From mboxrd@z Thu Jan  1 00:00:00 1970
Return-Path: <linux-kernel-owner@vger.kernel.org>
Date: Sat, 4 Aug 2018 11:07:34 -0700
From: Nathan Chancellor <natechancellor@gmail.com>
To: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Cc: linux-kernel@vger.kernel.org, stable@vger.kernel.org,
        "David S. Miller" <davem@davemloft.net>,
        Herbert Xu <herbert@gondor.apana.org.au>,
        Steffen Klassert <steffen.klassert@secunet.com>,
        netdev@vger.kernel.org, Dmitry Safonov <dima@arista.com>
Subject: Re: [PATCH 4.4 106/124] netlink: Do not subscribe to non-existent
 groups
Message-ID: <20180804180734.GA25546@flashbox>
References: <20180804082702.434482435@linuxfoundation.org>
 <20180804082706.427556290@linuxfoundation.org>
MIME-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
In-Reply-To: <20180804082706.427556290@linuxfoundation.org>
Sender: linux-kernel-owner@vger.kernel.org
List-ID: <stable.vger.kernel.org>

On Sat, Aug 04, 2018 at 11:01:35AM +0200, Greg Kroah-Hartman wrote:
> 4.4-stable review patch.  If anyone has any objections, please let me know.
> 
> ------------------
> 
> From: Dmitry Safonov <dima@arista.com>
> 
> [ Upstream commit 7acf9d4237c46894e0fa0492dd96314a41742e84 ]
> 
> Make ABI more strict about subscribing to group > ngroups.
> Code doesn't check for that and it looks bogus.
> (one can subscribe to non-existing group)
> Still, it's possible to bind() to all possible groups with (-1)
> 
> Cc: "David S. Miller" <davem@davemloft.net>
> Cc: Herbert Xu <herbert@gondor.apana.org.au>
> Cc: Steffen Klassert <steffen.klassert@secunet.com>
> Cc: netdev@vger.kernel.org
> Signed-off-by: Dmitry Safonov <dima@arista.com>
> Signed-off-by: David S. Miller <davem@davemloft.net>
> Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
> ---
>  net/netlink/af_netlink.c |    1 +
>  1 file changed, 1 insertion(+)
> 
> --- a/net/netlink/af_netlink.c
> +++ b/net/netlink/af_netlink.c
> @@ -983,6 +983,7 @@ static int netlink_bind(struct socket *s
>  		if (err)
>  			return err;
>  	}
> +	groups &= (1UL << nlk->ngroups) - 1;
>  
>  	bound = nlk->bound;
>  	if (bound) {
> 
> 

Hi Greg,

I am so sorry I didn't catch this in my initial report but this commit
along with ba7aaf93ef2f ("netlink: Don't shift with UB on nlk->ngroups")
breaks mobile data on both the Pixel 2 XL and OnePlus 6. There is signal
but it just never connects to 3G/LTE. Reverting those two commits fixes
the issue.

Nothing stands out to me in dmesg unfortunately and iven neither device
is running a vanilla kernel, I cannot say if this is a problem in mainline
or not but I just wanted to make you aware of it.

Thanks!
Nathan