GitHub-Mirror/Star64_linux
2
0
Fork 0
mirror of https://github.com/Fishwaldo/Star64_linux.git synced 2025-03-15 11:44:11 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions
Star64_linux/net/core
History
Exact
Ido Schimmel 6e1bc318b7 rtnetlink: Reject negative ifindexes in RTM_NEWLINK 
[ Upstream commit 30188bd783 ]

Negative ifindexes are illegal, but the kernel does not validate the
ifindex in the ancillary header of RTM_NEWLINK messages, resulting in
the kernel generating a warning [1] when such an ifindex is specified.

Fix by rejecting negative ifindexes.

[1]
WARNING: CPU: 0 PID: 5031 at net/core/dev.c:9593 dev_index_reserve+0x1a2/0x1c0 net/core/dev.c:9593
[...]
Call Trace:
 <TASK>
 register_netdevice+0x69a/0x1490 net/core/dev.c:10081
 br_dev_newlink+0x27/0x110 net/bridge/br_netlink.c:1552
 rtnl_newlink_create net/core/rtnetlink.c:3471 [inline]
 __rtnl_newlink+0x115e/0x18c0 net/core/rtnetlink.c:3688
 rtnl_newlink+0x67/0xa0 net/core/rtnetlink.c:3701
 rtnetlink_rcv_msg+0x439/0xd30 net/core/rtnetlink.c:6427
 netlink_rcv_skb+0x16b/0x440 net/netlink/af_netlink.c:2545
 netlink_unicast_kernel net/netlink/af_netlink.c:1342 [inline]
 netlink_unicast+0x536/0x810 net/netlink/af_netlink.c:1368
 netlink_sendmsg+0x93c/0xe40 net/netlink/af_netlink.c:1910
 sock_sendmsg_nosec net/socket.c:728 [inline]
 sock_sendmsg+0xd9/0x180 net/socket.c:751
 ____sys_sendmsg+0x6ac/0x940 net/socket.c:2538
 ___sys_sendmsg+0x135/0x1d0 net/socket.c:2592
 __sys_sendmsg+0x117/0x1e0 net/socket.c:2621
 do_syscall_x64 arch/x86/entry/common.c:50 [inline]
 do_syscall_64+0x38/0xb0 arch/x86/entry/common.c:80
 entry_SYSCALL_64_after_hwframe+0x63/0xcd

Fixes: 38f7b870d4 ("[RTNETLINK]: Link creation API")
Reported-by: syzbot+5ba06978f34abb058571@syzkaller.appspotmail.com
Signed-off-by: Ido Schimmel <idosch@nvidia.com>
Reviewed-by: Jiri Pirko <jiri@nvidia.com>
Reviewed-by: Jakub Kicinski <kuba@kernel.org>
Link: https://lore.kernel.org/r/20230823064348.2252280-1-idosch@nvidia.com
Signed-off-by: Paolo Abeni <pabeni@redhat.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
2023-09-05 01:25:06 +08:00
..
bpf_sk_storage.c bpf: Add length check for SK_DIAG_BPF_STORAGE_REQ_MAP_FD parsing 2023-08-20 16:01:31 +08:00
datagram.c net: datagram: fix data-races in datagram_poll() 2023-06-06 18:39:26 +08:00
datagram.h
dev.c Remove DECnet support from kernel 2023-08-20 15:23:42 +08:00
dev_addr_lists.c net: dev_addr_list: handle first address in __hw_addr_add_ex 2021-09-30 13:29:09 +01:00
dev_ioctl.c
devlink.c devlink: Fix use-after-free after a failed reload 2023-04-19 17:53:02 +08:00
drop_monitor.c net: skb: introduce kfree_skb_reason() 2023-04-19 17:51:40 +08:00
dst.c
dst_cache.c wireguard: device: reset peer src endpoint when netns exits 2023-04-19 17:42:43 +08:00
failover.c
fib_notifier.c
fib_rules.c ipv6: fix memory leak in fib6_rule_suppress 2023-04-19 17:42:41 +08:00
filter.c net: core: remove unnecessary frame_sz check in bpf_xdp_adjust_tail() 2023-08-20 16:01:41 +08:00
flow_dissector.c netfilter: conntrack: Fix data-races around ct mark 2023-04-19 17:56:36 +08:00
flow_offload.c netfilter: nf_tables: bail out early if hardware offload is not supported 2023-04-19 17:50:20 +08:00
gen_estimator.c
gen_stats.c
gro_cells.c net: Fix data-races around netdev_max_backlog. 2023-04-19 17:53:22 +08:00
hwbm.c
link_watch.c net: Write lock dev_base_lock without disabling bottom halves. 2023-04-19 17:50:41 +08:00
lwt_bpf.c bpf, lwt: Fix crash when using bpf_skb_set_tunnel_key() from bpf_xmit lwt hook 2023-04-19 17:48:25 +08:00
lwtunnel.c lwtunnel: Validate RTA_ENCAP_TYPE attribute length 2023-04-19 17:43:35 +08:00
Makefile of: net: move of_net under net/ 2023-04-19 17:45:56 +08:00
neighbour.c neighbour: delete neigh_lookup_nodev as not used 2023-08-20 15:23:47 +08:00
net-procfs.c net-procfs: show net devices bound packet types 2023-04-19 17:44:53 +08:00
net-sysfs.c net: fix data-race in dev_isalive() 2023-04-19 17:50:41 +08:00
net-sysfs.h
net-traces.c
net_namespace.c net: fix UaF in netns ops registration error path 2023-04-19 17:59:03 +08:00
netclassid_cgroup.c bpf, cgroups: Fix cgroup v2 fallback on v1/v2 mixed mode 2021-09-13 16:35:58 -07:00
netevent.c
netpoll.c net: don't let netpoll invoke NAPI if in xmit context 2023-04-19 18:01:19 +08:00
netprio_cgroup.c bpf, cgroups: Fix cgroup v2 fallback on v1/v2 mixed mode 2021-09-13 16:35:58 -07:00
of_net.c of: net: add a helper for loading netdev->dev_addr 2023-08-20 16:01:11 +08:00
page_pool.c page_pool: fix inconsistency for page_pool_ring_[un]lock() 2023-06-06 18:43:30 +08:00
pktgen.c pktgen: remove unused variable 2021-09-03 11:48:28 +01:00
ptp_classifier.c
request_sock.c
rtnetlink.c rtnetlink: Reject negative ifindexes in RTM_NEWLINK 2023-09-05 01:25:06 +08:00
scm.c scm: add user copy checks to put_cmsg() 2023-04-19 18:00:11 +08:00
secure_seq.c tcp: Fix data-races around sysctl knobs related to SYN option. 2023-04-19 17:51:44 +08:00
selftests.c
skbuff.c net: prevent skb corruption on frag list segmentation 2023-08-20 15:24:54 +08:00
skmsg.c bpf, sockmap: Fix bug that strp_done cannot be called 2023-08-20 16:01:42 +08:00
sock.c sock: Fix misuse of sk_under_memory_pressure() 2023-08-28 23:27:03 +08:00
sock_destructor.h skb_expand_head() adjust skb->truesize incorrectly 2021-10-22 12:35:51 -07:00
sock_diag.c
sock_map.c bpf, sockmap: Fix map type error in sock_map_del_link 2023-08-20 16:01:41 +08:00
sock_reuseport.c soreuseport: Fix socket selection for SO_INCOMING_CPU. 2023-04-19 17:57:19 +08:00
stream.c net: deal with most data-races in sk_wait_event() 2023-06-06 18:39:25 +08:00
sysctl_net_core.c net: Fix data-races around weight_p and dev_weight_[rt]x_bias. 2023-04-19 17:53:22 +08:00
timestamping.c
tso.c
utils.c
xdp.c xdp: xdp_mem_allocator can be NULL in trace_mem_connect(). 2023-06-06 18:43:30 +08:00