pshaGu K2gBua4yk//OG2NFRDVp2sbHJ88ApA4IHorqmB20yNYF7wSWJ43v2KBztcwtd0s7SC HB+32NKV3dpKiN5UlR/jN+Oz8GmiTvHmC24t+Hoc= Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S2404066AbfDXRnk (ORCPT ); Wed, 24 Apr 2019 13:43:40 -0400 Received: from mail.kernel.org ([198.145.29.99]:34080 "EHLO mail.kernel.org" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S2391843AbfDXRfN (ORCPT ); Wed, 24 Apr 2019 13:35:13 -0400 Received: from kenny.it.cumulusnetworks.com. (fw.cumulusnetworks.com [216.129.126.126]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by mail.kernel.org (Postfix) with ESMTPSA id 4BF932054F; Wed, 24 Apr 2019 17:35:13 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org; s=default; t=1556127313; bh=EU7oklEaYePynX7uRZ0WoqceiAwQlHbkrgmntBhuI5w=; h=From:To:Cc:Subject:Date:From; b=Qi/qz1oikUK3QGhrHihCyiS6Dk4sxA46wRkgZDun94uLyg8o72fa0VU8HZC4ES5wl 4rwQ7gU0+MnPobvYXfzpoAIn7+UU02K/pN5GzoBLBVvq9PFrFfXTUH0XCQCbt3vVZK LXx+lk2z/gV+kOFaZG5kTRmLBj+ux7yXn0EqDExI= From: David Ahern To: davem@davemloft.net Cc: netdev@vger.kernel.org, David Ahern Subject: [PATCH net-next] ipv6: Initialize fib6_result in bpf_ipv6_fib_lookup Date: Wed, 24 Apr 2019 10:36:06 -0700 Message-Id: <20190424173606.12451-1-dsahern@kernel.org> X-Mailer: git-send-email 2.11.0 Sender: netdev-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: netdev@vger.kernel.org From: David Ahern fib6_result is not initialized in bpf_ipv6_fib_lookup and potentially passses garbage to the fib lookup which triggers a KASAN warning: [ 262.055450] ================================================================== [ 262.057640] BUG: KASAN: user-memory-access in fib6_rule_suppress+0x4b/0xce [ 262.059488] Read of size 8 at addr 00000a20000000b0 by task swapper/1/0 [ 262.061238] [ 262.061673] CPU: 1 PID: 0 Comm: swapper/1 Not tainted 5.1.0-rc5+ #56 [ 262.063493] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.11.1-1 04/01/2014 [ 262.065593] Call Trace: [ 262.066277] [ 262.066848] dump_stack+0x7e/0xbb [ 262.067764] kasan_report+0x18b/0x1b5 [ 262.069921] __asan_load8+0x7f/0x81 [ 262.070879] fib6_rule_suppress+0x4b/0xce [ 262.071980] fib_rules_lookup+0x275/0x2cd [ 262.073090] fib6_lookup+0x119/0x218 [ 262.076457] bpf_ipv6_fib_lookup+0x39d/0x664 ... Initialize fib6_result to 0. Fixes: b1d40991506aa ("ipv6: Rename fib6_multipath_select and pass fib6_result") Signed-off-by: David Ahern --- net/core/filter.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/net/core/filter.c b/net/core/filter.c index fa8fb0548217..9d28e7e8a4cb 100644 --- a/net/core/filter.c +++ b/net/core/filter.c @@ -4680,8 +4680,8 @@ static int bpf_ipv6_fib_lookup(struct net *net, struct bpf_fib_lookup *params, { struct in6_addr *src = (struct in6_addr *) params->ipv6_src; struct in6_addr *dst = (struct in6_addr *) params->ipv6_dst; + struct fib6_result res = {}; struct neighbour *neigh; - struct fib6_result res; struct net_device *dev; struct inet6_dev *idev; struct flowi6 fl6; -- 2.11.0