From: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
To: stable@vger.kernel.org
Cc: Greg Kroah-Hartman <gregkh@linuxfoundation.org>,
patches@lists.linux.dev, syzbot <syzkaller@googlegroups.com>,
Eric Dumazet <edumazet@google.com>,
"David S. Miller" <davem@davemloft.net>,
Sasha Levin <sashal@kernel.org>
Subject: [PATCH 5.4 38/68] ila: do not generate empty messages in ila_xlat_nl_cmd_get_mapping()
Date: Wed, 15 Mar 2023 13:12:32 +0100 [thread overview]
Message-ID: <20230315115727.603095901@linuxfoundation.org> (raw)
In-Reply-To: <20230315115726.103942885@linuxfoundation.org>
From: Eric Dumazet <edumazet@google.com>
[ Upstream commit 693aa2c0d9b6d5b1f2745d31b6e70d09dbbaf06e ]
ila_xlat_nl_cmd_get_mapping() generates an empty skb,
triggerring a recent sanity check [1].
Instead, return an error code, so that user space
can get it.
[1]
skb_assert_len
WARNING: CPU: 0 PID: 5923 at include/linux/skbuff.h:2527 skb_assert_len include/linux/skbuff.h:2527 [inline]
WARNING: CPU: 0 PID: 5923 at include/linux/skbuff.h:2527 __dev_queue_xmit+0x1bc0/0x3488 net/core/dev.c:4156
Modules linked in:
CPU: 0 PID: 5923 Comm: syz-executor269 Not tainted 6.2.0-syzkaller-18300-g2ebd1fbb946d #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/21/2023
pstate: 60400005 (nZCv daif +PAN -UAO -TCO -DIT -SSBS BTYPE=--)
pc : skb_assert_len include/linux/skbuff.h:2527 [inline]
pc : __dev_queue_xmit+0x1bc0/0x3488 net/core/dev.c:4156
lr : skb_assert_len include/linux/skbuff.h:2527 [inline]
lr : __dev_queue_xmit+0x1bc0/0x3488 net/core/dev.c:4156
sp : ffff80001e0d6c40
x29: ffff80001e0d6e60 x28: dfff800000000000 x27: ffff0000c86328c0
x26: dfff800000000000 x25: ffff0000c8632990 x24: ffff0000c8632a00
x23: 0000000000000000 x22: 1fffe000190c6542 x21: ffff0000c8632a10
x20: ffff0000c8632a00 x19: ffff80001856e000 x18: ffff80001e0d5fc0
x17: 0000000000000000 x16: ffff80001235d16c x15: 0000000000000000
x14: 0000000000000000 x13: 0000000000000001 x12: 0000000000000001
x11: ff80800008353a30 x10: 0000000000000000 x9 : 21567eaf25bfb600
x8 : 21567eaf25bfb600 x7 : 0000000000000001 x6 : 0000000000000001
x5 : ffff80001e0d6558 x4 : ffff800015c74760 x3 : ffff800008596744
x2 : 0000000000000001 x1 : 0000000100000000 x0 : 000000000000000e
Call trace:
skb_assert_len include/linux/skbuff.h:2527 [inline]
__dev_queue_xmit+0x1bc0/0x3488 net/core/dev.c:4156
dev_queue_xmit include/linux/netdevice.h:3033 [inline]
__netlink_deliver_tap_skb net/netlink/af_netlink.c:307 [inline]
__netlink_deliver_tap+0x45c/0x6f8 net/netlink/af_netlink.c:325
netlink_deliver_tap+0xf4/0x174 net/netlink/af_netlink.c:338
__netlink_sendskb net/netlink/af_netlink.c:1283 [inline]
netlink_sendskb+0x6c/0x154 net/netlink/af_netlink.c:1292
netlink_unicast+0x334/0x8d4 net/netlink/af_netlink.c:1380
nlmsg_unicast include/net/netlink.h:1099 [inline]
genlmsg_unicast include/net/genetlink.h:433 [inline]
genlmsg_reply include/net/genetlink.h:443 [inline]
ila_xlat_nl_cmd_get_mapping+0x620/0x7d0 net/ipv6/ila/ila_xlat.c:493
genl_family_rcv_msg_doit net/netlink/genetlink.c:968 [inline]
genl_family_rcv_msg net/netlink/genetlink.c:1048 [inline]
genl_rcv_msg+0x938/0xc1c net/netlink/genetlink.c:1065
netlink_rcv_skb+0x214/0x3c4 net/netlink/af_netlink.c:2574
genl_rcv+0x38/0x50 net/netlink/genetlink.c:1076
netlink_unicast_kernel net/netlink/af_netlink.c:1339 [inline]
netlink_unicast+0x660/0x8d4 net/netlink/af_netlink.c:1365
netlink_sendmsg+0x800/0xae0 net/netlink/af_netlink.c:1942
sock_sendmsg_nosec net/socket.c:714 [inline]
sock_sendmsg net/socket.c:734 [inline]
____sys_sendmsg+0x558/0x844 net/socket.c:2479
___sys_sendmsg net/socket.c:2533 [inline]
__sys_sendmsg+0x26c/0x33c net/socket.c:2562
__do_sys_sendmsg net/socket.c:2571 [inline]
__se_sys_sendmsg net/socket.c:2569 [inline]
__arm64_sys_sendmsg+0x80/0x94 net/socket.c:2569
__invoke_syscall arch/arm64/kernel/syscall.c:38 [inline]
invoke_syscall+0x98/0x2c0 arch/arm64/kernel/syscall.c:52
el0_svc_common+0x138/0x258 arch/arm64/kernel/syscall.c:142
do_el0_svc+0x64/0x198 arch/arm64/kernel/syscall.c:193
el0_svc+0x58/0x168 arch/arm64/kernel/entry-common.c:637
el0t_64_sync_handler+0x84/0xf0 arch/arm64/kernel/entry-common.c:655
el0t_64_sync+0x190/0x194 arch/arm64/kernel/entry.S:591
irq event stamp: 136484
hardirqs last enabled at (136483): [<ffff800008350244>] __up_console_sem+0x60/0xb4 kernel/printk/printk.c:345
hardirqs last disabled at (136484): [<ffff800012358d60>] el1_dbg+0x24/0x80 arch/arm64/kernel/entry-common.c:405
softirqs last enabled at (136418): [<ffff800008020ea8>] softirq_handle_end kernel/softirq.c:414 [inline]
softirqs last enabled at (136418): [<ffff800008020ea8>] __do_softirq+0xd4c/0xfa4 kernel/softirq.c:600
softirqs last disabled at (136371): [<ffff80000802b4a4>] ____do_softirq+0x14/0x20 arch/arm64/kernel/irq.c:80
---[ end trace 0000000000000000 ]---
skb len=0 headroom=0 headlen=0 tailroom=192
mac=(0,0) net=(0,-1) trans=-1
shinfo(txflags=0 nr_frags=0 gso(size=0 type=0 segs=0))
csum(0x0 ip_summed=0 complete_sw=0 valid=0 level=0)
hash(0x0 sw=0 l4=0) proto=0x0010 pkttype=6 iif=0
dev name=nlmon0 feat=0x0000000000005861
Fixes: 7f00feaf1076 ("ila: Add generic ILA translation facility")
Reported-by: syzbot <syzkaller@googlegroups.com>
Signed-off-by: Eric Dumazet <edumazet@google.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
net/ipv6/ila/ila_xlat.c | 1 +
1 file changed, 1 insertion(+)
diff --git a/net/ipv6/ila/ila_xlat.c b/net/ipv6/ila/ila_xlat.c
index 5fc1f4e0c0cf0..10f1367eb4ca0 100644
--- a/net/ipv6/ila/ila_xlat.c
+++ b/net/ipv6/ila/ila_xlat.c
@@ -477,6 +477,7 @@ int ila_xlat_nl_cmd_get_mapping(struct sk_buff *skb, struct genl_info *info)
rcu_read_lock();
+ ret = -ESRCH;
ila = ila_lookup_by_params(&xp, ilan);
if (ila) {
ret = ila_dump_info(ila,
--
2.39.2
next prev parent reply other threads:[~2023-03-15 12:18 UTC|newest]
Thread overview: 79+ messages / expand[flat|nested] mbox.gz Atom feed top
2023-03-15 12:11 [PATCH 5.4 00/68] 5.4.237-rc1 review Greg Kroah-Hartman
2023-03-15 12:11 ` [PATCH 5.4 01/68] fs: prevent out-of-bounds array speculation when closing a file descriptor Greg Kroah-Hartman
2023-03-15 12:11 ` [PATCH 5.4 02/68] x86/CPU/AMD: Disable XSAVES on AMD family 0x17 Greg Kroah-Hartman
2023-10-20 9:41 ` Maciej S. Szmigiero
2023-10-20 13:17 ` Greg Kroah-Hartman
2023-10-20 16:49 ` Maciej S. Szmigiero
2023-03-15 12:11 ` [PATCH 5.4 03/68] drm/connector: print max_requested_bpc in state debugfs Greg Kroah-Hartman
2023-03-15 12:11 ` [PATCH 5.4 04/68] ext4: fix RENAME_WHITEOUT handling for inline directories Greg Kroah-Hartman
2023-03-15 12:11 ` [PATCH 5.4 05/68] ext4: fix another off-by-one fsmap error on 1k block filesystems Greg Kroah-Hartman
2023-03-15 12:12 ` [PATCH 5.4 06/68] ext4: move where set the MAY_INLINE_DATA flag is set Greg Kroah-Hartman
2023-03-15 12:12 ` [PATCH 5.4 07/68] ext4: fix WARNING in ext4_update_inline_data Greg Kroah-Hartman
2023-03-15 12:12 ` [PATCH 5.4 08/68] ext4: zero i_disksize when initializing the bootloader inode Greg Kroah-Hartman
2023-03-15 12:12 ` [PATCH 5.4 09/68] nfc: change order inside nfc_se_io error path Greg Kroah-Hartman
2023-03-15 12:12 ` [PATCH 5.4 10/68] drm/edid: Extract drm_mode_cea_vic() Greg Kroah-Hartman
2023-03-15 12:12 ` [PATCH 5.4 11/68] drm/edid: Fix HDMI VIC handling Greg Kroah-Hartman
2023-03-15 12:12 ` [PATCH 5.4 12/68] drm/edid: Add aspect ratios to HDMI 4K modes Greg Kroah-Hartman
2023-03-15 12:12 ` [PATCH 5.4 13/68] drm/edid: fix AVI infoframe aspect ratio handling Greg Kroah-Hartman
2023-03-15 12:12 ` [PATCH 5.4 14/68] iommu/amd: Add PCI segment support for ivrs_[ioapic/hpet/acpihid] commands Greg Kroah-Hartman
2023-03-15 12:12 ` [PATCH 5.4 15/68] iommu/amd: Fix ill-formed ivrs_ioapic, ivrs_hpet and ivrs_acpihid options Greg Kroah-Hartman
2023-03-15 12:12 ` [PATCH 5.4 16/68] iommu/amd: Add a length limitation for the ivrs_acpihid command-line parameter Greg Kroah-Hartman
2023-03-15 12:12 ` [PATCH 5.4 17/68] ipmi:ssif: make ssif_i2c_send() void Greg Kroah-Hartman
2023-03-15 12:12 ` [PATCH 5.4 18/68] ipmi:ssif: resend_msg() cannot fail Greg Kroah-Hartman
2023-03-15 12:12 ` [PATCH 5.4 19/68] ipmi:ssif: Remove rtc_us_timer Greg Kroah-Hartman
2023-03-15 12:12 ` [PATCH 5.4 20/68] ipmi:ssif: Increase the message retry time Greg Kroah-Hartman
2023-03-15 12:12 ` [PATCH 5.4 21/68] ipmi:ssif: Add a timer between request retries Greg Kroah-Hartman
2023-03-15 12:12 ` [PATCH 5.4 22/68] irqdomain: Change the type of size in __irq_domain_add() to be consistent Greg Kroah-Hartman
2023-03-15 12:12 ` [PATCH 5.4 23/68] irqdomain: Fix domain registration race Greg Kroah-Hartman
2023-03-15 12:12 ` [PATCH 5.4 24/68] iommu/vt-d: Fix PASID directory pointer coherency Greg Kroah-Hartman
2023-03-15 12:12 ` [PATCH 5.4 25/68] ARM: dts: exynos: Override thermal by label in Exynos4210 Greg Kroah-Hartman
2023-03-15 12:12 ` [PATCH 5.4 26/68] ARM: dts: exynos: correct TMU phandle " Greg Kroah-Hartman
2023-03-15 12:12 ` [PATCH 5.4 27/68] ARM: dts: exynos: Override thermal by label in Exynos5250 Greg Kroah-Hartman
2023-03-15 12:12 ` [PATCH 5.4 28/68] ARM: dts: exynos: correct TMU phandle " Greg Kroah-Hartman
2023-03-15 12:12 ` [PATCH 5.4 29/68] ARM: dts: exynos: Add GPU thermal zone cooling maps for Odroid XU3/XU4/HC1 Greg Kroah-Hartman
2023-03-15 12:12 ` [PATCH 5.4 30/68] ARM: dts: exynos: correct TMU phandle in Odroid HC1 Greg Kroah-Hartman
2023-03-15 12:12 ` [PATCH 5.4 31/68] ARM: dts: exynos: correct TMU phandle in Odroid XU3 family Greg Kroah-Hartman
2023-03-15 12:12 ` [PATCH 5.4 32/68] SMB3: Backup intent flag missing from some more ops Greg Kroah-Hartman
2023-03-15 12:12 ` [PATCH 5.4 33/68] cifs: Fix uninitialized memory read in smb3_qfs_tcon() Greg Kroah-Hartman
2023-03-15 12:12 ` [PATCH 5.4 34/68] scsi: core: Remove the /proc/scsi/${proc_name} directory earlier Greg Kroah-Hartman
2023-03-15 12:12 ` [PATCH 5.4 35/68] ext4: Fix possible corruption when moving a directory Greg Kroah-Hartman
2023-03-15 12:12 ` [PATCH 5.4 36/68] drm/msm/a5xx: fix setting of the CP_PREEMPT_ENABLE_LOCAL register Greg Kroah-Hartman
2023-03-15 12:12 ` [PATCH 5.4 37/68] nfc: fdp: add null check of devm_kmalloc_array in fdp_nci_i2c_read_device_properties Greg Kroah-Hartman
2023-03-15 12:12 ` Greg Kroah-Hartman [this message]
2023-03-15 12:12 ` [PATCH 5.4 39/68] selftests: nft_nat: ensuring the listening side is up before starting the client Greg Kroah-Hartman
2023-03-15 12:12 ` [PATCH 5.4 40/68] net: usb: lan78xx: Remove lots of set but unused ret variables Greg Kroah-Hartman
2023-03-15 12:12 ` [PATCH 5.4 41/68] net: lan78xx: fix accessing the LAN7800s internal phy specific registers from the MAC driver Greg Kroah-Hartman
2023-03-15 12:12 ` [PATCH 5.4 42/68] net: caif: Fix use-after-free in cfusbl_device_notify() Greg Kroah-Hartman
2023-03-15 12:12 ` [PATCH 5.4 43/68] bnxt_en: Avoid order-5 memory allocation for TPA data Greg Kroah-Hartman
2023-03-15 12:12 ` [PATCH 5.4 44/68] netfilter: tproxy: fix deadlock due to missing BH disable Greg Kroah-Hartman
2023-03-15 12:12 ` [PATCH 5.4 45/68] btf: fix resolving BTF_KIND_VAR after ARRAY, STRUCT, UNION, PTR Greg Kroah-Hartman
2023-03-15 12:12 ` [PATCH 5.4 46/68] scsi: megaraid_sas: Update max supported LD IDs to 240 Greg Kroah-Hartman
2023-03-15 12:12 ` [PATCH 5.4 47/68] net/smc: fix fallback failed while sendmsg with fastopen Greg Kroah-Hartman
2023-03-15 12:12 ` [PATCH 5.4 48/68] riscv: Use READ_ONCE_NOCHECK in imprecise unwinding stack mode Greg Kroah-Hartman
2023-03-15 12:12 ` [PATCH 5.4 49/68] ext4: Fix deadlock during directory rename Greg Kroah-Hartman
2023-03-15 12:12 ` [PATCH 5.4 50/68] clk: qcom: mmcc-apq8084: remove spdm clocks Greg Kroah-Hartman
2023-03-15 12:12 ` [PATCH 5.4 51/68] MIPS: Fix a compilation issue Greg Kroah-Hartman
2023-03-15 12:12 ` [PATCH 5.4 52/68] powerpc: Check !irq instead of irq == NO_IRQ and remove NO_IRQ Greg Kroah-Hartman
2023-03-15 12:31 ` Christophe Leroy
2023-03-15 12:12 ` [PATCH 5.4 53/68] alpha: fix R_ALPHA_LITERAL reloc for large modules Greg Kroah-Hartman
2023-03-15 12:12 ` [PATCH 5.4 54/68] macintosh: windfarm: Use unsigned type for 1-bit bitfields Greg Kroah-Hartman
2023-03-15 12:12 ` [PATCH 5.4 55/68] PCI: Add SolidRun vendor ID Greg Kroah-Hartman
2023-03-15 12:12 ` [PATCH 5.4 56/68] PCI: Avoid FLR for SolidRun SNET DPU rev 1 Greg Kroah-Hartman
2023-03-15 12:12 ` [PATCH 5.4 57/68] media: ov5640: Fix analogue gain control Greg Kroah-Hartman
2023-03-15 12:12 ` [PATCH 5.4 58/68] ipmi/watchdog: replace atomic_add() and atomic_sub() Greg Kroah-Hartman
2023-03-15 12:12 ` [PATCH 5.4 59/68] ipmi:watchdog: Set panic count to proper value on a panic Greg Kroah-Hartman
2023-03-15 12:12 ` [PATCH 5.4 60/68] drm/i915: Dont use BAR mappings for ring buffers with LLC Greg Kroah-Hartman
2023-03-15 12:12 ` [PATCH 5.4 61/68] x86, vmlinux.lds: Add RUNTIME_DISCARD_EXIT to generic DISCARDS Greg Kroah-Hartman
2023-03-15 12:12 ` [PATCH 5.4 62/68] arch: fix broken BuildID for arm64 and riscv Greg Kroah-Hartman
2023-03-15 12:12 ` [PATCH 5.4 63/68] powerpc/vmlinux.lds: Define RUNTIME_DISCARD_EXIT Greg Kroah-Hartman
2023-03-15 12:12 ` [PATCH 5.4 64/68] powerpc/vmlinux.lds: Dont discard .rela* for relocatable builds Greg Kroah-Hartman
2023-03-15 12:12 ` [PATCH 5.4 65/68] s390: define RUNTIME_DISCARD_EXIT to fix link error with GNU ld < 2.36 Greg Kroah-Hartman
2023-03-15 12:13 ` [PATCH 5.4 66/68] sh: define RUNTIME_DISCARD_EXIT Greg Kroah-Hartman
2023-03-15 12:13 ` [PATCH 5.4 67/68] UML: " Greg Kroah-Hartman
2023-03-15 12:13 ` [PATCH 5.4 68/68] s390/dasd: add missing discipline function Greg Kroah-Hartman
2023-03-15 14:27 ` [PATCH 5.4 00/68] 5.4.237-rc1 review Chris Paterson
2023-03-16 7:49 ` Greg Kroah-Hartman
2023-03-15 14:59 ` Daniel Díaz
2023-03-16 7:54 ` Greg Kroah-Hartman
2023-03-15 19:07 ` Florian Fainelli
2023-03-16 0:01 ` Shuah Khan
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20230315115727.603095901@linuxfoundation.org \
--to=gregkh@linuxfoundation.org \
--cc=davem@davemloft.net \
--cc=edumazet@google.com \
--cc=patches@lists.linux.dev \
--cc=sashal@kernel.org \
--cc=stable@vger.kernel.org \
--cc=syzkaller@googlegroups.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).