From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1754202AbdHYE63 (ORCPT ); Fri, 25 Aug 2017 00:58:29 -0400 Received: from shards.monkeyblade.net ([184.105.139.130]:36592 "EHLO shards.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1751662AbdHYE62 (ORCPT ); Fri, 25 Aug 2017 00:58:28 -0400 Date: Thu, 24 Aug 2017 21:58:27 -0700 (PDT) Message-Id: <20170824.215827.1642146539202794550.davem@davemloft.net> To: ebiggers3@gmail.com Cc: netdev@vger.kernel.org, linux-kernel@vger.kernel.org, ebiggers@google.com, dvyukov@google.com, tom@quantonium.net Subject: Re: [PATCH] strparser: initialize all callbacks From: David Miller In-Reply-To: <20170824213851.57601-1-ebiggers3@gmail.com> References: <20170824213851.57601-1-ebiggers3@gmail.com> X-Mailer: Mew version 6.7 on Emacs 25.2 / Mule 6.0 (HANACHIRUSATO) Mime-Version: 1.0 Content-Type: Text/Plain; charset=us-ascii Content-Transfer-Encoding: 7bit X-Greylist: Sender succeeded SMTP AUTH, not delayed by milter-greylist-4.5.12 (shards.monkeyblade.net [149.20.54.216]); Thu, 24 Aug 2017 21:58:27 -0700 (PDT) Sender: linux-kernel-owner@vger.kernel.org List-ID: X-Mailing-List: linux-kernel@vger.kernel.org From: Eric Biggers Date: Thu, 24 Aug 2017 14:38:51 -0700 > From: Eric Biggers > > commit bbb03029a899 ("strparser: Generalize strparser") added more > function pointers to 'struct strp_callbacks'; however, kcm_attach() was > not updated to initialize them. This could cause the ->lock() and/or > ->unlock() function pointers to be set to garbage values, causing a > crash in strp_work(). > > Fix the bug by moving the callback structs into static memory, so > unspecified members are zeroed. Also constify them while we're at it. > > This bug was found by syzkaller, which encountered the following splat: ... > Fixes: bbb03029a899 ("strparser: Generalize strparser") > Signed-off-by: Eric Biggers This commit is only in net-next, so that is where I am applying this patch. Thanks.