iv/linux
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
linux/net
History
Eric Dumazet 687775cec0 ax25: fix setsockopt(SO_BINDTODEVICE) 
syzbot was able to trigger this trace [1], probably by using
a zero optlen.

While we are at it, cap optlen to IFNAMSIZ - 1 instead of IFNAMSIZ.

[1]
BUG: KMSAN: uninit-value in strnlen+0xf9/0x170 lib/string.c:569
CPU: 0 PID: 8807 Comm: syz-executor483 Not tainted 5.7.0-rc4-syzkaller #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
Call Trace:
 __dump_stack lib/dump_stack.c:77 [inline]
 dump_stack+0x1c9/0x220 lib/dump_stack.c:118
 kmsan_report+0xf7/0x1e0 mm/kmsan/kmsan_report.c:121
 __msan_warning+0x58/0xa0 mm/kmsan/kmsan_instr.c:215
 strnlen+0xf9/0x170 lib/string.c:569
 dev_name_hash net/core/dev.c:207 [inline]
 netdev_name_node_lookup net/core/dev.c:277 [inline]
 __dev_get_by_name+0x75/0x2b0 net/core/dev.c:778
 ax25_setsockopt+0xfa3/0x1170 net/ax25/af_ax25.c:654
 __compat_sys_setsockopt+0x4ed/0x910 net/compat.c:403
 __do_compat_sys_setsockopt net/compat.c:413 [inline]
 __se_compat_sys_setsockopt+0xdd/0x100 net/compat.c:410
 __ia32_compat_sys_setsockopt+0x62/0x80 net/compat.c:410
 do_syscall_32_irqs_on arch/x86/entry/common.c:339 [inline]
 do_fast_syscall_32+0x3bf/0x6d0 arch/x86/entry/common.c:398
 entry_SYSENTER_compat+0x68/0x77 arch/x86/entry/entry_64_compat.S:139
RIP: 0023:0xf7f57dd9
Code: 90 e8 0b 00 00 00 f3 90 0f ae e8 eb f9 8d 74 26 00 89 3c 24 c3 90 90 90 90 90 90 90 90 90 90 90 90 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 eb 0d 90 90 90 90 90 90 90 90 90 90 90 90
RSP: 002b:00000000ffae8c1c EFLAGS: 00000217 ORIG_RAX: 000000000000016e
RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000000000101
RDX: 0000000000000019 RSI: 0000000020000000 RDI: 0000000000000004
RBP: 0000000000000012 R08: 0000000000000000 R09: 0000000000000000
R10: 0000000000000000 R11: 0000000000000000 R12: 0000000000000000
R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000

Local variable ----devname@ax25_setsockopt created at:
 ax25_setsockopt+0xe6/0x1170 net/ax25/af_ax25.c:536
 ax25_setsockopt+0xe6/0x1170 net/ax25/af_ax25.c:536

Fixes: 1da177e4c3f4 ("Linux-2.6.12-rc2")
Signed-off-by: Eric Dumazet <edumazet@google.com>
Reported-by: syzbot <syzkaller@googlegroups.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
2020-05-20 20:59:07 -07:00
..
6lowpan
9p
9pnet: allow making incomplete read requests
2020-03-27 09:29:56 +00:00
802
net: 802: psnap.c: Use built-in RCU list checking
2020-02-24 13:02:53 -08:00
8021q
net: vlan: suppress "failed to kill vid" warnings
2020-02-17 14:30:54 -08:00
appletalk
atm
atm: fix a memory leak of vcc->user_back
2020-05-04 11:59:38 -07:00
ax25
ax25: fix setsockopt(SO_BINDTODEVICE)
2020-05-20 20:59:07 -07:00
batman-adv
batman-adv: Fix refcnt leak in batadv_v_ogm_process
2020-04-21 10:08:05 +02:00
bluetooth
Bluetooth: L2CAP: Use DEFER_SETUP to group ECRED connections
2020-03-25 22:16:08 +01:00
bpf
bpf: Fix build warning regarding missing prototypes
2020-03-28 18:13:18 +01:00
bpfilter
SPDX patches for 5.7-rc1.
2020-04-03 13:12:26 -07:00
bridge
net: bridge: vlan: Add a schedule point during VLAN processing
2020-04-30 17:45:41 -07:00
caif
net: caif: Add lockdep expression to RCU traversal primitive
2020-03-11 22:55:25 -07:00
can
ceph
libceph: directly skip to the end of redirect reply
2020-03-30 12:42:41 +02:00
core
__netif_receive_skb_core: pass skb by reference
2020-05-19 15:38:00 -07:00
dcb
dccp
Merge git://git.kernel.org/pub/scm/linux/kernel/git/bpf/bpf-next
2020-02-29 15:53:35 -08:00
decnet
Remove DST_HOST
2020-03-23 21:57:44 -07:00
dns_resolver
KEYS: Don't write out to userspace while holding key semaphore
2020-03-29 12:40:41 +01:00
dsa
net: dsa: mt7530: fix roaming from DSA user ports
2020-05-16 13:49:28 -07:00
ethernet
net: remove eth_change_mtu
2020-01-27 11:09:31 +01:00
ethtool
ethtool: provide timestamping information with TSINFO_GET request
2020-03-29 22:32:37 -07:00
hsr
net: hsr: fix incorrect type usage for protocol variable
2020-05-06 15:00:20 -07:00
ieee802154
nl802154: add missing attribute validation for dev_type
2020-03-03 13:28:48 -08:00
ife
ipv4
net: inet_csk: Fix so_reuseport bind-address cache in tb->fast*
2020-05-19 15:36:21 -07:00
ipv6
ipv6: Fix suspicious RCU usage warning in ip6mr
2020-05-16 13:41:53 -07:00
iucv
kcm
net: kcm: kcmproc.c: Fix RCU list suspicious usage warning
2020-03-16 17:14:02 -07:00
key
l2tp
l2tp: Allow management of tunnels and session in user namespace
2020-04-08 14:30:46 -07:00
l3mdev
lapb
llc
af_llc: fix if-statement empty body warning
2020-02-26 20:38:13 -08:00
mac80211
mac80211: sta_info: Add lockdep condition for RCU list usage
2020-04-24 11:31:20 +02:00
mac802154
mpls
net: add net available in build_state
2020-03-29 22:30:57 -07:00
mptcp
mptcp: use rightmost 64 bits in ADD_ADDR HMAC
2020-05-19 12:35:51 -07:00
ncsi
net/ncsi: Support for multi host mellanox card
2020-01-09 18:36:22 -08:00
netfilter
netfilter: nft_set_rbtree: Add missing expired checks
2020-05-12 13:19:34 +02:00
netlabel
netlabel: cope with NULL catmap
2020-05-12 18:12:40 -07:00
netlink
Merge git://git.kernel.org/pub/scm/linux/kernel/git/netdev/net
2020-03-25 18:58:11 -07:00
netrom
net: netrom: Fix potential nr_neigh refcnt leak in nr_add_node
2020-04-18 13:09:46 -07:00
nfc
Merge git://git.kernel.org/pub/scm/linux/kernel/git/netdev/net
2020-03-12 22:34:48 -07:00
nsh
openvswitch
net: openvswitch: ovs_ct_exit to be done under ovs_lock
2020-04-20 10:53:54 -07:00
packet
net/packet: tpacket_rcv: avoid a producer race condition
2020-03-15 00:25:25 -07:00
phonet
net: Remove redundant BUG_ON() check in phonet_pernet
2020-01-03 12:25:50 -08:00
psample
qrtr
net: qrtr: send msgs from local of same id as broadcast
2020-04-09 10:08:31 -07:00
rds
net/rds: Use ERR_PTR for rds_message_alloc_sgs()
2020-04-15 12:33:29 -07:00
rfkill
rose
Merge git://git.kernel.org/pub/scm/linux/kernel/git/netdev/net
2020-01-26 10:40:21 +01:00
rxrpc
rxrpc: Fix DATA Tx to disable nofrag for UDP on AF_INET6 socket
2020-04-14 16:26:47 -07:00
sched
net: flow_offload: skip hw stats check for FLOW_ACTION_HW_STATS_DONT_CARE
2020-05-06 20:13:10 -07:00
sctp
sctp: Don't add the shutdown timer if its already been added
2020-05-19 15:46:52 -07:00
smc
Merge git://git.kernel.org/pub/scm/linux/kernel/git/netdev/net
2020-03-12 22:34:48 -07:00
strparser
sunrpc
Fixes:
2020-05-11 12:04:52 -07:00
switchdev
net: switchdev: do not propagate bridge updates across bridges
2020-02-26 20:58:33 -08:00
tipc
tipc: fix failed service subscription deletion
2020-05-13 12:33:19 -07:00
tls
net/tls: Fix sk_psock refcnt leak when in tls_data_ready()
2020-04-27 11:22:38 -07:00
unix
net: datagram: drop 'destructor' argument from several helpers
2020-02-28 12:12:53 -08:00
vmw_vsock
vsock/virtio: fix multiple packet delivery to monitoring devices
2020-04-27 10:18:01 -07:00
wimax
wireless
nl80211: fix NL80211_ATTR_FTM_RESPONDER policy
2020-04-14 12:28:48 +02:00
x25
net/x25: Fix null-ptr-deref in x25_disconnect
2020-04-28 14:08:59 -07:00
xdp
xsk: Add missing check on user supplied headroom size
2020-04-15 13:07:18 +02:00
xfrm
Merge branch 'master' of git://git.kernel.org/pub/scm/linux/kernel/git/klassert/ipsec-next
2020-03-30 10:59:20 -07:00
compat.c
net: abstract out normal and compat msghdr import
2020-03-10 09:12:49 -06:00
Kconfig
net: Fix CONFIG_NET_CLS_ACT=n and CONFIG_NFT_FWD_NETDEV={y, m} build
2020-03-25 12:24:33 -07:00
Makefile
mptcp: Add MPTCP socket stubs
2020-01-24 13:44:07 +01:00
socket.c
for-5.7/io_uring-2020-03-29
2020-03-30 12:18:49 -07:00
sysctl_net.c