From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-7.1 required=3.0 tests=DKIM_SIGNED,DKIM_VALID, DKIM_VALID_AU,HEADER_FROM_DIFFERENT_DOMAINS,INCLUDES_PATCH,MAILING_LIST_MULTI, SIGNED_OFF_BY,SPF_PASS,URIBL_BLOCKED autolearn=ham autolearn_force=no version=3.4.0 Received: from mail.kernel.org (mail.kernel.org [198.145.29.99]) by smtp.lore.kernel.org (Postfix) with ESMTP id 504B0C10F0E for ; Fri, 12 Apr 2019 16:08:18 +0000 (UTC) Received: from vger.kernel.org (vger.kernel.org [209.132.180.67]) by mail.kernel.org (Postfix) with ESMTP id 13E812073F for ; Fri, 12 Apr 2019 16:08:18 +0000 (UTC) Authentication-Results: mail.kernel.org; dkim=pass (1024-bit key) header.d=fb.com header.i=@fb.com header.b="o15TDcgp"; dkim=pass (1024-bit key) header.d=fb.onmicrosoft.com header.i=@fb.onmicrosoft.com header.b="XoNnhB2g" Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1726864AbfDLQIR (ORCPT ); Fri, 12 Apr 2019 12:08:17 -0400 Received: from mx0b-00082601.pphosted.com ([67.231.153.30]:40322 "EHLO mx0b-00082601.pphosted.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1726702AbfDLQIQ (ORCPT ); Fri, 12 Apr 2019 12:08:16 -0400 Received: from pps.filterd (m0109331.ppops.net [127.0.0.1]) by mx0a-00082601.pphosted.com (8.16.0.27/8.16.0.27) with SMTP id x3CG7nPW000858; Fri, 12 Apr 2019 09:07:50 -0700 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=fb.com; h=from : to : cc : subject : date : message-id : references : in-reply-to : content-type : content-id : content-transfer-encoding : mime-version; s=facebook; bh=192f6pMTVbVARrfL8nF1EMg6dputiIsicNMZT9FVaFU=; b=o15TDcgppzHI/XXah6fp7e+vaRkOokE871AqYJRbklEFa+NimTJBexx9Bu2Y49Xct+bj WtNKx8JXJ7F4kVEUphQ5Aa02v/WbaFjH8RfYUo/+tAYk/t446UTJaTqQDgg0bkxEnFij 4CwR4DdvfsMa4JQ1umyv0KP8vM+1DBXGPqI= Received: from mail.thefacebook.com (mailout.thefacebook.com [199.201.64.23]) by mx0a-00082601.pphosted.com with ESMTP id 2rtj65hvdq-2 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-SHA384 bits=256 verify=NOT); Fri, 12 Apr 2019 09:07:50 -0700 Received: from prn-mbx04.TheFacebook.com (2620:10d:c081:6::18) by prn-hub04.TheFacebook.com (2620:10d:c081:35::128) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384) id 15.1.1713.5; Fri, 12 Apr 2019 09:07:40 -0700 Received: from prn-hub04.TheFacebook.com (2620:10d:c081:35::128) by prn-mbx04.TheFacebook.com (2620:10d:c081:6::18) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384) id 15.1.1713.5; Fri, 12 Apr 2019 09:07:39 -0700 Received: from NAM04-SN1-obe.outbound.protection.outlook.com (192.168.54.28) by o365-in.thefacebook.com (192.168.16.28) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384) id 15.1.1713.5 via Frontend Transport; Fri, 12 Apr 2019 09:07:39 -0700 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=fb.onmicrosoft.com; s=selector1-fb-com; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=192f6pMTVbVARrfL8nF1EMg6dputiIsicNMZT9FVaFU=; b=XoNnhB2gyxo9T607sP3IorVeP5HgyWB0QlvEicpFIAUYwNgW7Amf+chGeMEptHJ4G7iY2h2ZIPPKHu30wn1TWkUkr53P3nx0SfIZ7rtSHfw1qc/RqgfmuG3WV0B+itZ0g+U47TK3CgaYJDoEcae5+S6Sy/fduqxWa0X/gR3HDYg= Received: from DM5PR15MB1163.namprd15.prod.outlook.com (10.173.208.149) by DM5PR15MB1385.namprd15.prod.outlook.com (10.173.224.148) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.1792.15; Fri, 12 Apr 2019 16:07:38 +0000 Received: from DM5PR15MB1163.namprd15.prod.outlook.com ([fe80::290e:d830:9d6c:e8a2]) by DM5PR15MB1163.namprd15.prod.outlook.com ([fe80::290e:d830:9d6c:e8a2%11]) with mapi id 15.20.1792.009; Fri, 12 Apr 2019 16:07:38 +0000 From: Song Liu To: Tetsuo Handa CC: Alexei Starovoitov , Daniel Borkmann , Martin Lau , Yonghong Song , "David S. Miller" , "netdev@vger.kernel.org" Subject: Re: [PATCH 9/9] udpv6: Check address length before reading address family Thread-Topic: [PATCH 9/9] udpv6: Check address length before reading address family Thread-Index: AQHU8R5zDeFpT68BLUCrSR2xYMNL+KY4sXSA Date: Fri, 12 Apr 2019 16:07:38 +0000 Message-ID: References: <1555066599-9698-1-git-send-email-penguin-kernel@I-love.SAKURA.ne.jp> In-Reply-To: <1555066599-9698-1-git-send-email-penguin-kernel@I-love.SAKURA.ne.jp> Accept-Language: en-US Content-Language: en-US X-MS-Has-Attach: X-MS-TNEF-Correlator: x-mailer: Apple Mail (2.3445.104.8) x-originating-ip: [2620:10d:c090:200::1:b0cf] x-ms-publictraffictype: Email x-ms-office365-filtering-correlation-id: 7ce3258d-0589-4cc1-b794-08d6bf60fbea x-microsoft-antispam: BCL:0;PCL:0;RULEID:(2390118)(7020095)(4652040)(8989299)(4534185)(4627221)(201703031133081)(201702281549075)(8990200)(5600139)(711020)(4605104)(2017052603328)(7193020);SRVR:DM5PR15MB1385; x-ms-traffictypediagnostic: DM5PR15MB1385: x-microsoft-antispam-prvs: x-forefront-prvs: 0005B05917 x-forefront-antispam-report: SFV:NSPM;SFS:(10019020)(376002)(136003)(396003)(366004)(346002)(39860400002)(199004)(189003)(97736004)(7736002)(11346002)(6506007)(476003)(53936002)(305945005)(76176011)(6116002)(316002)(486006)(2616005)(54906003)(446003)(6512007)(46003)(86362001)(6916009)(36756003)(5660300002)(102836004)(99286004)(68736007)(81166006)(83716004)(256004)(6246003)(4326008)(81156014)(57306001)(478600001)(53546011)(105586002)(33656002)(2906002)(6486002)(25786009)(82746002)(6436002)(14444005)(106356001)(8676002)(186003)(8936002)(71200400001)(71190400001)(14454004)(50226002)(229853002);DIR:OUT;SFP:1102;SCL:1;SRVR:DM5PR15MB1385;H:DM5PR15MB1163.namprd15.prod.outlook.com;FPR:;SPF:None;LANG:en;PTR:InfoNoRecords;A:1;MX:1; received-spf: None (protection.outlook.com: fb.com does not designate permitted sender hosts) x-ms-exchange-senderadcheck: 1 x-microsoft-antispam-message-info: hAyJ1E4kYM6i+yc69x7Jy+BK13wxFoEJqdozHApMn7jURJb1ooVbNS3LAFzvOnyBBmV6bO/qVfoKoLCCe5j6JkjaWY6+WFYVj6pPfBIt2uJQYeAjK6YNO6Hsx2wI72heS/QDUFG2zm+kst0TX2piDyVzSuoOm+mltmAl82WSTuJ2WBdFybhYrC7L6ipmUO/ywZl57l1/o0GxNYlZ5f/nNMu9QyqVKc4PPFrWn1hGZBCtD5qKoXouW8mSvUm7x3dXPSG1RKNQjt6+AFkqTyW82OWFIkf0/G81PBR2JttQtdJHPTAveBfFikFZ0NH4RPAM9GFr3nbmiQMs3OrT10YalYDWgcGpGCwewIRxt4Xlo9TkojtBMwi7Vw9a9xD5ycqMqY6MCiaAAfNJpzv6T8iun5d6K6Y41zu8cmm9+sT1jhI= Content-Type: text/plain; charset="us-ascii" Content-ID: <21BD8D2A8E3A5241884A7102F8F16FC9@namprd15.prod.outlook.com> Content-Transfer-Encoding: quoted-printable MIME-Version: 1.0 X-MS-Exchange-CrossTenant-Network-Message-Id: 7ce3258d-0589-4cc1-b794-08d6bf60fbea X-MS-Exchange-CrossTenant-originalarrivaltime: 12 Apr 2019 16:07:38.2011 (UTC) X-MS-Exchange-CrossTenant-fromentityheader: Hosted X-MS-Exchange-CrossTenant-id: 8ae927fe-1255-47a7-a2af-5f3a069daaa2 X-MS-Exchange-CrossTenant-mailboxtype: HOSTED X-MS-Exchange-Transport-CrossTenantHeadersStamped: DM5PR15MB1385 X-OriginatorOrg: fb.com X-Proofpoint-Virus-Version: vendor=fsecure engine=2.50.10434:,, definitions=2019-04-12_09:,, signatures=0 X-Proofpoint-Spam-Reason: safe X-FB-Internal: Safe Sender: netdev-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: netdev@vger.kernel.org > On Apr 12, 2019, at 3:56 AM, Tetsuo Handa wrote: >=20 > KMSAN will complain if valid address length passed to udpv6_pre_connect() > is shorter than sizeof("struct sockaddr"->sa_family) bytes. >=20 > (This patch is bogus if it is guaranteed that udpv6_pre_connect() is > always called after checking "struct sockaddr"->sa_family. In that case, > we want a comment why we don't need to check valid address length here.) >=20 > Signed-off-by: Tetsuo Handa Looks good.=20 Acked-by: Song Liu > --- > net/ipv6/udp.c | 2 ++ > 1 file changed, 2 insertions(+) >=20 > diff --git a/net/ipv6/udp.c b/net/ipv6/udp.c > index d538fafaf4a9..2464fba569b4 100644 > --- a/net/ipv6/udp.c > +++ b/net/ipv6/udp.c > @@ -1045,6 +1045,8 @@ static void udp_v6_flush_pending_frames(struct sock= *sk) > static int udpv6_pre_connect(struct sock *sk, struct sockaddr *uaddr, > int addr_len) > { > + if (addr_len < offsetofend(struct sockaddr, sa_family)) > + return -EINVAL; > /* The following checks are replicated from __ip6_datagram_connect() > * and intended to prevent BPF program called below from accessing > * bytes that are out of the bound specified by user in addr_len. > --=20 > 2.16.5 >=20