* [PATCH] net: mac802154: Fix null pointer dereference
@ 2021-03-03 16:27 Pavel Skripkin
2021-03-04 2:40 ` Alexander Aring
0 siblings, 1 reply; 10+ messages in thread
From: Pavel Skripkin @ 2021-03-03 16:27 UTC (permalink / raw)
To: alex.aring, stefan, davem
Cc: linux-wpan, netdev, linux-kernel, Pavel Skripkin,
syzbot+12cf5fbfdeba210a89dd
syzbot found general protection fault in crypto_destroy_tfm()[1].
It was caused by wrong clean up loop in llsec_key_alloc().
If one of the tfm array members won't be initialized it will cause
NULL dereference in crypto_destroy_tfm().
Call Trace:
crypto_free_aead include/crypto/aead.h:191 [inline] [1]
llsec_key_alloc net/mac802154/llsec.c:156 [inline]
mac802154_llsec_key_add+0x9e0/0xcc0 net/mac802154/llsec.c:249
ieee802154_add_llsec_key+0x56/0x80 net/mac802154/cfg.c:338
rdev_add_llsec_key net/ieee802154/rdev-ops.h:260 [inline]
nl802154_add_llsec_key+0x3d3/0x560 net/ieee802154/nl802154.c:1584
genl_family_rcv_msg_doit+0x228/0x320 net/netlink/genetlink.c:739
genl_family_rcv_msg net/netlink/genetlink.c:783 [inline]
genl_rcv_msg+0x328/0x580 net/netlink/genetlink.c:800
netlink_rcv_skb+0x153/0x420 net/netlink/af_netlink.c:2502
genl_rcv+0x24/0x40 net/netlink/genetlink.c:811
netlink_unicast_kernel net/netlink/af_netlink.c:1312 [inline]
netlink_unicast+0x533/0x7d0 net/netlink/af_netlink.c:1338
netlink_sendmsg+0x856/0xd90 net/netlink/af_netlink.c:1927
sock_sendmsg_nosec net/socket.c:654 [inline]
sock_sendmsg+0xcf/0x120 net/socket.c:674
____sys_sendmsg+0x6e8/0x810 net/socket.c:2350
___sys_sendmsg+0xf3/0x170 net/socket.c:2404
__sys_sendmsg+0xe5/0x1b0 net/socket.c:2433
do_syscall_64+0x2d/0x70 arch/x86/entry/common.c:46
entry_SYSCALL_64_after_hwframe+0x44/0xae
Signed-off-by: Pavel Skripkin <paskripkin@gmail.com>
Reported-by: syzbot+12cf5fbfdeba210a89dd@syzkaller.appspotmail.com
---
net/mac802154/llsec.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/net/mac802154/llsec.c b/net/mac802154/llsec.c
index 585d33144c33..6709f186f777 100644
--- a/net/mac802154/llsec.c
+++ b/net/mac802154/llsec.c
@@ -151,7 +151,7 @@ llsec_key_alloc(const struct ieee802154_llsec_key *template)
err_tfm0:
crypto_free_sync_skcipher(key->tfm0);
err_tfm:
- for (i = 0; i < ARRAY_SIZE(key->tfm); i++)
+ for (; i >= 0; i--)
if (key->tfm[i])
crypto_free_aead(key->tfm[i]);
--
2.25.1
^ permalink raw reply related [flat|nested] 10+ messages in thread
* Re: [PATCH] net: mac802154: Fix null pointer dereference
2021-03-03 16:27 [PATCH] net: mac802154: Fix null pointer dereference Pavel Skripkin
@ 2021-03-04 2:40 ` Alexander Aring
2021-03-04 9:23 ` Pavel Skripkin
0 siblings, 1 reply; 10+ messages in thread
From: Alexander Aring @ 2021-03-04 2:40 UTC (permalink / raw)
To: Pavel Skripkin
Cc: Stefan Schmidt, David S. Miller, linux-wpan - ML,
open list:NETWORKING [GENERAL],
kernel list, syzbot+12cf5fbfdeba210a89dd
Hi,
On Wed, 3 Mar 2021 at 11:28, Pavel Skripkin <paskripkin@gmail.com> wrote:
>
> syzbot found general protection fault in crypto_destroy_tfm()[1].
> It was caused by wrong clean up loop in llsec_key_alloc().
> If one of the tfm array members won't be initialized it will cause
> NULL dereference in crypto_destroy_tfm().
>
> Call Trace:
> crypto_free_aead include/crypto/aead.h:191 [inline] [1]
> llsec_key_alloc net/mac802154/llsec.c:156 [inline]
> mac802154_llsec_key_add+0x9e0/0xcc0 net/mac802154/llsec.c:249
> ieee802154_add_llsec_key+0x56/0x80 net/mac802154/cfg.c:338
> rdev_add_llsec_key net/ieee802154/rdev-ops.h:260 [inline]
> nl802154_add_llsec_key+0x3d3/0x560 net/ieee802154/nl802154.c:1584
> genl_family_rcv_msg_doit+0x228/0x320 net/netlink/genetlink.c:739
> genl_family_rcv_msg net/netlink/genetlink.c:783 [inline]
> genl_rcv_msg+0x328/0x580 net/netlink/genetlink.c:800
> netlink_rcv_skb+0x153/0x420 net/netlink/af_netlink.c:2502
> genl_rcv+0x24/0x40 net/netlink/genetlink.c:811
> netlink_unicast_kernel net/netlink/af_netlink.c:1312 [inline]
> netlink_unicast+0x533/0x7d0 net/netlink/af_netlink.c:1338
> netlink_sendmsg+0x856/0xd90 net/netlink/af_netlink.c:1927
> sock_sendmsg_nosec net/socket.c:654 [inline]
> sock_sendmsg+0xcf/0x120 net/socket.c:674
> ____sys_sendmsg+0x6e8/0x810 net/socket.c:2350
> ___sys_sendmsg+0xf3/0x170 net/socket.c:2404
> __sys_sendmsg+0xe5/0x1b0 net/socket.c:2433
> do_syscall_64+0x2d/0x70 arch/x86/entry/common.c:46
> entry_SYSCALL_64_after_hwframe+0x44/0xae
>
> Signed-off-by: Pavel Skripkin <paskripkin@gmail.com>
> Reported-by: syzbot+12cf5fbfdeba210a89dd@syzkaller.appspotmail.com
> ---
> net/mac802154/llsec.c | 2 +-
> 1 file changed, 1 insertion(+), 1 deletion(-)
>
> diff --git a/net/mac802154/llsec.c b/net/mac802154/llsec.c
> index 585d33144c33..6709f186f777 100644
> --- a/net/mac802154/llsec.c
> +++ b/net/mac802154/llsec.c
> @@ -151,7 +151,7 @@ llsec_key_alloc(const struct ieee802154_llsec_key *template)
> err_tfm0:
> crypto_free_sync_skcipher(key->tfm0);
> err_tfm:
> - for (i = 0; i < ARRAY_SIZE(key->tfm); i++)
> + for (; i >= 0; i--)
> if (key->tfm[i])
I think this need to be:
if (!IS_ERR_OR_NULL(key->tfm[i]))
otherwise we still run into issues for the current iterator when
key->tfm[i] is in range of IS_ERR().
- Alex
^ permalink raw reply [flat|nested] 10+ messages in thread
* Re: [PATCH] net: mac802154: Fix null pointer dereference
2021-03-04 2:40 ` Alexander Aring
@ 2021-03-04 9:23 ` Pavel Skripkin
2021-03-04 14:22 ` Alexander Aring
0 siblings, 1 reply; 10+ messages in thread
From: Pavel Skripkin @ 2021-03-04 9:23 UTC (permalink / raw)
To: Alexander Aring
Cc: Stefan Schmidt, David S. Miller, linux-wpan - ML,
open list:NETWORKING [GENERAL],
kernel list, syzbot+12cf5fbfdeba210a89dd
Hi, thanks for your reply!
On Wed, 2021-03-03 at 21:40 -0500, Alexander Aring wrote:
> Hi,
>
> On Wed, 3 Mar 2021 at 11:28, Pavel Skripkin <paskripkin@gmail.com>
> wrote:
> > syzbot found general protection fault in crypto_destroy_tfm()[1].
> > It was caused by wrong clean up loop in llsec_key_alloc().
> > If one of the tfm array members won't be initialized it will cause
> > NULL dereference in crypto_destroy_tfm().
> >
> > Call Trace:
> > crypto_free_aead include/crypto/aead.h:191 [inline] [1]
> > llsec_key_alloc net/mac802154/llsec.c:156 [inline]
> > mac802154_llsec_key_add+0x9e0/0xcc0 net/mac802154/llsec.c:249
> > ieee802154_add_llsec_key+0x56/0x80 net/mac802154/cfg.c:338
> > rdev_add_llsec_key net/ieee802154/rdev-ops.h:260 [inline]
> > nl802154_add_llsec_key+0x3d3/0x560 net/ieee802154/nl802154.c:1584
> > genl_family_rcv_msg_doit+0x228/0x320 net/netlink/genetlink.c:739
> > genl_family_rcv_msg net/netlink/genetlink.c:783 [inline]
> > genl_rcv_msg+0x328/0x580 net/netlink/genetlink.c:800
> > netlink_rcv_skb+0x153/0x420 net/netlink/af_netlink.c:2502
> > genl_rcv+0x24/0x40 net/netlink/genetlink.c:811
> > netlink_unicast_kernel net/netlink/af_netlink.c:1312 [inline]
> > netlink_unicast+0x533/0x7d0 net/netlink/af_netlink.c:1338
> > netlink_sendmsg+0x856/0xd90 net/netlink/af_netlink.c:1927
> > sock_sendmsg_nosec net/socket.c:654 [inline]
> > sock_sendmsg+0xcf/0x120 net/socket.c:674
> > ____sys_sendmsg+0x6e8/0x810 net/socket.c:2350
> > ___sys_sendmsg+0xf3/0x170 net/socket.c:2404
> > __sys_sendmsg+0xe5/0x1b0 net/socket.c:2433
> > do_syscall_64+0x2d/0x70 arch/x86/entry/common.c:46
> > entry_SYSCALL_64_after_hwframe+0x44/0xae
> >
> > Signed-off-by: Pavel Skripkin <paskripkin@gmail.com>
> > Reported-by: syzbot+12cf5fbfdeba210a89dd@syzkaller.appspotmail.com
> > ---
> > net/mac802154/llsec.c | 2 +-
> > 1 file changed, 1 insertion(+), 1 deletion(-)
> >
> > diff --git a/net/mac802154/llsec.c b/net/mac802154/llsec.c
> > index 585d33144c33..6709f186f777 100644
> > --- a/net/mac802154/llsec.c
> > +++ b/net/mac802154/llsec.c
> > @@ -151,7 +151,7 @@ llsec_key_alloc(const struct
> > ieee802154_llsec_key *template)
> > err_tfm0:
> > crypto_free_sync_skcipher(key->tfm0);
> > err_tfm:
> > - for (i = 0; i < ARRAY_SIZE(key->tfm); i++)
> > + for (; i >= 0; i--)
> > if (key->tfm[i])
>
> I think this need to be:
>
> if (!IS_ERR_OR_NULL(key->tfm[i]))
>
> otherwise we still run into issues for the current iterator when
> key->tfm[i] is in range of IS_ERR().
Oh... I got it completly wrong, I'm sorry. If it's still not fixed,
I'll send rigth patch for that.
>
> - Alex
--
With regards,
Pavel Skripkin
^ permalink raw reply [flat|nested] 10+ messages in thread
* Re: [PATCH] net: mac802154: Fix null pointer dereference
2021-03-04 9:23 ` Pavel Skripkin
@ 2021-03-04 14:22 ` Alexander Aring
2021-03-04 15:21 ` [PATCH v2] net: mac802154: Fix general protection fault Pavel Skripkin
0 siblings, 1 reply; 10+ messages in thread
From: Alexander Aring @ 2021-03-04 14:22 UTC (permalink / raw)
To: Pavel Skripkin
Cc: Stefan Schmidt, David S. Miller, linux-wpan - ML,
open list:NETWORKING [GENERAL],
kernel list, syzbot+12cf5fbfdeba210a89dd
Hi,
On Thu, 4 Mar 2021 at 04:23, Pavel Skripkin <paskripkin@gmail.com> wrote:
...
> >
> > I think this need to be:
> >
> > if (!IS_ERR_OR_NULL(key->tfm[i]))
> >
> > otherwise we still run into issues for the current iterator when
> > key->tfm[i] is in range of IS_ERR().
>
> Oh... I got it completly wrong, I'm sorry. If it's still not fixed,
> I'll send rigth patch for that.
>
please resend your patch. We will review again.
- Alex
^ permalink raw reply [flat|nested] 10+ messages in thread
* [PATCH v2] net: mac802154: Fix general protection fault
2021-03-04 14:22 ` Alexander Aring
@ 2021-03-04 15:21 ` Pavel Skripkin
2021-03-08 8:27 ` Stefan Schmidt
2021-04-05 0:43 ` Alexander Aring
0 siblings, 2 replies; 10+ messages in thread
From: Pavel Skripkin @ 2021-03-04 15:21 UTC (permalink / raw)
To: alex.aring, stefan, davem
Cc: linux-wpan, netdev, linux-kernel, Pavel Skripkin,
syzbot+9ec037722d2603a9f52e
syzbot found general protection fault in crypto_destroy_tfm()[1].
It was caused by wrong clean up loop in llsec_key_alloc().
If one of the tfm array members is in IS_ERR() range it will
cause general protection fault in clean up function [1].
Call Trace:
crypto_free_aead include/crypto/aead.h:191 [inline] [1]
llsec_key_alloc net/mac802154/llsec.c:156 [inline]
mac802154_llsec_key_add+0x9e0/0xcc0 net/mac802154/llsec.c:249
ieee802154_add_llsec_key+0x56/0x80 net/mac802154/cfg.c:338
rdev_add_llsec_key net/ieee802154/rdev-ops.h:260 [inline]
nl802154_add_llsec_key+0x3d3/0x560 net/ieee802154/nl802154.c:1584
genl_family_rcv_msg_doit+0x228/0x320 net/netlink/genetlink.c:739
genl_family_rcv_msg net/netlink/genetlink.c:783 [inline]
genl_rcv_msg+0x328/0x580 net/netlink/genetlink.c:800
netlink_rcv_skb+0x153/0x420 net/netlink/af_netlink.c:2502
genl_rcv+0x24/0x40 net/netlink/genetlink.c:811
netlink_unicast_kernel net/netlink/af_netlink.c:1312 [inline]
netlink_unicast+0x533/0x7d0 net/netlink/af_netlink.c:1338
netlink_sendmsg+0x856/0xd90 net/netlink/af_netlink.c:1927
sock_sendmsg_nosec net/socket.c:654 [inline]
sock_sendmsg+0xcf/0x120 net/socket.c:674
____sys_sendmsg+0x6e8/0x810 net/socket.c:2350
___sys_sendmsg+0xf3/0x170 net/socket.c:2404
__sys_sendmsg+0xe5/0x1b0 net/socket.c:2433
do_syscall_64+0x2d/0x70 arch/x86/entry/common.c:46
entry_SYSCALL_64_after_hwframe+0x44/0xae
Signed-off-by: Pavel Skripkin <paskripkin@gmail.com>
Reported-by: syzbot+9ec037722d2603a9f52e@syzkaller.appspotmail.com
Change-Id: I29f7ac641a039096d63d1e6070bb32cb5a3beb07
---
net/mac802154/llsec.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/net/mac802154/llsec.c b/net/mac802154/llsec.c
index 585d33144c33..55550ead2ced 100644
--- a/net/mac802154/llsec.c
+++ b/net/mac802154/llsec.c
@@ -152,7 +152,7 @@ llsec_key_alloc(const struct ieee802154_llsec_key *template)
crypto_free_sync_skcipher(key->tfm0);
err_tfm:
for (i = 0; i < ARRAY_SIZE(key->tfm); i++)
- if (key->tfm[i])
+ if (!IS_ERR_OR_NULL(key->tfm[i]))
crypto_free_aead(key->tfm[i]);
kfree_sensitive(key);
--
2.25.1
^ permalink raw reply related [flat|nested] 10+ messages in thread
* Re: [PATCH v2] net: mac802154: Fix general protection fault
2021-03-04 15:21 ` [PATCH v2] net: mac802154: Fix general protection fault Pavel Skripkin
@ 2021-03-08 8:27 ` Stefan Schmidt
2021-04-05 0:43 ` Alexander Aring
1 sibling, 0 replies; 10+ messages in thread
From: Stefan Schmidt @ 2021-03-08 8:27 UTC (permalink / raw)
To: Pavel Skripkin, alex.aring, davem
Cc: linux-wpan, netdev, linux-kernel, syzbot+9ec037722d2603a9f52e
Hello.
On 04.03.21 16:21, Pavel Skripkin wrote:
> syzbot found general protection fault in crypto_destroy_tfm()[1].
> It was caused by wrong clean up loop in llsec_key_alloc().
> If one of the tfm array members is in IS_ERR() range it will
> cause general protection fault in clean up function [1].
>
> Call Trace:
> crypto_free_aead include/crypto/aead.h:191 [inline] [1]
> llsec_key_alloc net/mac802154/llsec.c:156 [inline]
> mac802154_llsec_key_add+0x9e0/0xcc0 net/mac802154/llsec.c:249
> ieee802154_add_llsec_key+0x56/0x80 net/mac802154/cfg.c:338
> rdev_add_llsec_key net/ieee802154/rdev-ops.h:260 [inline]
> nl802154_add_llsec_key+0x3d3/0x560 net/ieee802154/nl802154.c:1584
> genl_family_rcv_msg_doit+0x228/0x320 net/netlink/genetlink.c:739
> genl_family_rcv_msg net/netlink/genetlink.c:783 [inline]
> genl_rcv_msg+0x328/0x580 net/netlink/genetlink.c:800
> netlink_rcv_skb+0x153/0x420 net/netlink/af_netlink.c:2502
> genl_rcv+0x24/0x40 net/netlink/genetlink.c:811
> netlink_unicast_kernel net/netlink/af_netlink.c:1312 [inline]
> netlink_unicast+0x533/0x7d0 net/netlink/af_netlink.c:1338
> netlink_sendmsg+0x856/0xd90 net/netlink/af_netlink.c:1927
> sock_sendmsg_nosec net/socket.c:654 [inline]
> sock_sendmsg+0xcf/0x120 net/socket.c:674
> ____sys_sendmsg+0x6e8/0x810 net/socket.c:2350
> ___sys_sendmsg+0xf3/0x170 net/socket.c:2404
> __sys_sendmsg+0xe5/0x1b0 net/socket.c:2433
> do_syscall_64+0x2d/0x70 arch/x86/entry/common.c:46
> entry_SYSCALL_64_after_hwframe+0x44/0xae
>
> Signed-off-by: Pavel Skripkin <paskripkin@gmail.com>
> Reported-by: syzbot+9ec037722d2603a9f52e@syzkaller.appspotmail.com
> Change-Id: I29f7ac641a039096d63d1e6070bb32cb5a3beb07
> ---
> net/mac802154/llsec.c | 2 +-
> 1 file changed, 1 insertion(+), 1 deletion(-)
>
> diff --git a/net/mac802154/llsec.c b/net/mac802154/llsec.c
> index 585d33144c33..55550ead2ced 100644
> --- a/net/mac802154/llsec.c
> +++ b/net/mac802154/llsec.c
> @@ -152,7 +152,7 @@ llsec_key_alloc(const struct ieee802154_llsec_key *template)
> crypto_free_sync_skcipher(key->tfm0);
> err_tfm:
> for (i = 0; i < ARRAY_SIZE(key->tfm); i++)
> - if (key->tfm[i])
> + if (!IS_ERR_OR_NULL(key->tfm[i]))
> crypto_free_aead(key->tfm[i]);
>
> kfree_sensitive(key);
>
Alex, are you happy with this patch now? I would like to get it applied.
Waiting for your review or ack given you had comments on the first version.
regards
Stefan Schmidt
^ permalink raw reply [flat|nested] 10+ messages in thread
* Re: [PATCH v2] net: mac802154: Fix general protection fault
2021-03-04 15:21 ` [PATCH v2] net: mac802154: Fix general protection fault Pavel Skripkin
2021-03-08 8:27 ` Stefan Schmidt
@ 2021-04-05 0:43 ` Alexander Aring
2021-04-05 5:45 ` Pavel Skripkin
1 sibling, 1 reply; 10+ messages in thread
From: Alexander Aring @ 2021-04-05 0:43 UTC (permalink / raw)
To: Pavel Skripkin
Cc: Stefan Schmidt, David S. Miller, linux-wpan - ML,
open list:NETWORKING [GENERAL],
kernel list, syzbot+9ec037722d2603a9f52e
Hi,
On Thu, 4 Mar 2021 at 10:25, Pavel Skripkin <paskripkin@gmail.com> wrote:
>
> syzbot found general protection fault in crypto_destroy_tfm()[1].
> It was caused by wrong clean up loop in llsec_key_alloc().
> If one of the tfm array members is in IS_ERR() range it will
> cause general protection fault in clean up function [1].
>
> Call Trace:
> crypto_free_aead include/crypto/aead.h:191 [inline] [1]
> llsec_key_alloc net/mac802154/llsec.c:156 [inline]
> mac802154_llsec_key_add+0x9e0/0xcc0 net/mac802154/llsec.c:249
> ieee802154_add_llsec_key+0x56/0x80 net/mac802154/cfg.c:338
> rdev_add_llsec_key net/ieee802154/rdev-ops.h:260 [inline]
> nl802154_add_llsec_key+0x3d3/0x560 net/ieee802154/nl802154.c:1584
> genl_family_rcv_msg_doit+0x228/0x320 net/netlink/genetlink.c:739
> genl_family_rcv_msg net/netlink/genetlink.c:783 [inline]
> genl_rcv_msg+0x328/0x580 net/netlink/genetlink.c:800
> netlink_rcv_skb+0x153/0x420 net/netlink/af_netlink.c:2502
> genl_rcv+0x24/0x40 net/netlink/genetlink.c:811
> netlink_unicast_kernel net/netlink/af_netlink.c:1312 [inline]
> netlink_unicast+0x533/0x7d0 net/netlink/af_netlink.c:1338
> netlink_sendmsg+0x856/0xd90 net/netlink/af_netlink.c:1927
> sock_sendmsg_nosec net/socket.c:654 [inline]
> sock_sendmsg+0xcf/0x120 net/socket.c:674
> ____sys_sendmsg+0x6e8/0x810 net/socket.c:2350
> ___sys_sendmsg+0xf3/0x170 net/socket.c:2404
> __sys_sendmsg+0xe5/0x1b0 net/socket.c:2433
> do_syscall_64+0x2d/0x70 arch/x86/entry/common.c:46
> entry_SYSCALL_64_after_hwframe+0x44/0xae
>
> Signed-off-by: Pavel Skripkin <paskripkin@gmail.com>
> Reported-by: syzbot+9ec037722d2603a9f52e@syzkaller.appspotmail.com
> Change-Id: I29f7ac641a039096d63d1e6070bb32cb5a3beb07
I am sorry, I don't know the tag "Change-Id", I was doing a whole grep
on Documentation/ without any luck.
Dumb question: What is the meaning of it?
- Alex
^ permalink raw reply [flat|nested] 10+ messages in thread
* Re: [PATCH v2] net: mac802154: Fix general protection fault
2021-04-05 0:43 ` Alexander Aring
@ 2021-04-05 5:45 ` Pavel Skripkin
2021-04-05 11:50 ` Alexander Aring
0 siblings, 1 reply; 10+ messages in thread
From: Pavel Skripkin @ 2021-04-05 5:45 UTC (permalink / raw)
To: Alexander Aring
Cc: Stefan Schmidt, David S. Miller, linux-wpan - ML,
open list:NETWORKING [GENERAL],
kernel list, syzbot+9ec037722d2603a9f52e
Hi!
On Sun, 2021-04-04 at 20:43 -0400, Alexander Aring wrote:
> Hi,
>
> On Thu, 4 Mar 2021 at 10:25, Pavel Skripkin <paskripkin@gmail.com>
> wrote:
> >
> > syzbot found general protection fault in crypto_destroy_tfm()[1].
> > It was caused by wrong clean up loop in llsec_key_alloc().
> > If one of the tfm array members is in IS_ERR() range it will
> > cause general protection fault in clean up function [1].
> >
> > Call Trace:
> > crypto_free_aead include/crypto/aead.h:191 [inline] [1]
> > llsec_key_alloc net/mac802154/llsec.c:156 [inline]
> > mac802154_llsec_key_add+0x9e0/0xcc0 net/mac802154/llsec.c:249
> > ieee802154_add_llsec_key+0x56/0x80 net/mac802154/cfg.c:338
> > rdev_add_llsec_key net/ieee802154/rdev-ops.h:260 [inline]
> > nl802154_add_llsec_key+0x3d3/0x560 net/ieee802154/nl802154.c:1584
> > genl_family_rcv_msg_doit+0x228/0x320 net/netlink/genetlink.c:739
> > genl_family_rcv_msg net/netlink/genetlink.c:783 [inline]
> > genl_rcv_msg+0x328/0x580 net/netlink/genetlink.c:800
> > netlink_rcv_skb+0x153/0x420 net/netlink/af_netlink.c:2502
> > genl_rcv+0x24/0x40 net/netlink/genetlink.c:811
> > netlink_unicast_kernel net/netlink/af_netlink.c:1312 [inline]
> > netlink_unicast+0x533/0x7d0 net/netlink/af_netlink.c:1338
> > netlink_sendmsg+0x856/0xd90 net/netlink/af_netlink.c:1927
> > sock_sendmsg_nosec net/socket.c:654 [inline]
> > sock_sendmsg+0xcf/0x120 net/socket.c:674
> > ____sys_sendmsg+0x6e8/0x810 net/socket.c:2350
> > ___sys_sendmsg+0xf3/0x170 net/socket.c:2404
> > __sys_sendmsg+0xe5/0x1b0 net/socket.c:2433
> > do_syscall_64+0x2d/0x70 arch/x86/entry/common.c:46
> > entry_SYSCALL_64_after_hwframe+0x44/0xae
> >
> > Signed-off-by: Pavel Skripkin <paskripkin@gmail.com>
> > Reported-by: syzbot+9ec037722d2603a9f52e@syzkaller.appspotmail.com
> > Change-Id: I29f7ac641a039096d63d1e6070bb32cb5a3beb07
>
> I am sorry, I don't know the tag "Change-Id", I was doing a whole
> grep
> on Documentation/ without any luck.
>
I forgot to check the patch with ./scripts/checkpatch.pl :(
> Dumb question: What is the meaning of it?
This is for gerrit code review. This is required to push changes to
gerrit public mirror. I'm using it to check patches with syzbot. Change
ids are useless outside gerrit, so it shouldn't be here.
Btw, should I sent v2 or this is already fixed?
>
> - Alex
With regards,
Pavel Skripkin
^ permalink raw reply [flat|nested] 10+ messages in thread
* Re: [PATCH v2] net: mac802154: Fix general protection fault
2021-04-05 5:45 ` Pavel Skripkin
@ 2021-04-05 11:50 ` Alexander Aring
2021-04-06 20:43 ` Stefan Schmidt
0 siblings, 1 reply; 10+ messages in thread
From: Alexander Aring @ 2021-04-05 11:50 UTC (permalink / raw)
To: Pavel Skripkin
Cc: Stefan Schmidt, David S. Miller, linux-wpan - ML,
open list:NETWORKING [GENERAL],
kernel list, syzbot+9ec037722d2603a9f52e
Hi,
On Mon, 5 Apr 2021 at 01:45, Pavel Skripkin <paskripkin@gmail.com> wrote:
>
> Hi!
>
...
> >
>
> I forgot to check the patch with ./scripts/checkpatch.pl :(
>
> > Dumb question: What is the meaning of it?
>
> This is for gerrit code review. This is required to push changes to
> gerrit public mirror. I'm using it to check patches with syzbot. Change
> ids are useless outside gerrit, so it shouldn't be here.
>
> Btw, should I sent v2 or this is already fixed?
Otherwise the patch looks good. May Stefan can fix this.
Acked-by: Alexander Aring <aahringo@redhat.com>
- Alex
^ permalink raw reply [flat|nested] 10+ messages in thread
* Re: [PATCH v2] net: mac802154: Fix general protection fault
2021-04-05 11:50 ` Alexander Aring
@ 2021-04-06 20:43 ` Stefan Schmidt
0 siblings, 0 replies; 10+ messages in thread
From: Stefan Schmidt @ 2021-04-06 20:43 UTC (permalink / raw)
To: Alexander Aring, Pavel Skripkin
Cc: David S. Miller, linux-wpan - ML, open list:NETWORKING [GENERAL],
kernel list, syzbot+9ec037722d2603a9f52e
Hello.
On 05.04.21 13:50, Alexander Aring wrote:
> Hi,
>
> On Mon, 5 Apr 2021 at 01:45, Pavel Skripkin <paskripkin@gmail.com> wrote:
>>
>> Hi!
>>
> ...
>>>
>>
>> I forgot to check the patch with ./scripts/checkpatch.pl :(
>>
>>> Dumb question: What is the meaning of it?
>>
>> This is for gerrit code review. This is required to push changes to
>> gerrit public mirror. I'm using it to check patches with syzbot. Change
>> ids are useless outside gerrit, so it shouldn't be here.
>>
>> Btw, should I sent v2 or this is already fixed?
>
> Otherwise the patch looks good. May Stefan can fix this.
>
> Acked-by: Alexander Aring <aahringo@redhat.com>
I removed the Change-ID locally here.
This patch has been applied to the wpan tree and will be
part of the next pull request to net. Thanks!
regards
Stefan Schmidt
^ permalink raw reply [flat|nested] 10+ messages in thread
end of thread, other threads:[~2021-04-06 20:44 UTC | newest]
Thread overview: 10+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2021-03-03 16:27 [PATCH] net: mac802154: Fix null pointer dereference Pavel Skripkin
2021-03-04 2:40 ` Alexander Aring
2021-03-04 9:23 ` Pavel Skripkin
2021-03-04 14:22 ` Alexander Aring
2021-03-04 15:21 ` [PATCH v2] net: mac802154: Fix general protection fault Pavel Skripkin
2021-03-08 8:27 ` Stefan Schmidt
2021-04-05 0:43 ` Alexander Aring
2021-04-05 5:45 ` Pavel Skripkin
2021-04-05 11:50 ` Alexander Aring
2021-04-06 20:43 ` Stefan Schmidt
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).