iv/linux
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
linux/net/ipv6
History
Yue Haibing 30e0191b16 ip6mr: Fix skb_under_panic in ip6mr_cache_report() 
skbuff: skb_under_panic: text:ffffffff88771f69 len:56 put:-4
 head:ffff88805f86a800 data:ffff887f5f86a850 tail:0x88 end:0x2c0 dev:pim6reg
 ------------[ cut here ]------------
 kernel BUG at net/core/skbuff.c:192!
 invalid opcode: 0000 [#1] PREEMPT SMP KASAN
 CPU: 2 PID: 22968 Comm: kworker/2:11 Not tainted 6.5.0-rc3-00044-g0a8db05b571a #236
 Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.15.0-1 04/01/2014
 Workqueue: ipv6_addrconf addrconf_dad_work
 RIP: 0010:skb_panic+0x152/0x1d0
 Call Trace:
  <TASK>
  skb_push+0xc4/0xe0
  ip6mr_cache_report+0xd69/0x19b0
  reg_vif_xmit+0x406/0x690
  dev_hard_start_xmit+0x17e/0x6e0
  __dev_queue_xmit+0x2d6a/0x3d20
  vlan_dev_hard_start_xmit+0x3ab/0x5c0
  dev_hard_start_xmit+0x17e/0x6e0
  __dev_queue_xmit+0x2d6a/0x3d20
  neigh_connected_output+0x3ed/0x570
  ip6_finish_output2+0x5b5/0x1950
  ip6_finish_output+0x693/0x11c0
  ip6_output+0x24b/0x880
  NF_HOOK.constprop.0+0xfd/0x530
  ndisc_send_skb+0x9db/0x1400
  ndisc_send_rs+0x12a/0x6c0
  addrconf_dad_completed+0x3c9/0xea0
  addrconf_dad_work+0x849/0x1420
  process_one_work+0xa22/0x16e0
  worker_thread+0x679/0x10c0
  ret_from_fork+0x28/0x60
  ret_from_fork_asm+0x11/0x20

When setup a vlan device on dev pim6reg, DAD ns packet may sent on reg_vif_xmit().
reg_vif_xmit()
    ip6mr_cache_report()
        skb_push(skb, -skb_network_offset(pkt));//skb_network_offset(pkt) is 4
And skb_push declared as:
	void *skb_push(struct sk_buff *skb, unsigned int len);
		skb->data -= len;
		//0xffff88805f86a84c - 0xfffffffc = 0xffff887f5f86a850
skb->data is set to 0xffff887f5f86a850, which is invalid mem addr, lead to skb_push() fails.

Fixes: 14fb64e1f449 ("[IPV6] MROUTE: Support PIM-SM (SSM).")
Signed-off-by: Yue Haibing <yuehaibing@huawei.com>
Reviewed-by: Eric Dumazet <edumazet@google.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
2023-08-02 10:35:21 +01:00
..
ila
ila: do not generate empty messages in ila_xlat_nl_cmd_get_mapping()
2023-03-01 08:48:46 +00:00
netfilter
Revert "net: Remove low_thresh in ip defrag"
2023-05-16 20:46:30 -07:00
addrconf_core.c
net: rename reference+tracking helpers
2022-06-09 21:52:55 -07:00
addrconf.c
ipv6 addrconf: fix bug where deleting a mngtmpaddr can create a new temporary address
2023-07-24 15:51:21 -07:00
addrlabel.c
ipv6: addrlabel: fix infoleak when sending struct ifaddrlblmsg to network
2022-11-07 12:26:15 +00:00
af_inet6.c
sock: Remove ->sendpage*() in favour of sendmsg(MSG_SPLICE_PAGES)
2023-06-24 15:50:13 -07:00
ah6.c
net: ipv6: Remove completion function scaffolding
2023-02-13 18:35:15 +08:00
anycast.c
calipso.c
cipso,calipso: resolve a number of problems with the DOI refcounts
2021-03-04 15:26:57 -08:00
datagram.c
ipv6: Fix datagram socket connection with DSCP.
2023-02-09 22:49:04 -08:00
esp6_offload.c
Merge git://git.kernel.org/pub/scm/linux/kernel/git/netdev/net
2023-06-22 18:40:38 -07:00
esp6.c
net: ipv6: Remove completion function scaffolding
2023-02-13 18:35:15 +08:00
exthdrs_core.c
ipv6: Fix out-of-bounds access in ipv6_find_tlv()
2023-05-24 08:43:39 +01:00
exthdrs_offload.c
exthdrs.c
ipv6: exthdrs: Remove redundant skb_headlen() check in ip6_parse_tlv().
2023-06-19 11:32:58 -07:00
fib6_notifier.c
fib6_rules.c
ipv6: change fib6_rules_net_exit() to batch mode
2022-02-08 20:41:34 -08:00
fou6.c
icmp.c
icmp6: Fix null-ptr-deref of ip6_null_entry->rt6i_idev in icmp6_dev().
2023-07-08 10:08:54 +01:00
inet6_connection_sock.c
net: annotate lockless accesses to sk->sk_err_soft
2023-03-17 08:25:05 +00:00
inet6_hashtables.c
tcp: Access &tcp_hashinfo via net.
2022-09-20 10:21:49 -07:00
ioam6_iptunnel.c
ipv6: ioam: Insertion frequency in lwtunnel output
2022-02-04 20:24:45 -08:00
ioam6.c
genetlink: start to validate reserved header bytes
2022-08-29 12:47:15 +01:00
ip6_checksum.c
ip6_fib.c
ipv6: remove nexthop_fib6_nh_bh()
2023-05-11 18:07:05 -07:00
ip6_flowlabel.c
ipv6: flowlabel: do not disable BH where not needed
2023-03-21 21:32:18 -07:00
ip6_gre.c
net:ipv6: check return value of pskb_trim()
2023-07-19 12:25:58 +01:00
ip6_icmp.c
net: icmp: pass zeroed opts from icmp{,v6}_ndo_send before sending
2021-02-23 11:29:52 -08:00
ip6_input.c
netfilter: keep conntrack reference until IPsecv6 policy checks are done
2023-03-22 21:50:23 +01:00
ip6_offload.c
net: move gso declarations and functions to their own files
2023-06-10 00:11:41 -07:00
ip6_offload.h
ip6_output.c
ip, ip6: Fix splice to raw and ping sockets
2023-06-16 11:45:16 -07:00
ip6_tunnel.c
net: tunnels: annotate lockless accesses to dev->needed_headroom
2023-03-15 00:04:04 -07:00
ip6_udp_tunnel.c
ip6_vti.c
ipv6: tunnels: use DEV_STATS_INC()
2022-11-16 12:48:44 +00:00
ip6mr.c
ip6mr: Fix skb_under_panic in ip6mr_cache_report()
2023-08-02 10:35:21 +01:00
ipcomp6.c
xfrm: ipcomp: add extack to ipcomp{4,6}_init_state
2022-09-29 07:18:00 +02:00
ipv6_sockglue.c
net/ipv6: Initialise msg_control_is_user
2023-04-14 11:09:27 +01:00
Kconfig
crypto: lib - make the sha1 library optional
2022-07-15 16:43:59 +08:00
Makefile
net: ipv6: use ipv6-y directly instead of ipv6-objs
2021-09-28 13:13:40 +01:00
mcast_snoop.c
net: bridge: mcast: fix broken length + header check for MRDv6 Adv.
2021-04-27 14:02:06 -07:00
mcast.c
ipv6: constify inet6_mc_check()
2023-03-17 08:56:37 +00:00
mip6.c
xfrm: mip6: add extack to mip6_destopt_init_state, mip6_rthdr_init_state
2022-09-29 07:18:01 +02:00
ndisc.c
neighbour: annotate lockless accesses to n->nud_state
2023-03-15 00:37:32 -07:00
netfilter.c
netfilter: Use l3mdev flow key when re-routing mangled packets
2022-05-16 13:03:29 +02:00
output_core.c
treewide: use get_random_u32_{above,below}() instead of manual loop
2022-11-18 02:15:22 +01:00
ping.c
net: annotate data-races around sk->sk_mark
2023-07-29 18:13:41 +01:00
proc.c
icmp: Add counters for rate limits
2023-01-26 10:52:18 +01:00
protocol.c
raw.c
net: annotate data-races around sk->sk_priority
2023-07-29 18:13:41 +01:00
reassembly.c
Revert "net: Remove low_thresh in ip defrag"
2023-05-16 20:46:30 -07:00
route.c
net: annotate data-races around sk->sk_mark
2023-07-29 18:13:41 +01:00
rpl_iptunnel.c
net: ipv6: rpl_iptunnel: Replace 0-length arrays with flexible arrays
2023-01-06 19:28:01 -08:00
rpl.c
ipv6: rpl: Remove pskb(_may)?_pull() in ipv6_rpl_srh_rcv().
2023-06-19 11:32:58 -07:00
seg6_hmac.c
net: ipv6: unexport __init-annotated seg6_hmac_net_init()
2022-06-28 21:23:30 -07:00
seg6_iptunnel.c
seg6: Cleanup duplicates of skb_dst_drop calls
2023-05-17 09:05:47 +01:00
seg6_local.c
seg6: add PSP flavor support for SRv6 End behavior
2023-02-16 13:18:06 +01:00
seg6.c
Merge git://git.kernel.org/pub/scm/linux/kernel/git/netdev/net
2022-09-08 18:38:30 +02:00
sit.c
sit: update dev->needed_headroom in ipip6_tunnel_bind_dev()
2023-04-28 09:48:14 +01:00
syncookies.c
tcp: Fix data-races around sysctl_tcp_syncookies.
2022-07-18 12:21:54 +01:00
sysctl_net_ipv6.c
net: sysctl: introduce sysctl SYSCTL_THREE
2022-05-03 10:15:06 +02:00
tcp_ipv6.c
net: annotate data-races around sk->sk_priority
2023-07-29 18:13:41 +01:00
tcpv6_offload.c
net: Make gro complete function to return void
2023-05-31 09:50:17 +01:00
tunnel6.c
udp_impl.h
tcp/udp: Call inet6_destroy_sock() in IPv6 sk->sk_destruct().
2022-10-12 17:50:37 -07:00
udp_offload.c
net: gro: fix misuse of CB in udp socket lookup
2023-07-29 17:10:27 +01:00
udp.c
net: annotate data-races around sk->sk_mark
2023-07-29 18:13:41 +01:00
udplite.c
udplite: Print deprecation notice.
2023-06-15 15:08:58 -07:00
xfrm6_input.c
xfrm: fix inbound ipv4/udp/esp packets to UDPv6 dualstack sockets
2023-06-09 08:16:34 +02:00
xfrm6_output.c
xfrm: fix tunnel model fragmentation behavior
2022-03-01 12:08:40 +01:00
xfrm6_policy.c
net: dst: fix missing initialization of rt_uncached
2023-04-21 20:26:56 -07:00
xfrm6_protocol.c
xfrm6_state.c
xfrm6_tunnel.c
xfrm: tunnel: add extack to ipip_init_state, xfrm6_tunnel_init_state
2022-09-29 07:18:00 +02:00