* [PATCH net] ipv6: do not leave garbage in rt->fib6_metrics
@ 2018-10-05 16:17 Eric Dumazet
2018-10-05 16:29 ` David Ahern
2018-10-05 18:57 ` David Miller
0 siblings, 2 replies; 5+ messages in thread
From: Eric Dumazet @ 2018-10-05 16:17 UTC (permalink / raw)
To: David S . Miller; +Cc: netdev, Eric Dumazet, Eric Dumazet, David Ahern
In case ip_fib_metrics_init() returns an error, we better
rewrite rt->fib6_metrics with &dst_default_metrics so that
we do not crash later in ip_fib_metrics_put()
Fixes: 767a2217533f ("net: common metrics init helper for FIB entries")
Signed-off-by: Eric Dumazet <edumazet@google.com>
Reported-by: syzbot <syzkaller@googlegroups.com>
---
net/ipv6/route.c | 2 ++
1 file changed, 2 insertions(+)
diff --git a/net/ipv6/route.c b/net/ipv6/route.c
index 6c1d817151cae45421dc976c5ea082b4115650be..74d97addf1af20dda0c2b6a2018e88696f9f7d5a 100644
--- a/net/ipv6/route.c
+++ b/net/ipv6/route.c
@@ -2976,6 +2976,8 @@ static struct fib6_info *ip6_route_info_create(struct fib6_config *cfg,
rt->fib6_metrics = ip_fib_metrics_init(net, cfg->fc_mx, cfg->fc_mx_len);
if (IS_ERR(rt->fib6_metrics)) {
err = PTR_ERR(rt->fib6_metrics);
+ /* Do not leave garbage there. */
+ rt->fib6_metrics = (struct dst_metrics *)&dst_default_metrics;
goto out;
}
--
2.19.0.605.g01d371f741-goog
^ permalink raw reply related [flat|nested] 5+ messages in thread
* Re: [PATCH net] ipv6: do not leave garbage in rt->fib6_metrics
2018-10-05 16:17 [PATCH net] ipv6: do not leave garbage in rt->fib6_metrics Eric Dumazet
@ 2018-10-05 16:29 ` David Ahern
2018-10-05 16:33 ` Eric Dumazet
2018-10-05 18:57 ` David Miller
1 sibling, 1 reply; 5+ messages in thread
From: David Ahern @ 2018-10-05 16:29 UTC (permalink / raw)
To: Eric Dumazet, David S . Miller; +Cc: netdev, Eric Dumazet
On 10/5/18 10:17 AM, Eric Dumazet wrote:
> In case ip_fib_metrics_init() returns an error, we better
> rewrite rt->fib6_metrics with &dst_default_metrics so that
> we do not crash later in ip_fib_metrics_put()
>
> Fixes: 767a2217533f ("net: common metrics init helper for FIB entries")
> Signed-off-by: Eric Dumazet <edumazet@google.com>
> Reported-by: syzbot <syzkaller@googlegroups.com>
Where is syzbot sending the reports? I don't see it on netdev. I would
like to understand how it triggered the failure of a 68-byte malloc.
> ---
> net/ipv6/route.c | 2 ++
> 1 file changed, 2 insertions(+)
>
> diff --git a/net/ipv6/route.c b/net/ipv6/route.c
> index 6c1d817151cae45421dc976c5ea082b4115650be..74d97addf1af20dda0c2b6a2018e88696f9f7d5a 100644
> --- a/net/ipv6/route.c
> +++ b/net/ipv6/route.c
> @@ -2976,6 +2976,8 @@ static struct fib6_info *ip6_route_info_create(struct fib6_config *cfg,
> rt->fib6_metrics = ip_fib_metrics_init(net, cfg->fc_mx, cfg->fc_mx_len);
> if (IS_ERR(rt->fib6_metrics)) {
> err = PTR_ERR(rt->fib6_metrics);
> + /* Do not leave garbage there. */
> + rt->fib6_metrics = (struct dst_metrics *)&dst_default_metrics;
> goto out;
> }
>
>
Reviewed-by: David Ahern <dsahern@gmail.com>
Thanks, Eric.
^ permalink raw reply [flat|nested] 5+ messages in thread
* Re: [PATCH net] ipv6: do not leave garbage in rt->fib6_metrics
2018-10-05 16:29 ` David Ahern
@ 2018-10-05 16:33 ` Eric Dumazet
0 siblings, 0 replies; 5+ messages in thread
From: Eric Dumazet @ 2018-10-05 16:33 UTC (permalink / raw)
To: David Ahern; +Cc: David Miller, netdev, Eric Dumazet
On Fri, Oct 5, 2018 at 9:29 AM David Ahern <dsahern@gmail.com> wrote:
>
> On 10/5/18 10:17 AM, Eric Dumazet wrote:
> > In case ip_fib_metrics_init() returns an error, we better
> > rewrite rt->fib6_metrics with &dst_default_metrics so that
> > we do not crash later in ip_fib_metrics_put()
> >
> > Fixes: 767a2217533f ("net: common metrics init helper for FIB entries")
> > Signed-off-by: Eric Dumazet <edumazet@google.com>
> > Reported-by: syzbot <syzkaller@googlegroups.com>
>
> Where is syzbot sending the reports? I don't see it on netdev. I would
> like to understand how it triggered the failure of a 68-byte malloc.
>
Not a public syzbot instance.
And this is not a 68-byte malloc error, simply a ip_metrics_convert()
being cautious with user provided attributes.
You can trivially trigger this with ip command
>
> > ---
> > net/ipv6/route.c | 2 ++
> > 1 file changed, 2 insertions(+)
> >
> > diff --git a/net/ipv6/route.c b/net/ipv6/route.c
> > index 6c1d817151cae45421dc976c5ea082b4115650be..74d97addf1af20dda0c2b6a2018e88696f9f7d5a 100644
> > --- a/net/ipv6/route.c
> > +++ b/net/ipv6/route.c
> > @@ -2976,6 +2976,8 @@ static struct fib6_info *ip6_route_info_create(struct fib6_config *cfg,
> > rt->fib6_metrics = ip_fib_metrics_init(net, cfg->fc_mx, cfg->fc_mx_len);
> > if (IS_ERR(rt->fib6_metrics)) {
> > err = PTR_ERR(rt->fib6_metrics);
> > + /* Do not leave garbage there. */
> > + rt->fib6_metrics = (struct dst_metrics *)&dst_default_metrics;
> > goto out;
> > }
> >
> >
>
> Reviewed-by: David Ahern <dsahern@gmail.com>
>
> Thanks, Eric.
^ permalink raw reply [flat|nested] 5+ messages in thread
* Re: [PATCH net] ipv6: do not leave garbage in rt->fib6_metrics
2018-10-05 16:17 [PATCH net] ipv6: do not leave garbage in rt->fib6_metrics Eric Dumazet
2018-10-05 16:29 ` David Ahern
@ 2018-10-05 18:57 ` David Miller
2018-10-05 19:01 ` Eric Dumazet
1 sibling, 1 reply; 5+ messages in thread
From: David Miller @ 2018-10-05 18:57 UTC (permalink / raw)
To: edumazet; +Cc: netdev, eric.dumazet, dsahern
From: Eric Dumazet <edumazet@google.com>
Date: Fri, 5 Oct 2018 09:17:50 -0700
> In case ip_fib_metrics_init() returns an error, we better
> rewrite rt->fib6_metrics with &dst_default_metrics so that
> we do not crash later in ip_fib_metrics_put()
>
> Fixes: 767a2217533f ("net: common metrics init helper for FIB entries")
> Signed-off-by: Eric Dumazet <edumazet@google.com>
> Reported-by: syzbot <syzkaller@googlegroups.com>
Applied to net-next, thanks Eric.
Subject should have said net-next instead of net btw.
^ permalink raw reply [flat|nested] 5+ messages in thread
* Re: [PATCH net] ipv6: do not leave garbage in rt->fib6_metrics
2018-10-05 18:57 ` David Miller
@ 2018-10-05 19:01 ` Eric Dumazet
0 siblings, 0 replies; 5+ messages in thread
From: Eric Dumazet @ 2018-10-05 19:01 UTC (permalink / raw)
To: David Miller; +Cc: netdev, Eric Dumazet, David Ahern
On Fri, Oct 5, 2018 at 11:57 AM David Miller <davem@davemloft.net> wrote:
> Applied to net-next, thanks Eric.
>
> Subject should have said net-next instead of net btw.
Oops, sorry for that, I used the wrong script.
Thanks.
^ permalink raw reply [flat|nested] 5+ messages in thread
end of thread, other threads:[~2018-10-06 2:01 UTC | newest]
Thread overview: 5+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2018-10-05 16:17 [PATCH net] ipv6: do not leave garbage in rt->fib6_metrics Eric Dumazet
2018-10-05 16:29 ` David Ahern
2018-10-05 16:33 ` Eric Dumazet
2018-10-05 18:57 ` David Miller
2018-10-05 19:01 ` Eric Dumazet
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.