From: Ido Schimmel <idosch@idosch•org>
To: Prashant Bhole <bhole_prashant_q7@lab•ntt.co.jp>
Cc: "David S . Miller" <davem@davemloft•net>,
Eric Dumazet <edumazet@google•com>,
Daniel Borkmann <daniel@iogearbox•net>,
Alexei Starovoitov <ast@kernel•org>,
Kirill Tkhai <ktkhai@virtuozzo•com>,
Florian Westphal <fw@strlen•de>,
netdev@vger•kernel.org
Subject: Re: [PATCH net-next] rtnetlink: Fix null-ptr-deref in rtnl_newlink
Date: Fri, 1 Jun 2018 16:03:18 +0300 [thread overview]
Message-ID: <20180601130318.GA16260@splinter.mtl.com> (raw)
In-Reply-To: <20180601081658.6968-1-bhole_prashant_q7@lab.ntt.co.jp>
On Fri, Jun 01, 2018 at 05:16:58PM +0900, Prashant Bhole wrote:
> In rtnl_newlink(), NULL check is performed on m_ops however member of
> ops is accessed. Fixed by accessing member of m_ops instead of ops.
>
> [ 345.432629] BUG: KASAN: null-ptr-deref in rtnl_newlink+0x400/0x1110
> [ 345.432629] Read of size 4 at addr 0000000000000088 by task ip/986
> [ 345.432629]
> [ 345.432629] CPU: 1 PID: 986 Comm: ip Not tainted 4.17.0-rc6+ #9
> [ 345.432629] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.10.2-1ubuntu1 04/01/2014
> [ 345.432629] Call Trace:
> [ 345.432629] dump_stack+0xc6/0x150
> [ 345.432629] ? dump_stack_print_info.cold.0+0x1b/0x1b
> [ 345.432629] ? kasan_report+0xb4/0x410
> [ 345.432629] kasan_report.cold.4+0x8f/0x91
> [ 345.432629] ? rtnl_newlink+0x400/0x1110
> [ 345.432629] rtnl_newlink+0x400/0x1110
> [...]
>
> Fixes: ccf8dbcd062a ("rtnetlink: Remove VLA usage")
> Signed-off-by: Prashant Bhole <bhole_prashant_q7@lab•ntt.co.jp>
My machine crashed while running regression tests. Thanks for fixing!
Tested-by: Ido Schimmel <idosch@mellanox•com>
next prev parent reply other threads:[~2018-06-01 13:03 UTC|newest]
Thread overview: 5+ messages / expand[flat|nested] mbox.gz Atom feed top
2018-06-01 8:16 [PATCH net-next] rtnetlink: Fix null-ptr-deref in rtnl_newlink Prashant Bhole
2018-06-01 8:26 ` Eric Dumazet
2018-06-01 22:13 ` Kees Cook
2018-06-01 13:03 ` Ido Schimmel [this message]
2018-06-01 14:39 ` David Miller
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20180601130318.GA16260@splinter.mtl.com \
--to=idosch@idosch$(echo .)org \
--cc=ast@kernel$(echo .)org \
--cc=bhole_prashant_q7@lab$(echo .)ntt.co.jp \
--cc=daniel@iogearbox$(echo .)net \
--cc=davem@davemloft$(echo .)net \
--cc=edumazet@google$(echo .)com \
--cc=fw@strlen$(echo .)de \
--cc=ktkhai@virtuozzo$(echo .)com \
--cc=netdev@vger$(echo .)kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox