From mboxrd@z Thu Jan 1 00:00:00 1970 From: Eric Dumazet Subject: Re: KMSAN: uninit-value in pppoe_rcv Date: Thu, 13 Sep 2018 10:31:16 -0700 Message-ID: <9b41183c-34ea-33d3-a1bf-b0d283675af2@gmail.com> References: <0000000000004624c30575a9fd40@google.com> <7424e094-afda-084a-ad80-299f219ced92@gmail.com> <20180913161929.GA1507@alphalink.fr> <20180913172344.GB1507@alphalink.fr> Mime-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: 7bit Cc: Eric Dumazet , syzbot+f5f6080811c849739212@syzkaller.appspotmail.com, LKML , mostrows@earthlink.net, Networking , syzkaller-bugs@googlegroups.com To: Guillaume Nault , Alexander Potapenko Return-path: In-Reply-To: <20180913172344.GB1507@alphalink.fr> Content-Language: en-US Sender: linux-kernel-owner@vger.kernel.org List-Id: netdev.vger.kernel.org On 09/13/2018 10:23 AM, Guillaume Nault wrote: > Nothing to change in tun.c. Just some more tests in pppoe. > Can you try this patch? It only addresses this particular report, not > the problems spotted by Eric. > > -------- 8< -------- > diff --git a/drivers/net/ppp/pppoe.c b/drivers/net/ppp/pppoe.c > index 5aa59f41bf8c..77241b584dff 100644 > --- a/drivers/net/ppp/pppoe.c > +++ b/drivers/net/ppp/pppoe.c > @@ -429,6 +429,9 @@ static int pppoe_rcv(struct sk_buff *skb, struct net_device *dev, > if (!skb) > goto out; > > + if (skb_mac_header_len(skb) < ETH_HLEN) > + goto drop; > + > if (!pskb_may_pull(skb, sizeof(struct pppoe_hdr))) > goto drop; > > Yeah this probably will help ;)