From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: X-Google-Smtp-Source: AH8x227URl03anWqNAaIQPPtqjhOYAkbC0l4jrkR+91YtDdMLTWgv+39mIcJYxrFgqpqDWBIb37B ARC-Seal: i=1; a=rsa-sha256; t=1517256717; cv=none; d=google.com; s=arc-20160816; b=QDOTjdS7SxB7lvCQDLtHMuY2gb12rItw0b380O75A8GYpBWmGMN9xa69EULZZ1ipuc BpghWgxRWwcmnpInmDnzfU0aD/Qnb763bdOhWXlot1zGsmFxP+nSY+Wt83bSL7Q0rroF UKtE4lqSnWuAd/bNPY/cxycX9q4J6WGVlJqb/7jMUYNCKU4u5Js4uvK0WuYZ+GcSXGu5 2HemX+9dYCly5fg06y+dsIRqxPRwLDgGkhrM7O8gr6cuJYQRatdzagD8NNE8alpXCR4F S26Utc2MVTneJDlPvCSBSosNfSux7U8vZGIDRpUhcY3nY0S02COAtZUmv0yxsxJIGRcw 4FoA== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=mime-version:user-agent:references:in-reply-to:message-id:date :subject:cc:to:from:arc-authentication-results; bh=gdaIVLvx2Lj+C7CY8hKtqjvg0c/Gr1WokvAVX4d4JLs=; b=ySQzO+CPq0ibjSNmjm4OuwkfV1d3R4+Q93bPeo5ycrRknTimeUAS/P9BB1/LK7Lx7y zLYpybgL17BPEUQ6YVa7tHk3bWuEiu1mt6ba3um+yBlu7xMj65z24E7HUvi4Och7usb9 KojDMATtDefpzX3hCIKvTc8s55hJ/CQwDkm2tBGNa8SBWqo55pxt1Iu+uLQUfF6UYXyh 65QQg+JPjV6XA7Un2S2bRFWLyL8URseC6wvAICfGzQSFu2jVbaVEnqaivtQa1mXawOmB T3upFC+Wmkzh1h1mw+X6cYpziUlLjOd1kOpEi8etSdIydm98ZXGrTLCi1Wu2GStQ6K+6 6fWg== ARC-Authentication-Results: i=1; mx.google.com; spf=softfail (google.com: domain of transitioning gregkh@linuxfoundation.org does not designate 90.92.71.90 as permitted sender) smtp.mailfrom=gregkh@linuxfoundation.org Authentication-Results: mx.google.com; spf=softfail (google.com: domain of transitioning gregkh@linuxfoundation.org does not designate 90.92.71.90 as permitted sender) smtp.mailfrom=gregkh@linuxfoundation.org From: Greg Kroah-Hartman To: linux-kernel@vger.kernel.org Cc: Greg Kroah-Hartman , stable@vger.kernel.org, syzbot+315fa6766d0f7c359327@syzkaller.appspotmail.com, David Ahern , "David S. Miller" Subject: [PATCH 4.14 50/71] netlink: extack needs to be reset each time through loop Date: Mon, 29 Jan 2018 13:57:18 +0100 Message-Id: <20180129123830.768371527@linuxfoundation.org> X-Mailer: git-send-email 2.16.1 In-Reply-To: <20180129123827.271171825@linuxfoundation.org> References: <20180129123827.271171825@linuxfoundation.org> User-Agent: quilt/0.65 MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 X-getmail-retrieved-from-mailbox: INBOX X-GMAIL-LABELS: =?utf-8?b?IlxcU2VudCI=?= X-GMAIL-THRID: =?utf-8?q?1590958980405329144?= X-GMAIL-MSGID: =?utf-8?q?1590958980405329144?= X-Mailing-List: linux-kernel@vger.kernel.org List-ID: 4.14-stable review patch. If anyone has any objections, please let me know. ------------------ From: David Ahern [ Upstream commit cbbdf8433a5f117b1a2119ea30fc651b61ef7570 ] syzbot triggered the WARN_ON in netlink_ack testing the bad_attr value. The problem is that netlink_rcv_skb loops over the skb repeatedly invoking the callback and without resetting the extack leaving potentially stale data. Initializing each time through avoids the WARN_ON. Fixes: 2d4bc93368f5a ("netlink: extended ACK reporting") Reported-by: syzbot+315fa6766d0f7c359327@syzkaller.appspotmail.com Signed-off-by: David Ahern Signed-off-by: David S. Miller Signed-off-by: Greg Kroah-Hartman --- net/netlink/af_netlink.c | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) --- a/net/netlink/af_netlink.c +++ b/net/netlink/af_netlink.c @@ -2393,7 +2393,7 @@ int netlink_rcv_skb(struct sk_buff *skb, struct nlmsghdr *, struct netlink_ext_ack *)) { - struct netlink_ext_ack extack = {}; + struct netlink_ext_ack extack; struct nlmsghdr *nlh; int err; @@ -2414,6 +2414,7 @@ int netlink_rcv_skb(struct sk_buff *skb, if (nlh->nlmsg_type < NLMSG_MIN_TYPE) goto ack; + memset(&extack, 0, sizeof(extack)); err = cb(skb, nlh, &extack); if (err == -EINTR) goto skip;