redonkable
/
alistair23-linux
1
0
Fork 0
Code Releases Activity
alistair23-linux/net/sched
History
Eric Dumazet 9b60a32108 net_sched: use validated TCA_KIND attribute in tc_new_tfilter() 
[ Upstream commit 36d79af7fb ]

sysbot found another issue in tc_new_tfilter().
We probably should use @name which contains the sanitized
version of TCA_KIND.

BUG: KMSAN: uninit-value in string_nocheck lib/vsprintf.c:608 [inline]
BUG: KMSAN: uninit-value in string+0x522/0x690 lib/vsprintf.c:689
CPU: 1 PID: 10753 Comm: syz-executor.1 Not tainted 5.5.0-rc5-syzkaller #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
Call Trace:
 __dump_stack lib/dump_stack.c:77 [inline]
 dump_stack+0x1c9/0x220 lib/dump_stack.c:118
 kmsan_report+0xf7/0x1e0 mm/kmsan/kmsan_report.c:118
 __msan_warning+0x58/0xa0 mm/kmsan/kmsan_instr.c:215
 string_nocheck lib/vsprintf.c:608 [inline]
 string+0x522/0x690 lib/vsprintf.c:689
 vsnprintf+0x207d/0x31b0 lib/vsprintf.c:2574
 __request_module+0x2ad/0x11c0 kernel/kmod.c:143
 tcf_proto_lookup_ops+0x241/0x720 net/sched/cls_api.c:139
 tcf_proto_create net/sched/cls_api.c:262 [inline]
 tc_new_tfilter+0x2a4e/0x5010 net/sched/cls_api.c:2058
 rtnetlink_rcv_msg+0xcb7/0x1570 net/core/rtnetlink.c:5415
 netlink_rcv_skb+0x451/0x650 net/netlink/af_netlink.c:2477
 rtnetlink_rcv+0x50/0x60 net/core/rtnetlink.c:5442
 netlink_unicast_kernel net/netlink/af_netlink.c:1302 [inline]
 netlink_unicast+0xf9e/0x1100 net/netlink/af_netlink.c:1328
 netlink_sendmsg+0x1248/0x14d0 net/netlink/af_netlink.c:1917
 sock_sendmsg_nosec net/socket.c:639 [inline]
 sock_sendmsg net/socket.c:659 [inline]
 ____sys_sendmsg+0x12b6/0x1350 net/socket.c:2330
 ___sys_sendmsg net/socket.c:2384 [inline]
 __sys_sendmsg+0x451/0x5f0 net/socket.c:2417
 __do_sys_sendmsg net/socket.c:2426 [inline]
 __se_sys_sendmsg+0x97/0xb0 net/socket.c:2424
 __x64_sys_sendmsg+0x4a/0x70 net/socket.c:2424
 do_syscall_64+0xb8/0x160 arch/x86/entry/common.c:296
 entry_SYSCALL_64_after_hwframe+0x44/0xa9
RIP: 0033:0x45b349
Code: ad b6 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b b6 fb ff c3 66 2e 0f 1f 84 00 00 00 00
RSP: 002b:00007f88b3948c78 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
RAX: ffffffffffffffda RBX: 00007f88b39496d4 RCX: 000000000045b349
RDX: 0000000000000000 RSI: 00000000200001c0 RDI: 0000000000000003
RBP: 000000000075bfc8 R08: 0000000000000000 R09: 0000000000000000
R10: 0000000000000000 R11: 0000000000000246 R12: 00000000ffffffff
R13: 000000000000099f R14: 00000000004cb163 R15: 000000000075bfd4

Uninit was created at:
 kmsan_save_stack_with_flags mm/kmsan/kmsan.c:144 [inline]
 kmsan_internal_poison_shadow+0x66/0xd0 mm/kmsan/kmsan.c:127
 kmsan_slab_alloc+0x8a/0xe0 mm/kmsan/kmsan_hooks.c:82
 slab_alloc_node mm/slub.c:2774 [inline]
 __kmalloc_node_track_caller+0xb40/0x1200 mm/slub.c:4382
 __kmalloc_reserve net/core/skbuff.c:141 [inline]
 __alloc_skb+0x2fd/0xac0 net/core/skbuff.c:209
 alloc_skb include/linux/skbuff.h:1049 [inline]
 netlink_alloc_large_skb net/netlink/af_netlink.c:1174 [inline]
 netlink_sendmsg+0x7d3/0x14d0 net/netlink/af_netlink.c:1892
 sock_sendmsg_nosec net/socket.c:639 [inline]
 sock_sendmsg net/socket.c:659 [inline]
 ____sys_sendmsg+0x12b6/0x1350 net/socket.c:2330
 ___sys_sendmsg net/socket.c:2384 [inline]
 __sys_sendmsg+0x451/0x5f0 net/socket.c:2417
 __do_sys_sendmsg net/socket.c:2426 [inline]
 __se_sys_sendmsg+0x97/0xb0 net/socket.c:2424
 __x64_sys_sendmsg+0x4a/0x70 net/socket.c:2424
 do_syscall_64+0xb8/0x160 arch/x86/entry/common.c:296
 entry_SYSCALL_64_after_hwframe+0x44/0xa9

Fixes: 6f96c3c690 ("net_sched: fix backward compatibility for TCA_KIND")
Signed-off-by: Eric Dumazet <edumazet@google.com>
Reported-by: syzbot <syzkaller@googlegroups.com>
Cc: Cong Wang <xiyou.wangcong@gmail.com>
Cc: Marcelo Ricardo Leitner <marcelo.leitner@gmail.com>
Cc: Jamal Hadi Salim <jhs@mojatatu.com>
Cc: Jiri Pirko <jiri@resnulli.us>
Signed-off-by: David S. Miller <davem@davemloft.net>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
 		2020-01-29 16:45:21 +01:00
..
Kconfig net/sched: Set default of CONFIG_NET_TC_SKB_EXT to N 2019-09-27 20:08:28 +02:00
Makefile net/sched: Introduce action ct 2019-07-09 12:11:59 -07:00
act_api.c net: avoid potential infinite loop in tc_ctl_action() 2019-10-15 20:20:22 -07:00
act_bpf.c net_sched: fix a NULL pointer deref in ipt action 2019-08-27 15:05:58 -07:00
act_connmark.c net_sched: fix a NULL pointer deref in ipt action 2019-08-27 15:05:58 -07:00
act_csum.c net_sched: fix a NULL pointer deref in ipt action 2019-08-27 15:05:58 -07:00
act_ct.c act_ct: support asymmetric conntrack 2019-12-18 16:08:59 +01:00
act_ctinfo.c net: sched: act_ctinfo: fix memory leak 2020-01-23 08:22:52 +01:00
act_gact.c net_sched: fix a NULL pointer deref in ipt action 2019-08-27 15:05:58 -07:00
act_ife.c net/sched: act_ife: initalize ife->metalist earlier 2020-01-23 08:22:50 +01:00
act_ipt.c net_sched: fix a NULL pointer deref in ipt action 2019-08-27 15:05:58 -07:00
act_meta_mark.c treewide: Replace GPLv2 boilerplate/reference with SPDX - rule 152 2019-05-30 11:26:32 -07:00
act_meta_skbprio.c treewide: Replace GPLv2 boilerplate/reference with SPDX - rule 152 2019-05-30 11:26:32 -07:00
act_meta_skbtcindex.c treewide: Replace GPLv2 boilerplate/reference with SPDX - rule 152 2019-05-30 11:26:32 -07:00
act_mirred.c net/sched: act_mirred: Pull mac prior redir to non mac_header_xmit device 2020-01-04 19:18:45 +01:00
act_mpls.c net: Fixed updating of ethertype in skb_mpls_push() 2019-12-18 16:08:56 +01:00
act_nat.c net_sched: fix a NULL pointer deref in ipt action 2019-08-27 15:05:58 -07:00
act_pedit.c net/sched: act_pedit: fix WARN() in the traffic path 2019-11-19 18:57:16 -08:00
act_police.c net_sched: act_police: add 2 new attributes to support police 64bit rate and peakrate 2019-09-06 15:02:16 +02:00
act_sample.c net/sched: act_sample: don't push mac header on ip6gre ingress 2019-09-20 17:01:59 -07:00
act_simple.c net_sched: fix a NULL pointer deref in ipt action 2019-08-27 15:05:58 -07:00
act_skbedit.c net_sched: fix a NULL pointer deref in ipt action 2019-08-27 15:05:58 -07:00
act_skbmod.c net_sched: fix a NULL pointer deref in ipt action 2019-08-27 15:05:58 -07:00
act_tunnel_key.c net: sched: ensure opts_len <= IP_TUNNEL_OPTS_MAX in act_tunnel_key 2019-11-18 17:17:07 -08:00
act_vlan.c Merge git://git.kernel.org/pub/scm/linux/kernel/git/netdev/net 2019-09-02 11:20:17 -07:00
cls_api.c net_sched: use validated TCA_KIND attribute in tc_new_tfilter() 2020-01-29 16:45:21 +01:00
cls_basic.c treewide: Replace GPLv2 boilerplate/reference with SPDX - rule 152 2019-05-30 11:26:32 -07:00
cls_bpf.c net: cls_bpf: fix NULL deref on offload filter removal 2019-11-01 15:16:01 -07:00
cls_cgroup.c treewide: Replace GPLv2 boilerplate/reference with SPDX - rule 152 2019-05-30 11:26:32 -07:00
cls_flow.c treewide: Replace GPLv2 boilerplate/reference with SPDX - rule 152 2019-05-30 11:26:32 -07:00
cls_flower.c net/sched: add delete_empty() to filters and use it in cls_flower 2020-01-04 19:18:46 +01:00
cls_fw.c net: sched: remove NET_CLS_IND config option 2019-06-15 14:06:13 -07:00
cls_matchall.c net: sched: cls_matchall: cleanup flow_action before deallocating 2019-08-30 15:12:05 -07:00
cls_route.c treewide: Replace GPLv2 boilerplate/reference with SPDX - rule 152 2019-05-30 11:26:32 -07:00
cls_rsvp.c treewide: Replace GPLv2 boilerplate/reference with SPDX - rule 152 2019-05-30 11:26:32 -07:00
cls_rsvp.h treewide: Replace GPLv2 boilerplate/reference with SPDX - rule 152 2019-05-30 11:26:32 -07:00
cls_rsvp6.c treewide: Replace GPLv2 boilerplate/reference with SPDX - rule 152 2019-05-30 11:26:32 -07:00
cls_tcindex.c treewide: Add SPDX license identifier for more missed files 2019-05-21 10:50:45 +02:00
cls_u32.c net: sched: refactor block offloads counter usage 2019-08-26 14:17:43 -07:00
em_canid.c treewide: Replace GPLv2 boilerplate/reference with SPDX - rule 11 2019-05-21 11:28:45 +02:00
em_cmp.c treewide: Replace GPLv2 boilerplate/reference with SPDX - rule 152 2019-05-30 11:26:32 -07:00
em_ipset.c treewide: Replace GPLv2 boilerplate/reference with SPDX - rule 500 2019-06-19 17:09:55 +02:00
em_ipt.c net: sched: em_ipt: add support for addrtype matching 2019-06-29 11:15:12 -07:00
em_meta.c tcp: annotate sk->sk_wmem_queued lockless reads 2019-10-13 10:13:08 -07:00
em_nbyte.c treewide: Replace GPLv2 boilerplate/reference with SPDX - rule 152 2019-05-30 11:26:32 -07:00
em_text.c treewide: Replace GPLv2 boilerplate/reference with SPDX - rule 152 2019-05-30 11:26:32 -07:00
em_u32.c treewide: Replace GPLv2 boilerplate/reference with SPDX - rule 152 2019-05-30 11:26:32 -07:00
ematch.c net_sched: fix datalen for ematch 2020-01-29 16:45:21 +01:00
sch_api.c net_sched: fix backward compatibility for TCA_KIND 2019-10-08 16:21:58 -07:00
sch_atm.c treewide: Add SPDX license identifier for more missed files 2019-05-21 10:50:45 +02:00
sch_blackhole.c treewide: Replace GPLv2 boilerplate/reference with SPDX - rule 152 2019-05-30 11:26:32 -07:00
sch_cake.c sch_cake: Add missing NLA policy entry TCA_CAKE_SPLIT_GSO 2020-01-17 19:49:02 +01:00
sch_cbq.c sch_cbq: validate TCA_CBQ_WRROPT to avoid crash 2019-09-30 11:07:46 -07:00
sch_cbs.c net: sched: cbs: Avoid division by zero when calculating the port rate 2019-10-01 09:51:39 -07:00
sch_choke.c treewide: Replace GPLv2 boilerplate/reference with SPDX - rule 500 2019-06-19 17:09:55 +02:00
sch_codel.c net: sched: Fix a possible null-pointer dereference in dequeue_func() 2019-07-29 09:46:58 -07:00
sch_drr.c treewide: Replace GPLv2 boilerplate/reference with SPDX - rule 500 2019-06-19 17:09:55 +02:00
sch_dsmark.c sch_dsmark: fix potential NULL deref in dsmark_init() 2019-10-04 18:28:30 -07:00
sch_etf.c sched: etf: Fix ordering of packets with same txtime 2019-10-15 20:32:04 -07:00
sch_fifo.c treewide: Replace GPLv2 boilerplate/reference with SPDX - rule 152 2019-05-30 11:26:32 -07:00
sch_fq.c pkt_sched: fq: do not accept silly TCA_FQ_QUANTUM 2020-01-12 12:21:47 +01:00
sch_fq_codel.c fq_codel: remove set but not used variables 'prev_ecn_mark' and 'prev_drop_count' 2019-08-08 22:32:19 -07:00
sch_generic.c net/sched: annotate lockless accesses to qdisc->empty 2020-01-09 10:20:02 +01:00
sch_gred.c treewide: Replace GPLv2 boilerplate/reference with SPDX - rule 152 2019-05-30 11:26:32 -07:00
sch_hfsc.c netlink: make validation more configurable for future strictness 2019-04-27 17:07:21 -04:00
sch_hhf.c net/flow_dissector: switch to siphash 2019-10-23 20:13:22 -07:00
sch_htb.c net: sched: sch_htb: don't call qdisc_put() while holding tree lock 2019-09-27 12:13:55 +02:00
sch_ingress.c net: flow_offload: rename TCF_BLOCK_BINDER_TYPE_* to FLOW_BLOCK_BINDER_TYPE_* 2019-07-09 14:38:50 -07:00
sch_mq.c net: sched: fix dump qlen for sch_mq/sch_mqprio with NOLOCK subqueues 2019-12-18 16:08:24 +01:00
sch_mqprio.c net: sched: fix dump qlen for sch_mq/sch_mqprio with NOLOCK subqueues 2019-12-18 16:08:24 +01:00
sch_multiq.c net: sched: fix `tc -s class show` no bstats on class with nolock subqueues 2019-12-04 22:30:54 +01:00
sch_netem.c net: netem: correct the parent's backlog when corrupted packet was dropped 2019-10-19 12:12:36 -07:00
sch_pie.c treewide: Replace GPLv2 boilerplate/reference with SPDX - rule 235 2019-06-19 17:09:07 +02:00
sch_plug.c treewide: Replace GPLv2 boilerplate/reference with SPDX - rule 152 2019-05-30 11:26:32 -07:00
sch_prio.c net: sch_prio: When ungrafting, replace with FIFO 2020-01-12 12:21:49 +01:00
sch_qfq.c treewide: Replace GPLv2 boilerplate/reference with SPDX - rule 500 2019-06-19 17:09:55 +02:00
sch_red.c treewide: Replace GPLv2 boilerplate/reference with SPDX - rule 152 2019-05-30 11:26:32 -07:00
sch_sfb.c net/flow_dissector: switch to siphash 2019-10-23 20:13:22 -07:00
sch_sfq.c net/flow_dissector: switch to siphash 2019-10-23 20:13:22 -07:00
sch_skbprio.c treewide: Replace GPLv2 boilerplate/reference with SPDX - rule 152 2019-05-30 11:26:32 -07:00
sch_taprio.c taprio: don't reject same mqprio settings 2019-11-19 15:23:15 -08:00
sch_tbf.c treewide: Replace GPLv2 boilerplate/reference with SPDX - rule 152 2019-05-30 11:26:32 -07:00
sch_teql.c treewide: Replace GPLv2 boilerplate/reference with SPDX - rule 152 2019-05-30 11:26:32 -07:00