system/linux
system/linux
1
0
Fork 0
mirror of https://github.com/torvalds/linux synced 2024-10-15 07:47:34 +00:00
Code Issues Packages Projects Releases Wiki Activity
linux/net
History
Nikolay Aleksandrov 8bd67ebb50 net: bridge: xmit: make sure we have at least eth header len bytes 
syzbot triggered an uninit value[1] error in bridge device's xmit path
by sending a short (less than ETH_HLEN bytes) skb. To fix it check if
we can actually pull that amount instead of assuming.

Tested with dropwatch:
 drop at: br_dev_xmit+0xb93/0x12d0 [bridge] (0xffffffffc06739b3)
 origin: software
 timestamp: Mon May 13 11:31:53 2024 778214037 nsec
 protocol: 0x88a8
 length: 2
 original length: 2
 drop reason: PKT_TOO_SMALL

[1]
BUG: KMSAN: uninit-value in br_dev_xmit+0x61d/0x1cb0 net/bridge/br_device.c:65
 br_dev_xmit+0x61d/0x1cb0 net/bridge/br_device.c:65
 __netdev_start_xmit include/linux/netdevice.h:4903 [inline]
 netdev_start_xmit include/linux/netdevice.h:4917 [inline]
 xmit_one net/core/dev.c:3531 [inline]
 dev_hard_start_xmit+0x247/0xa20 net/core/dev.c:3547
 __dev_queue_xmit+0x34db/0x5350 net/core/dev.c:4341
 dev_queue_xmit include/linux/netdevice.h:3091 [inline]
 __bpf_tx_skb net/core/filter.c:2136 [inline]
 __bpf_redirect_common net/core/filter.c:2180 [inline]
 __bpf_redirect+0x14a6/0x1620 net/core/filter.c:2187
 ____bpf_clone_redirect net/core/filter.c:2460 [inline]
 bpf_clone_redirect+0x328/0x470 net/core/filter.c:2432
 ___bpf_prog_run+0x13fe/0xe0f0 kernel/bpf/core.c:1997
 __bpf_prog_run512+0xb5/0xe0 kernel/bpf/core.c:2238
 bpf_dispatcher_nop_func include/linux/bpf.h:1234 [inline]
 __bpf_prog_run include/linux/filter.h:657 [inline]
 bpf_prog_run include/linux/filter.h:664 [inline]
 bpf_test_run+0x499/0xc30 net/bpf/test_run.c:425
 bpf_prog_test_run_skb+0x14ea/0x1f20 net/bpf/test_run.c:1058
 bpf_prog_test_run+0x6b7/0xad0 kernel/bpf/syscall.c:4269
 __sys_bpf+0x6aa/0xd90 kernel/bpf/syscall.c:5678
 __do_sys_bpf kernel/bpf/syscall.c:5767 [inline]
 __se_sys_bpf kernel/bpf/syscall.c:5765 [inline]
 __x64_sys_bpf+0xa0/0xe0 kernel/bpf/syscall.c:5765
 x64_sys_call+0x96b/0x3b50 arch/x86/include/generated/asm/syscalls_64.h:322
 do_syscall_x64 arch/x86/entry/common.c:52 [inline]
 do_syscall_64+0xcf/0x1e0 arch/x86/entry/common.c:83
 entry_SYSCALL_64_after_hwframe+0x77/0x7f

Fixes: 1da177e4c3 ("Linux-2.6.12-rc2")
Reported-by: syzbot+a63a1f6a062033cf0f40@syzkaller.appspotmail.com
Closes: https://syzkaller.appspot.com/bug?extid=a63a1f6a062033cf0f40
Signed-off-by: Nikolay Aleksandrov <razor@blackwall.org>
Signed-off-by: David S. Miller <davem@davemloft.net>
2024-05-15 11:41:02 +01:00
..
6lowpan
9p
802
8021q net: gro: fix udp bad offset in socket lookup by adding {inner_}network_offset to napi_gro_cb 2024-05-02 11:02:48 +02:00
appletalk appletalk: Improve handling of broadcast packets 2024-05-08 12:17:19 +01:00
atm
ax25 ax25: Fix reference count leak issue of net_device 2024-05-13 16:09:38 -07:00
batman-adv batman-adv: Avoid infinite loop trying to resize local TT 2024-03-29 20:18:43 +01:00
bluetooth Bluetooth: l2cap: fix null-ptr-deref in l2cap_chan_timeout 2024-05-03 13:05:54 -04:00
bpf for-netdev 2024-03-11 18:06:04 -07:00
bridge net: bridge: xmit: make sure we have at least eth header len bytes 2024-05-15 11:41:02 +01:00
caif
can
ceph libceph: init the cursor when preparing sparse read in msgr2 2024-03-06 12:43:01 +01:00
core net: fix out-of-bounds access in ops_init 2024-05-06 13:38:14 +02:00
dcb
dccp Kbuild updates for v6.9 2024-03-21 14:41:00 -07:00
devlink devlink: fix port new reply cmd type 2024-03-19 19:37:57 -07:00
dns_resolver
dsa net: dsa: Leverage core stats allocator 2024-03-07 20:37:13 -08:00
ethernet ethernet: Add helper for assigning packet type when dest address does not match device address 2024-04-25 08:20:54 -07:00
ethtool ethtool: remove ethtool_eee_use_linkmodes 2024-03-06 20:40:20 -08:00
handshake
hsr hsr: Simplify code for announcing HSR nodes timer setup 2024-05-08 18:56:30 -07:00
ieee802154 Merge tag 'ieee802154-for-net-next-2024-03-07' of git://git.kernel.org/pub/scm/linux/kernel/git/wpan/wpan-next 2024-03-08 20:35:33 -08:00
ife
ipv4 netlabel: fix RCU annotation for IPv4 options on socket creation 2024-05-13 14:58:12 -07:00
ipv6 ipv6: sr: fix invalid unregister error path 2024-05-10 19:27:46 -07:00
iucv more s390 updates for 6.9 merge window 2024-03-19 11:38:27 -07:00
kcm net: kcm: fix incorrect parameter validation in the kcm_getsockopt) function 2024-03-11 09:53:22 +00:00
key
l2tp net l2tp: drop flow hash on forward 2024-04-26 13:48:24 +02:00
l3mdev
lapb
llc
mac80211 wifi: mac80211: fix unaligned le16 access 2024-04-19 10:02:27 +02:00
mac802154 mac802154: fix llsec key resources release in mac802154_llsec_key_del 2024-03-06 21:01:26 +01:00
mctp Merge git://git.kernel.org/pub/scm/linux/kernel/git/netdev/net 2024-02-29 14:24:56 -08:00
mpls - Kuan-Wei Chiu has developed the well-named series "lib min_heap: Min 2024-03-14 18:03:09 -07:00
mptcp mptcp: only allow set existing scheduler for net.mptcp.scheduler 2024-05-07 17:23:35 -07:00
ncsi
netfilter netfilter: nf_tables: honor table dormant flag from netdev release event path 2024-04-25 10:42:57 +02:00
netlabel netlabel: fix RCU annotation for IPv4 options on socket creation 2024-05-13 14:58:12 -07:00
netlink net/netlink: Add getsockopt support for NETLINK_LISTEN_ALL_NSID 2024-03-11 15:48:34 -07:00
netrom netrom: Fix data-races around sysctl_net_busy_read 2024-03-07 10:36:58 +01:00
nfc nfc: nci: Fix kcov check in nci_rx_work() 2024-05-07 16:40:06 -07:00
nsh nsh: Restore skb->{protocol,data,mac_header} for outer header in nsh_gso_segment(). 2024-04-26 12:20:01 +02:00
openvswitch net: openvswitch: fix overwriting ct original tuple for ICMPv6 2024-05-10 19:24:07 -07:00
packet Revert "net: Re-use and set mono_delivery_time bit for userspace tstamp packets" 2024-03-18 12:29:53 +00:00
phonet phonet: fix rtm_phonet_notify() skb allocation 2024-05-06 18:30:00 -07:00
psample
qrtr
rds net/rds: fix possible cp null dereference 2024-03-29 12:04:09 -07:00
rfkill
rose
rxrpc rxrpc: Only transmit one ACK per jumbo packet received 2024-05-08 08:05:03 -07:00
sched net/sched: Fix mirred deadlock on device recursion 2024-04-17 18:22:52 -07:00
sctp net: introduce include/net/rps.h 2024-03-07 21:12:43 -08:00
smc net/smc: fix neighbour and rtable leak in smc_ib_find_route() 2024-05-09 10:03:43 +02:00
strparser
sunrpc NFS client bugfixes for Linux 6.9 2024-04-29 12:07:37 -07:00
switchdev
tipc tipc: fix a possible memleak in tipc_buf_append 2024-05-01 18:39:44 -07:00
tls tls: fix lockless read of strp->msg_ready in ->poll 2024-04-25 08:32:37 -07:00
unix af_unix: Fix data races in unix_release_sock/unix_stream_sendmsg 2024-05-10 19:22:26 -07:00
vmw_vsock vsock/virtio: fix packet delivery to tap device 2024-04-02 18:00:24 -07:00
wireless wifi: nl80211: don't free NULL coalescing rule 2024-04-19 10:02:17 +02:00
x25 net/x25: fix incorrect parameter validation in the x25_getsockopt() function 2024-03-11 09:53:22 +00:00
xdp xsk: validate user input for XDP_{UMEM|COMPLETION}_FILL_RING 2024-04-05 22:47:22 -07:00
xfrm xfrm: Preserve vlan tags for transport mode software GRO 2024-04-26 06:44:33 +02:00
compat.c
devres.c
Kconfig
Kconfig.debug
Makefile
socket.c net: remove {revc,send}msg_copy_msghdr() from exports 2024-03-14 16:48:53 -07:00
sysctl_net.c