* [Linux-kernel-mentees] [PATCH net] ipvs: Fix uninit-value in do_ip_vs_set_ctl() @ 2020-08-10 22:07 Peilin Ye 2020-08-11 3:57 ` Cong Wang 2020-08-11 7:46 ` [Linux-kernel-mentees] [PATCH net-next v2] " Peilin Ye 0 siblings, 2 replies; 10+ messages in thread From: Peilin Ye @ 2020-08-10 22:07 UTC (permalink / raw) To: Wensong Zhang, Simon Horman, Julian Anastasov Cc: Florian Westphal, linux-kernel, Peilin Ye, lvs-devel, coreteam, netfilter-devel, netdev, Jakub Kicinski, syzkaller-bugs, Jozsef Kadlecsik, linux-kernel-mentees, David S. Miller, Pablo Neira Ayuso do_ip_vs_set_ctl() is referencing uninitialized stack value when `len` is zero. Fix it. Reported-and-tested-by: syzbot+23b5f9e7caf61d9a3898@syzkaller.appspotmail.com Link: https://syzkaller.appspot.com/bug?id=46ebfb92a8a812621a001ef04d90dfa459520fe2 Signed-off-by: Peilin Ye <yepeilin.cs@gmail.com> --- net/netfilter/ipvs/ip_vs_ctl.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/net/netfilter/ipvs/ip_vs_ctl.c b/net/netfilter/ipvs/ip_vs_ctl.c index 412656c34f20..c050b6a42786 100644 --- a/net/netfilter/ipvs/ip_vs_ctl.c +++ b/net/netfilter/ipvs/ip_vs_ctl.c @@ -2418,7 +2418,7 @@ do_ip_vs_set_ctl(struct sock *sk, int cmd, void __user *user, unsigned int len) { struct net *net = sock_net(sk); int ret; - unsigned char arg[MAX_SET_ARGLEN]; + unsigned char arg[MAX_SET_ARGLEN] = {}; struct ip_vs_service_user *usvc_compat; struct ip_vs_service_user_kern usvc; struct ip_vs_service *svc; -- 2.25.1 _______________________________________________ Linux-kernel-mentees mailing list Linux-kernel-mentees@lists.linuxfoundation.org https://lists.linuxfoundation.org/mailman/listinfo/linux-kernel-mentees ^ permalink raw reply related [flat|nested] 10+ messages in thread
* Re: [Linux-kernel-mentees] [PATCH net] ipvs: Fix uninit-value in do_ip_vs_set_ctl() 2020-08-10 22:07 [Linux-kernel-mentees] [PATCH net] ipvs: Fix uninit-value in do_ip_vs_set_ctl() Peilin Ye @ 2020-08-11 3:57 ` Cong Wang 2020-08-11 5:09 ` Peilin Ye 2020-08-11 7:46 ` [Linux-kernel-mentees] [PATCH net-next v2] " Peilin Ye 1 sibling, 1 reply; 10+ messages in thread From: Cong Wang @ 2020-08-11 3:57 UTC (permalink / raw) To: Peilin Ye Cc: Wensong Zhang, coreteam, Florian Westphal, LKML, Jozsef Kadlecsik, lvs-devel, Julian Anastasov, Simon Horman, NetFilter, Linux Kernel Network Developers, Jakub Kicinski, syzkaller-bugs, linux-kernel-mentees, David S. Miller, Pablo Neira Ayuso On Mon, Aug 10, 2020 at 3:10 PM Peilin Ye <yepeilin.cs@gmail.com> wrote: > > do_ip_vs_set_ctl() is referencing uninitialized stack value when `len` is > zero. Fix it. Which exact 'cmd' is it here? I _guess_ it is one of those uninitialized in set_arglen[], which is 0. But if that is the case, should it be initialized to sizeof(struct ip_vs_service_user) instead because ip_vs_copy_usvc_compat() is called anyway. Or, maybe we should just ban len==0 case. In either case, it does not look like you fix it correctly. Thanks. _______________________________________________ Linux-kernel-mentees mailing list Linux-kernel-mentees@lists.linuxfoundation.org https://lists.linuxfoundation.org/mailman/listinfo/linux-kernel-mentees ^ permalink raw reply [flat|nested] 10+ messages in thread
* Re: [Linux-kernel-mentees] [PATCH net] ipvs: Fix uninit-value in do_ip_vs_set_ctl() 2020-08-11 3:57 ` Cong Wang @ 2020-08-11 5:09 ` Peilin Ye 2020-08-11 6:58 ` Julian Anastasov 0 siblings, 1 reply; 10+ messages in thread From: Peilin Ye @ 2020-08-11 5:09 UTC (permalink / raw) To: Cong Wang Cc: Wensong Zhang, coreteam, Florian Westphal, LKML, Jozsef Kadlecsik, lvs-devel, Julian Anastasov, Simon Horman, NetFilter, Linux Kernel Network Developers, Jakub Kicinski, syzkaller-bugs, linux-kernel-mentees, David S. Miller, Pablo Neira Ayuso On Mon, Aug 10, 2020 at 08:57:19PM -0700, Cong Wang wrote: > On Mon, Aug 10, 2020 at 3:10 PM Peilin Ye <yepeilin.cs@gmail.com> wrote: > > > > do_ip_vs_set_ctl() is referencing uninitialized stack value when `len` is > > zero. Fix it. > > Which exact 'cmd' is it here? > > I _guess_ it is one of those uninitialized in set_arglen[], which is 0. Yes, it was `IP_VS_SO_SET_NONE`, implicitly initialized to zero. > But if that is the case, should it be initialized to > sizeof(struct ip_vs_service_user) instead because ip_vs_copy_usvc_compat() > is called anyway. Or, maybe we should just ban len==0 case. I see. I think the latter would be easier, but we cannot ban all of them, since the function does something with `IP_VS_SO_SET_FLUSH`, which is a `len == 0` case. Maybe we do something like this? @@ -2432,6 +2432,8 @@ do_ip_vs_set_ctl(struct sock *sk, int cmd, void __user *user, unsigned int len) if (cmd < IP_VS_BASE_CTL || cmd > IP_VS_SO_SET_MAX) return -EINVAL; + if (len == 0 && cmd != IP_VS_SO_SET_FLUSH) + return -EINVAL; if (len != set_arglen[CMDID(cmd)]) { IP_VS_DBG(1, "set_ctl: len %u != %u\n", len, set_arglen[CMDID(cmd)]); @@ -2547,9 +2549,6 @@ do_ip_vs_set_ctl(struct sock *sk, int cmd, void __user *user, unsigned int len) break; case IP_VS_SO_SET_DELDEST: ret = ip_vs_del_dest(svc, &udest); - break; - default: - ret = -EINVAL; } out_unlock: Thank you, Peilin Ye > In either case, it does not look like you fix it correctly. > > Thanks. _______________________________________________ Linux-kernel-mentees mailing list Linux-kernel-mentees@lists.linuxfoundation.org https://lists.linuxfoundation.org/mailman/listinfo/linux-kernel-mentees ^ permalink raw reply [flat|nested] 10+ messages in thread
* Re: [Linux-kernel-mentees] [PATCH net] ipvs: Fix uninit-value in do_ip_vs_set_ctl() 2020-08-11 5:09 ` Peilin Ye @ 2020-08-11 6:58 ` Julian Anastasov 2020-08-11 7:19 ` Peilin Ye 0 siblings, 1 reply; 10+ messages in thread From: Julian Anastasov @ 2020-08-11 6:58 UTC (permalink / raw) To: Peilin Ye Cc: Wensong Zhang, coreteam, syzkaller-bugs, Florian Westphal, LKML, Jozsef Kadlecsik, lvs-devel, Simon Horman, NetFilter, Jakub Kicinski, Cong Wang, Linux Kernel Network Developers, linux-kernel-mentees, David S. Miller, Pablo Neira Ayuso Hello, On Tue, 11 Aug 2020, Peilin Ye wrote: > On Mon, Aug 10, 2020 at 08:57:19PM -0700, Cong Wang wrote: > > On Mon, Aug 10, 2020 at 3:10 PM Peilin Ye <yepeilin.cs@gmail.com> wrote: > > > > > > do_ip_vs_set_ctl() is referencing uninitialized stack value when `len` is > > > zero. Fix it. > > > > Which exact 'cmd' is it here? > > > > I _guess_ it is one of those uninitialized in set_arglen[], which is 0. > > Yes, it was `IP_VS_SO_SET_NONE`, implicitly initialized to zero. > > > But if that is the case, should it be initialized to > > sizeof(struct ip_vs_service_user) instead because ip_vs_copy_usvc_compat() > > is called anyway. Or, maybe we should just ban len==0 case. > > I see. I think the latter would be easier, but we cannot ban all of > them, since the function does something with `IP_VS_SO_SET_FLUSH`, which > is a `len == 0` case. > > Maybe we do something like this? Yes, only IP_VS_SO_SET_FLUSH uses len 0. We can go with this change but you do not need to target net tree, as the problem is not fatal net-next works too. What happens is that we may lookup services with random search keys which is harmless. Another option is to add new block after this one: } else if (cmd == IP_VS_SO_SET_TIMEOUT) { /* Set timeout values for (tcp tcpfin udp) */ ret = ip_vs_set_timeout(ipvs, (struct ip_vs_timeout_user *)arg); goto out_unlock; } such as: } else if (!len) { /* No more commands with len=0 below */ ret = -EINVAL; goto out_unlock; } It give more chance for future commands to use len=0 but the drawback is that the check happens under mutex. So, I'm fine with both versions, it is up to you to decide :) > @@ -2432,6 +2432,8 @@ do_ip_vs_set_ctl(struct sock *sk, int cmd, void __user *user, unsigned int len) > > if (cmd < IP_VS_BASE_CTL || cmd > IP_VS_SO_SET_MAX) > return -EINVAL; > + if (len == 0 && cmd != IP_VS_SO_SET_FLUSH) > + return -EINVAL; > if (len != set_arglen[CMDID(cmd)]) { > IP_VS_DBG(1, "set_ctl: len %u != %u\n", > len, set_arglen[CMDID(cmd)]); > @@ -2547,9 +2549,6 @@ do_ip_vs_set_ctl(struct sock *sk, int cmd, void __user *user, unsigned int len) > break; > case IP_VS_SO_SET_DELDEST: > ret = ip_vs_del_dest(svc, &udest); > - break; > - default: > - ret = -EINVAL; > } > > out_unlock: Regards -- Julian Anastasov <ja@ssi.bg> _______________________________________________ Linux-kernel-mentees mailing list Linux-kernel-mentees@lists.linuxfoundation.org https://lists.linuxfoundation.org/mailman/listinfo/linux-kernel-mentees ^ permalink raw reply [flat|nested] 10+ messages in thread
* Re: [Linux-kernel-mentees] [PATCH net] ipvs: Fix uninit-value in do_ip_vs_set_ctl() 2020-08-11 6:58 ` Julian Anastasov @ 2020-08-11 7:19 ` Peilin Ye 0 siblings, 0 replies; 10+ messages in thread From: Peilin Ye @ 2020-08-11 7:19 UTC (permalink / raw) To: Julian Anastasov Cc: Wensong Zhang, coreteam, syzkaller-bugs, Florian Westphal, LKML, Jozsef Kadlecsik, lvs-devel, Simon Horman, NetFilter, Jakub Kicinski, Cong Wang, Linux Kernel Network Developers, linux-kernel-mentees, David S. Miller, Pablo Neira Ayuso On Tue, Aug 11, 2020 at 09:58:46AM +0300, Julian Anastasov wrote: > > Hello, > > On Tue, 11 Aug 2020, Peilin Ye wrote: > > > On Mon, Aug 10, 2020 at 08:57:19PM -0700, Cong Wang wrote: > > > On Mon, Aug 10, 2020 at 3:10 PM Peilin Ye <yepeilin.cs@gmail.com> wrote: > > > > > > > > do_ip_vs_set_ctl() is referencing uninitialized stack value when `len` is > > > > zero. Fix it. > > > > > > Which exact 'cmd' is it here? > > > > > > I _guess_ it is one of those uninitialized in set_arglen[], which is 0. > > > > Yes, it was `IP_VS_SO_SET_NONE`, implicitly initialized to zero. > > > > > But if that is the case, should it be initialized to > > > sizeof(struct ip_vs_service_user) instead because ip_vs_copy_usvc_compat() > > > is called anyway. Or, maybe we should just ban len==0 case. > > > > I see. I think the latter would be easier, but we cannot ban all of > > them, since the function does something with `IP_VS_SO_SET_FLUSH`, which > > is a `len == 0` case. > > > > Maybe we do something like this? > > Yes, only IP_VS_SO_SET_FLUSH uses len 0. We can go with > this change but you do not need to target net tree, as the > problem is not fatal net-next works too. What happens is > that we may lookup services with random search keys which > is harmless. I see, I'll target net-next instead. > Another option is to add new block after this one: > > } else if (cmd == IP_VS_SO_SET_TIMEOUT) { > /* Set timeout values for (tcp tcpfin udp) */ > ret = ip_vs_set_timeout(ipvs, (struct ip_vs_timeout_user *)arg); > goto out_unlock; > } > > such as: > > } else if (!len) { > /* No more commands with len=0 below */ > ret = -EINVAL; > goto out_unlock; > } > > It give more chance for future commands to use len=0 > but the drawback is that the check happens under mutex. So, I'm > fine with both versions, it is up to you to decide :) Ah, this seems much cleaner. I'll send v2 soon, thank you! Peilin Ye > > @@ -2432,6 +2432,8 @@ do_ip_vs_set_ctl(struct sock *sk, int cmd, void __user *user, unsigned int len) > > > > if (cmd < IP_VS_BASE_CTL || cmd > IP_VS_SO_SET_MAX) > > return -EINVAL; > > + if (len == 0 && cmd != IP_VS_SO_SET_FLUSH) > > + return -EINVAL; > > if (len != set_arglen[CMDID(cmd)]) { > > IP_VS_DBG(1, "set_ctl: len %u != %u\n", > > len, set_arglen[CMDID(cmd)]); > > @@ -2547,9 +2549,6 @@ do_ip_vs_set_ctl(struct sock *sk, int cmd, void __user *user, unsigned int len) > > break; > > case IP_VS_SO_SET_DELDEST: > > ret = ip_vs_del_dest(svc, &udest); > > - break; > > - default: > > - ret = -EINVAL; > > } > > > > out_unlock: > > Regards > > -- > Julian Anastasov <ja@ssi.bg> _______________________________________________ Linux-kernel-mentees mailing list Linux-kernel-mentees@lists.linuxfoundation.org https://lists.linuxfoundation.org/mailman/listinfo/linux-kernel-mentees ^ permalink raw reply [flat|nested] 10+ messages in thread
* [Linux-kernel-mentees] [PATCH net-next v2] ipvs: Fix uninit-value in do_ip_vs_set_ctl() 2020-08-10 22:07 [Linux-kernel-mentees] [PATCH net] ipvs: Fix uninit-value in do_ip_vs_set_ctl() Peilin Ye 2020-08-11 3:57 ` Cong Wang @ 2020-08-11 7:46 ` Peilin Ye 2020-08-11 10:29 ` Julian Anastasov 2020-08-28 17:21 ` Pablo Neira Ayuso 1 sibling, 2 replies; 10+ messages in thread From: Peilin Ye @ 2020-08-11 7:46 UTC (permalink / raw) To: Wensong Zhang, Simon Horman, Julian Anastasov Cc: coreteam, Florian Westphal, linux-kernel, Peilin Ye, lvs-devel, netdev, netfilter-devel, Jakub Kicinski, Cong Wang, syzkaller-bugs, Jozsef Kadlecsik, linux-kernel-mentees, David S. Miller, Pablo Neira Ayuso do_ip_vs_set_ctl() is referencing uninitialized stack value when `len` is zero. Fix it. Reported-by: syzbot+23b5f9e7caf61d9a3898@syzkaller.appspotmail.com Link: https://syzkaller.appspot.com/bug?id=46ebfb92a8a812621a001ef04d90dfa459520fe2 Suggested-by: Julian Anastasov <ja@ssi.bg> Signed-off-by: Peilin Ye <yepeilin.cs@gmail.com> --- Changes in v2: - Target net-next tree. (Suggested by Julian Anastasov <ja@ssi.bg>) - Reject all `len == 0` requests except `IP_VS_SO_SET_FLUSH`, instead of initializing `arg`. (Suggested by Cong Wang <xiyou.wangcong@gmail.com>, Julian Anastasov <ja@ssi.bg>) net/netfilter/ipvs/ip_vs_ctl.c | 7 ++++--- 1 file changed, 4 insertions(+), 3 deletions(-) diff --git a/net/netfilter/ipvs/ip_vs_ctl.c b/net/netfilter/ipvs/ip_vs_ctl.c index 412656c34f20..beeafa42aad7 100644 --- a/net/netfilter/ipvs/ip_vs_ctl.c +++ b/net/netfilter/ipvs/ip_vs_ctl.c @@ -2471,6 +2471,10 @@ do_ip_vs_set_ctl(struct sock *sk, int cmd, void __user *user, unsigned int len) /* Set timeout values for (tcp tcpfin udp) */ ret = ip_vs_set_timeout(ipvs, (struct ip_vs_timeout_user *)arg); goto out_unlock; + } else if (!len) { + /* No more commands with len == 0 below */ + ret = -EINVAL; + goto out_unlock; } usvc_compat = (struct ip_vs_service_user *)arg; @@ -2547,9 +2551,6 @@ do_ip_vs_set_ctl(struct sock *sk, int cmd, void __user *user, unsigned int len) break; case IP_VS_SO_SET_DELDEST: ret = ip_vs_del_dest(svc, &udest); - break; - default: - ret = -EINVAL; } out_unlock: -- 2.25.1 _______________________________________________ Linux-kernel-mentees mailing list Linux-kernel-mentees@lists.linuxfoundation.org https://lists.linuxfoundation.org/mailman/listinfo/linux-kernel-mentees ^ permalink raw reply related [flat|nested] 10+ messages in thread
* Re: [Linux-kernel-mentees] [PATCH net-next v2] ipvs: Fix uninit-value in do_ip_vs_set_ctl() 2020-08-11 7:46 ` [Linux-kernel-mentees] [PATCH net-next v2] " Peilin Ye @ 2020-08-11 10:29 ` Julian Anastasov 2020-08-11 12:59 ` Simon Horman 2020-08-28 17:21 ` Pablo Neira Ayuso 1 sibling, 1 reply; 10+ messages in thread From: Julian Anastasov @ 2020-08-11 10:29 UTC (permalink / raw) To: Peilin Ye Cc: Wensong Zhang, coreteam, syzkaller-bugs, Florian Westphal, linux-kernel, Jozsef Kadlecsik, lvs-devel, Simon Horman, netfilter-devel, Jakub Kicinski, Cong Wang, netdev, linux-kernel-mentees, David S. Miller, Pablo Neira Ayuso Hello, On Tue, 11 Aug 2020, Peilin Ye wrote: > do_ip_vs_set_ctl() is referencing uninitialized stack value when `len` is > zero. Fix it. > > Reported-by: syzbot+23b5f9e7caf61d9a3898@syzkaller.appspotmail.com > Link: https://syzkaller.appspot.com/bug?id=46ebfb92a8a812621a001ef04d90dfa459520fe2 > Suggested-by: Julian Anastasov <ja@ssi.bg> > Signed-off-by: Peilin Ye <yepeilin.cs@gmail.com> Looks good to me, thanks! Acked-by: Julian Anastasov <ja@ssi.bg> > --- > Changes in v2: > - Target net-next tree. (Suggested by Julian Anastasov <ja@ssi.bg>) > - Reject all `len == 0` requests except `IP_VS_SO_SET_FLUSH`, instead > of initializing `arg`. (Suggested by Cong Wang > <xiyou.wangcong@gmail.com>, Julian Anastasov <ja@ssi.bg>) > > net/netfilter/ipvs/ip_vs_ctl.c | 7 ++++--- > 1 file changed, 4 insertions(+), 3 deletions(-) > > diff --git a/net/netfilter/ipvs/ip_vs_ctl.c b/net/netfilter/ipvs/ip_vs_ctl.c > index 412656c34f20..beeafa42aad7 100644 > --- a/net/netfilter/ipvs/ip_vs_ctl.c > +++ b/net/netfilter/ipvs/ip_vs_ctl.c > @@ -2471,6 +2471,10 @@ do_ip_vs_set_ctl(struct sock *sk, int cmd, void __user *user, unsigned int len) > /* Set timeout values for (tcp tcpfin udp) */ > ret = ip_vs_set_timeout(ipvs, (struct ip_vs_timeout_user *)arg); > goto out_unlock; > + } else if (!len) { > + /* No more commands with len == 0 below */ > + ret = -EINVAL; > + goto out_unlock; > } > > usvc_compat = (struct ip_vs_service_user *)arg; > @@ -2547,9 +2551,6 @@ do_ip_vs_set_ctl(struct sock *sk, int cmd, void __user *user, unsigned int len) > break; > case IP_VS_SO_SET_DELDEST: > ret = ip_vs_del_dest(svc, &udest); > - break; > - default: > - ret = -EINVAL; > } > > out_unlock: > -- > 2.25.1 Regards -- Julian Anastasov <ja@ssi.bg> _______________________________________________ Linux-kernel-mentees mailing list Linux-kernel-mentees@lists.linuxfoundation.org https://lists.linuxfoundation.org/mailman/listinfo/linux-kernel-mentees ^ permalink raw reply [flat|nested] 10+ messages in thread
* Re: [Linux-kernel-mentees] [PATCH net-next v2] ipvs: Fix uninit-value in do_ip_vs_set_ctl() 2020-08-11 10:29 ` Julian Anastasov @ 2020-08-11 12:59 ` Simon Horman 2020-08-13 1:28 ` Pablo Neira Ayuso 0 siblings, 1 reply; 10+ messages in thread From: Simon Horman @ 2020-08-11 12:59 UTC (permalink / raw) To: Julian Anastasov Cc: Wensong Zhang, coreteam, David S. Miller, Florian Westphal, linux-kernel, Jozsef Kadlecsik, lvs-devel, netdev, netfilter-devel, Jakub Kicinski, Cong Wang, syzkaller-bugs, linux-kernel-mentees, Peilin Ye, Pablo Neira Ayuso On Tue, Aug 11, 2020 at 01:29:04PM +0300, Julian Anastasov wrote: > > Hello, > > On Tue, 11 Aug 2020, Peilin Ye wrote: > > > do_ip_vs_set_ctl() is referencing uninitialized stack value when `len` is > > zero. Fix it. > > > > Reported-by: syzbot+23b5f9e7caf61d9a3898@syzkaller.appspotmail.com > > Link: https://syzkaller.appspot.com/bug?id=46ebfb92a8a812621a001ef04d90dfa459520fe2 > > Suggested-by: Julian Anastasov <ja@ssi.bg> > > Signed-off-by: Peilin Ye <yepeilin.cs@gmail.com> > > Looks good to me, thanks! > > Acked-by: Julian Anastasov <ja@ssi.bg> Pablo, could you consider this for nf-next or should we repost when net-next re-opens? Reviewed-by: Simon Horman <horms@verge.net.au> _______________________________________________ Linux-kernel-mentees mailing list Linux-kernel-mentees@lists.linuxfoundation.org https://lists.linuxfoundation.org/mailman/listinfo/linux-kernel-mentees ^ permalink raw reply [flat|nested] 10+ messages in thread
* Re: [Linux-kernel-mentees] [PATCH net-next v2] ipvs: Fix uninit-value in do_ip_vs_set_ctl() 2020-08-11 12:59 ` Simon Horman @ 2020-08-13 1:28 ` Pablo Neira Ayuso 0 siblings, 0 replies; 10+ messages in thread From: Pablo Neira Ayuso @ 2020-08-13 1:28 UTC (permalink / raw) To: Simon Horman Cc: Wensong Zhang, coreteam, David S. Miller, Florian Westphal, linux-kernel, Jozsef Kadlecsik, lvs-devel, Julian Anastasov, netdev, netfilter-devel, Jakub Kicinski, Cong Wang, syzkaller-bugs, linux-kernel-mentees, Peilin Ye On Tue, Aug 11, 2020 at 02:59:59PM +0200, Simon Horman wrote: > On Tue, Aug 11, 2020 at 01:29:04PM +0300, Julian Anastasov wrote: > > > > Hello, > > > > On Tue, 11 Aug 2020, Peilin Ye wrote: > > > > > do_ip_vs_set_ctl() is referencing uninitialized stack value when `len` is > > > zero. Fix it. > > > > > > Reported-by: syzbot+23b5f9e7caf61d9a3898@syzkaller.appspotmail.com > > > Link: https://syzkaller.appspot.com/bug?id=46ebfb92a8a812621a001ef04d90dfa459520fe2 > > > Suggested-by: Julian Anastasov <ja@ssi.bg> > > > Signed-off-by: Peilin Ye <yepeilin.cs@gmail.com> > > > > Looks good to me, thanks! > > > > Acked-by: Julian Anastasov <ja@ssi.bg> > > Pablo, could you consider this for nf-next or should we repost when > net-next re-opens? No worries, it will sit in netfilter's patchwork until net-next reopens. _______________________________________________ Linux-kernel-mentees mailing list Linux-kernel-mentees@lists.linuxfoundation.org https://lists.linuxfoundation.org/mailman/listinfo/linux-kernel-mentees ^ permalink raw reply [flat|nested] 10+ messages in thread
* Re: [Linux-kernel-mentees] [PATCH net-next v2] ipvs: Fix uninit-value in do_ip_vs_set_ctl() 2020-08-11 7:46 ` [Linux-kernel-mentees] [PATCH net-next v2] " Peilin Ye 2020-08-11 10:29 ` Julian Anastasov @ 2020-08-28 17:21 ` Pablo Neira Ayuso 1 sibling, 0 replies; 10+ messages in thread From: Pablo Neira Ayuso @ 2020-08-28 17:21 UTC (permalink / raw) To: Peilin Ye Cc: Wensong Zhang, coreteam, syzkaller-bugs, Florian Westphal, linux-kernel, Jozsef Kadlecsik, lvs-devel, Julian Anastasov, Simon Horman, netfilter-devel, Jakub Kicinski, Cong Wang, netdev, linux-kernel-mentees, David S. Miller On Tue, Aug 11, 2020 at 03:46:40AM -0400, Peilin Ye wrote: > do_ip_vs_set_ctl() is referencing uninitialized stack value when `len` is > zero. Fix it. Applied to nf-next, thanks. _______________________________________________ Linux-kernel-mentees mailing list Linux-kernel-mentees@lists.linuxfoundation.org https://lists.linuxfoundation.org/mailman/listinfo/linux-kernel-mentees ^ permalink raw reply [flat|nested] 10+ messages in thread
end of thread, other threads:[~2020-08-28 17:22 UTC | newest] Thread overview: 10+ messages (download: mbox.gz / follow: Atom feed) -- links below jump to the message on this page -- 2020-08-10 22:07 [Linux-kernel-mentees] [PATCH net] ipvs: Fix uninit-value in do_ip_vs_set_ctl() Peilin Ye 2020-08-11 3:57 ` Cong Wang 2020-08-11 5:09 ` Peilin Ye 2020-08-11 6:58 ` Julian Anastasov 2020-08-11 7:19 ` Peilin Ye 2020-08-11 7:46 ` [Linux-kernel-mentees] [PATCH net-next v2] " Peilin Ye 2020-08-11 10:29 ` Julian Anastasov 2020-08-11 12:59 ` Simon Horman 2020-08-13 1:28 ` Pablo Neira Ayuso 2020-08-28 17:21 ` Pablo Neira Ayuso
This is a public inbox, see mirroring instructions for how to clone and mirror all data and code used for this inbox; as well as URLs for NNTP newsgroup(s).