* [PATCH net 0/2] net: bridge: br_get_linkxstats_size() fixes
@ 2021-10-05 1:05 Eric Dumazet
2021-10-05 1:05 ` [PATCH net 1/2] net: bridge: use nla_total_size_64bit() in br_get_linkxstats_size() Eric Dumazet
` (2 more replies)
0 siblings, 3 replies; 6+ messages in thread
From: Eric Dumazet @ 2021-10-05 1:05 UTC (permalink / raw)
To: David S . Miller, Jakub Kicinski; +Cc: netdev, Eric Dumazet, Eric Dumazet
From: Eric Dumazet <edumazet@google.com>
This patch series attempts to fix the following syzbot report.
WARNING: CPU: 1 PID: 21425 at net/core/rtnetlink.c:5388 rtnl_stats_get+0x80f/0x8c0 net/core/rtnetlink.c:5388
Modules linked in:
CPU: 1 PID: 21425 Comm: syz-executor394 Not tainted 5.13.0-rc4-syzkaller #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
RIP: 0010:rtnl_stats_get+0x80f/0x8c0 net/core/rtnetlink.c:5388
Code: e9 9c fc ff ff 4c 89 e7 89 0c 24 e8 ab 8b a8 fa 8b 0c 24 e9 bc fc ff ff 4c 89 e7 e8 9b 8b a8 fa e9 df fe ff ff e8 61 85 63 fa <0f> 0b e9 f7 fc ff ff 41 be ea ff ff ff e9 f9 fc ff ff 41 be 97 ff
RSP: 0018:ffffc9000cf77688 EFLAGS: 00010293
RAX: 0000000000000000 RBX: 000000000000012c RCX: 0000000000000000
RDX: ffff8880211754c0 RSI: ffffffff8711571f RDI: 0000000000000003
RBP: ffff8880175aa780 R08: 00000000ffffffa6 R09: ffff88823bd5c04f
R10: ffffffff87115413 R11: 0000000000000001 R12: ffff8880175aab74
R13: ffff8880175aab40 R14: 00000000ffffffa6 R15: 0000000000000006
FS: 0000000001ff9300(0000) GS:ffff8880b9c00000(0000) knlGS:0000000000000000
CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 00000000005cfd58 CR3: 000000002cd43000 CR4: 00000000001506f0
DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
Call Trace:
rtnetlink_rcv_msg+0x44e/0xad0 net/core/rtnetlink.c:5562
netlink_rcv_skb+0x153/0x420 net/netlink/af_netlink.c:2504
netlink_unicast_kernel net/netlink/af_netlink.c:1314 [inline]
netlink_unicast+0x533/0x7d0 net/netlink/af_netlink.c:1340
netlink_sendmsg+0x856/0xd90 net/netlink/af_netlink.c:1929
sock_sendmsg_nosec net/socket.c:654 [inline]
sock_sendmsg+0xcf/0x120 net/socket.c:674
____sys_sendmsg+0x6e8/0x810 net/socket.c:2350
___sys_sendmsg+0xf3/0x170 net/socket.c:2404
__sys_sendmsg+0xe5/0x1b0 net/socket.c:2433
do_syscall_64+0x3a/0xb0 arch/x86/entry/common.c:47
entry_SYSCALL_64_after_hwframe+0x44/0xae
RIP: 0033:0x4440d9
Eric Dumazet (2):
net: bridge: use nla_total_size_64bit() in br_get_linkxstats_size()
net: bridge: fix under estimation in br_get_linkxstats_size()
net/bridge/br_netlink.c | 3 ++-
1 file changed, 2 insertions(+), 1 deletion(-)
--
2.33.0.800.g4c38ced690-goog
^ permalink raw reply [flat|nested] 6+ messages in thread
* [PATCH net 1/2] net: bridge: use nla_total_size_64bit() in br_get_linkxstats_size()
2021-10-05 1:05 [PATCH net 0/2] net: bridge: br_get_linkxstats_size() fixes Eric Dumazet
@ 2021-10-05 1:05 ` Eric Dumazet
2021-10-05 9:03 ` Nikolay Aleksandrov
2021-10-05 1:05 ` [PATCH net 2/2] net: bridge: fix under estimation " Eric Dumazet
2021-10-05 11:50 ` [PATCH net 0/2] net: bridge: br_get_linkxstats_size() fixes patchwork-bot+netdevbpf
2 siblings, 1 reply; 6+ messages in thread
From: Eric Dumazet @ 2021-10-05 1:05 UTC (permalink / raw)
To: David S . Miller, Jakub Kicinski
Cc: netdev, Eric Dumazet, Eric Dumazet, Nikolay Aleksandrov, Vivien Didelot
From: Eric Dumazet <edumazet@google.com>
bridge_fill_linkxstats() is using nla_reserve_64bit().
We must use nla_total_size_64bit() instead of nla_total_size()
for corresponding data structure.
Fixes: 1080ab95e3c7 ("net: bridge: add support for IGMP/MLD stats and export them via netlink")
Signed-off-by: Eric Dumazet <edumazet@google.com>
Cc: Nikolay Aleksandrov <nikolay@nvidia.com>
Cc: Vivien Didelot <vivien.didelot@gmail.com>
---
net/bridge/br_netlink.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/net/bridge/br_netlink.c b/net/bridge/br_netlink.c
index 6c58fc14d2cb2de8bcd8364fc5e766247aba2e97..29b8f6373fb925d48ce876dcda7fccc10539240a 100644
--- a/net/bridge/br_netlink.c
+++ b/net/bridge/br_netlink.c
@@ -1666,7 +1666,7 @@ static size_t br_get_linkxstats_size(const struct net_device *dev, int attr)
}
return numvls * nla_total_size(sizeof(struct bridge_vlan_xstats)) +
- nla_total_size(sizeof(struct br_mcast_stats)) +
+ nla_total_size_64bit(sizeof(struct br_mcast_stats)) +
nla_total_size(0);
}
--
2.33.0.800.g4c38ced690-goog
^ permalink raw reply related [flat|nested] 6+ messages in thread
* [PATCH net 2/2] net: bridge: fix under estimation in br_get_linkxstats_size()
2021-10-05 1:05 [PATCH net 0/2] net: bridge: br_get_linkxstats_size() fixes Eric Dumazet
2021-10-05 1:05 ` [PATCH net 1/2] net: bridge: use nla_total_size_64bit() in br_get_linkxstats_size() Eric Dumazet
@ 2021-10-05 1:05 ` Eric Dumazet
2021-10-05 9:04 ` Nikolay Aleksandrov
2021-10-05 11:50 ` [PATCH net 0/2] net: bridge: br_get_linkxstats_size() fixes patchwork-bot+netdevbpf
2 siblings, 1 reply; 6+ messages in thread
From: Eric Dumazet @ 2021-10-05 1:05 UTC (permalink / raw)
To: David S . Miller, Jakub Kicinski
Cc: netdev, Eric Dumazet, Eric Dumazet, Vivien Didelot, Nikolay Aleksandrov
From: Eric Dumazet <edumazet@google.com>
Commit de1799667b00 ("net: bridge: add STP xstats")
added an additional nla_reserve_64bit() in br_fill_linkxstats(),
but forgot to update br_get_linkxstats_size() accordingly.
This can trigger the following in rtnl_stats_get()
WARN_ON(err == -EMSGSIZE);
Fixes: de1799667b00 ("net: bridge: add STP xstats")
Signed-off-by: Eric Dumazet <edumazet@google.com>
Cc: Vivien Didelot <vivien.didelot@gmail.com>
Cc: Nikolay Aleksandrov <nikolay@nvidia.com>
---
net/bridge/br_netlink.c | 1 +
1 file changed, 1 insertion(+)
diff --git a/net/bridge/br_netlink.c b/net/bridge/br_netlink.c
index 29b8f6373fb925d48ce876dcda7fccc10539240a..5c6c4305ed235891b2ed5c5a17eb8382f2aec1a0 100644
--- a/net/bridge/br_netlink.c
+++ b/net/bridge/br_netlink.c
@@ -1667,6 +1667,7 @@ static size_t br_get_linkxstats_size(const struct net_device *dev, int attr)
return numvls * nla_total_size(sizeof(struct bridge_vlan_xstats)) +
nla_total_size_64bit(sizeof(struct br_mcast_stats)) +
+ (p ? nla_total_size_64bit(sizeof(p->stp_xstats)) : 0) +
nla_total_size(0);
}
--
2.33.0.800.g4c38ced690-goog
^ permalink raw reply related [flat|nested] 6+ messages in thread
* Re: [PATCH net 1/2] net: bridge: use nla_total_size_64bit() in br_get_linkxstats_size()
2021-10-05 1:05 ` [PATCH net 1/2] net: bridge: use nla_total_size_64bit() in br_get_linkxstats_size() Eric Dumazet
@ 2021-10-05 9:03 ` Nikolay Aleksandrov
0 siblings, 0 replies; 6+ messages in thread
From: Nikolay Aleksandrov @ 2021-10-05 9:03 UTC (permalink / raw)
To: Eric Dumazet, David S . Miller, Jakub Kicinski
Cc: netdev, Eric Dumazet, Vivien Didelot
On 05/10/2021 04:05, Eric Dumazet wrote:
> From: Eric Dumazet <edumazet@google.com>
>
> bridge_fill_linkxstats() is using nla_reserve_64bit().
>
> We must use nla_total_size_64bit() instead of nla_total_size()
> for corresponding data structure.
>
> Fixes: 1080ab95e3c7 ("net: bridge: add support for IGMP/MLD stats and export them via netlink")
> Signed-off-by: Eric Dumazet <edumazet@google.com>
> Cc: Nikolay Aleksandrov <nikolay@nvidia.com>
> Cc: Vivien Didelot <vivien.didelot@gmail.com>
> ---
> net/bridge/br_netlink.c | 2 +-
> 1 file changed, 1 insertion(+), 1 deletion(-)
>
> diff --git a/net/bridge/br_netlink.c b/net/bridge/br_netlink.c
> index 6c58fc14d2cb2de8bcd8364fc5e766247aba2e97..29b8f6373fb925d48ce876dcda7fccc10539240a 100644
> --- a/net/bridge/br_netlink.c
> +++ b/net/bridge/br_netlink.c
> @@ -1666,7 +1666,7 @@ static size_t br_get_linkxstats_size(const struct net_device *dev, int attr)
> }
>
> return numvls * nla_total_size(sizeof(struct bridge_vlan_xstats)) +
> - nla_total_size(sizeof(struct br_mcast_stats)) +
> + nla_total_size_64bit(sizeof(struct br_mcast_stats)) +
> nla_total_size(0);
> }
>
>
Good catch. Thanks,
Acked-by: Nikolay Aleksandrov <nikolay@nvidia.com>
^ permalink raw reply [flat|nested] 6+ messages in thread
* Re: [PATCH net 2/2] net: bridge: fix under estimation in br_get_linkxstats_size()
2021-10-05 1:05 ` [PATCH net 2/2] net: bridge: fix under estimation " Eric Dumazet
@ 2021-10-05 9:04 ` Nikolay Aleksandrov
0 siblings, 0 replies; 6+ messages in thread
From: Nikolay Aleksandrov @ 2021-10-05 9:04 UTC (permalink / raw)
To: Eric Dumazet, David S . Miller, Jakub Kicinski
Cc: netdev, Eric Dumazet, Vivien Didelot
On 05/10/2021 04:05, Eric Dumazet wrote:
> From: Eric Dumazet <edumazet@google.com>
>
> Commit de1799667b00 ("net: bridge: add STP xstats")
> added an additional nla_reserve_64bit() in br_fill_linkxstats(),
> but forgot to update br_get_linkxstats_size() accordingly.
>
> This can trigger the following in rtnl_stats_get()
>
> WARN_ON(err == -EMSGSIZE);
>
> Fixes: de1799667b00 ("net: bridge: add STP xstats")
> Signed-off-by: Eric Dumazet <edumazet@google.com>
> Cc: Vivien Didelot <vivien.didelot@gmail.com>
> Cc: Nikolay Aleksandrov <nikolay@nvidia.com>
> ---
> net/bridge/br_netlink.c | 1 +
> 1 file changed, 1 insertion(+)
>
> diff --git a/net/bridge/br_netlink.c b/net/bridge/br_netlink.c
> index 29b8f6373fb925d48ce876dcda7fccc10539240a..5c6c4305ed235891b2ed5c5a17eb8382f2aec1a0 100644
> --- a/net/bridge/br_netlink.c
> +++ b/net/bridge/br_netlink.c
> @@ -1667,6 +1667,7 @@ static size_t br_get_linkxstats_size(const struct net_device *dev, int attr)
>
> return numvls * nla_total_size(sizeof(struct bridge_vlan_xstats)) +
> nla_total_size_64bit(sizeof(struct br_mcast_stats)) +
> + (p ? nla_total_size_64bit(sizeof(p->stp_xstats)) : 0) +
> nla_total_size(0);
> }
>
>
Acked-by: Nikolay Aleksandrov <nikolay@nvidia.com>
^ permalink raw reply [flat|nested] 6+ messages in thread
* Re: [PATCH net 0/2] net: bridge: br_get_linkxstats_size() fixes
2021-10-05 1:05 [PATCH net 0/2] net: bridge: br_get_linkxstats_size() fixes Eric Dumazet
2021-10-05 1:05 ` [PATCH net 1/2] net: bridge: use nla_total_size_64bit() in br_get_linkxstats_size() Eric Dumazet
2021-10-05 1:05 ` [PATCH net 2/2] net: bridge: fix under estimation " Eric Dumazet
@ 2021-10-05 11:50 ` patchwork-bot+netdevbpf
2 siblings, 0 replies; 6+ messages in thread
From: patchwork-bot+netdevbpf @ 2021-10-05 11:50 UTC (permalink / raw)
To: Eric Dumazet; +Cc: davem, kuba, netdev, edumazet
Hello:
This series was applied to netdev/net.git (refs/heads/master):
On Mon, 4 Oct 2021 18:05:06 -0700 you wrote:
> From: Eric Dumazet <edumazet@google.com>
>
> This patch series attempts to fix the following syzbot report.
>
> WARNING: CPU: 1 PID: 21425 at net/core/rtnetlink.c:5388 rtnl_stats_get+0x80f/0x8c0 net/core/rtnetlink.c:5388
> Modules linked in:
> CPU: 1 PID: 21425 Comm: syz-executor394 Not tainted 5.13.0-rc4-syzkaller #0
> Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
> RIP: 0010:rtnl_stats_get+0x80f/0x8c0 net/core/rtnetlink.c:5388
> Code: e9 9c fc ff ff 4c 89 e7 89 0c 24 e8 ab 8b a8 fa 8b 0c 24 e9 bc fc ff ff 4c 89 e7 e8 9b 8b a8 fa e9 df fe ff ff e8 61 85 63 fa <0f> 0b e9 f7 fc ff ff 41 be ea ff ff ff e9 f9 fc ff ff 41 be 97 ff
> RSP: 0018:ffffc9000cf77688 EFLAGS: 00010293
> RAX: 0000000000000000 RBX: 000000000000012c RCX: 0000000000000000
> RDX: ffff8880211754c0 RSI: ffffffff8711571f RDI: 0000000000000003
> RBP: ffff8880175aa780 R08: 00000000ffffffa6 R09: ffff88823bd5c04f
> R10: ffffffff87115413 R11: 0000000000000001 R12: ffff8880175aab74
> R13: ffff8880175aab40 R14: 00000000ffffffa6 R15: 0000000000000006
> FS: 0000000001ff9300(0000) GS:ffff8880b9c00000(0000) knlGS:0000000000000000
> CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
> CR2: 00000000005cfd58 CR3: 000000002cd43000 CR4: 00000000001506f0
> DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
> DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
> Call Trace:
> rtnetlink_rcv_msg+0x44e/0xad0 net/core/rtnetlink.c:5562
> netlink_rcv_skb+0x153/0x420 net/netlink/af_netlink.c:2504
> netlink_unicast_kernel net/netlink/af_netlink.c:1314 [inline]
> netlink_unicast+0x533/0x7d0 net/netlink/af_netlink.c:1340
> netlink_sendmsg+0x856/0xd90 net/netlink/af_netlink.c:1929
> sock_sendmsg_nosec net/socket.c:654 [inline]
> sock_sendmsg+0xcf/0x120 net/socket.c:674
> ____sys_sendmsg+0x6e8/0x810 net/socket.c:2350
> ___sys_sendmsg+0xf3/0x170 net/socket.c:2404
> __sys_sendmsg+0xe5/0x1b0 net/socket.c:2433
> do_syscall_64+0x3a/0xb0 arch/x86/entry/common.c:47
> entry_SYSCALL_64_after_hwframe+0x44/0xae
> RIP: 0033:0x4440d9
>
> [...]
Here is the summary with links:
- [net,1/2] net: bridge: use nla_total_size_64bit() in br_get_linkxstats_size()
https://git.kernel.org/netdev/net/c/dbe0b8806449
- [net,2/2] net: bridge: fix under estimation in br_get_linkxstats_size()
https://git.kernel.org/netdev/net/c/0854a0513321
You are awesome, thank you!
--
Deet-doot-dot, I am a bot.
https://korg.docs.kernel.org/patchwork/pwbot.html
^ permalink raw reply [flat|nested] 6+ messages in thread
end of thread, other threads:[~2021-10-05 11:50 UTC | newest]
Thread overview: 6+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2021-10-05 1:05 [PATCH net 0/2] net: bridge: br_get_linkxstats_size() fixes Eric Dumazet
2021-10-05 1:05 ` [PATCH net 1/2] net: bridge: use nla_total_size_64bit() in br_get_linkxstats_size() Eric Dumazet
2021-10-05 9:03 ` Nikolay Aleksandrov
2021-10-05 1:05 ` [PATCH net 2/2] net: bridge: fix under estimation " Eric Dumazet
2021-10-05 9:04 ` Nikolay Aleksandrov
2021-10-05 11:50 ` [PATCH net 0/2] net: bridge: br_get_linkxstats_size() fixes patchwork-bot+netdevbpf
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.