[PATCH AUTOSEL 5.3 29/71] net_sched: add max len check for TCA_KIND

public inbox for netdev@vger.kernel.org 
 help / color / mirror / Atom feed

From: Sasha Levin <sashal@kernel•org>
To: linux-kernel@vger•kernel.org, stable@vger•kernel.org
Cc: Cong Wang <xiyou.wangcong@gmail•com>,
	syzbot+618aacd49e8c8b8486bd@syzkaller•appspotmail.com,
	Jamal Hadi Salim <jhs@mojatatu•com>,
	David Ahern <dsahern@gmail•com>, Jiri Pirko <jiri@mellanox•com>,
	Jakub Kicinski <jakub.kicinski@netronome•com>,
	Sasha Levin <sashal@kernel•org>,
	netdev@vger•kernel.org
Subject: [PATCH AUTOSEL 5.3 29/71] net_sched: add max len check for TCA_KIND
Date: Tue,  1 Oct 2019 12:38:39 -0400	[thread overview]
Message-ID: <20191001163922.14735-29-sashal@kernel.org> (raw)
In-Reply-To: <20191001163922.14735-1-sashal@kernel.org>

From: Cong Wang <xiyou.wangcong@gmail•com>

[ Upstream commit 62794fc4fbf52f2209dc094ea255eaef760e7d01 ]

The TCA_KIND attribute is of NLA_STRING which does not check
the NUL char. KMSAN reported an uninit-value of TCA_KIND which
is likely caused by the lack of NUL.

Change it to NLA_NUL_STRING and add a max len too.

Fixes: 8b4c3cdd9dd8 ("net: sched: Add policy validation for tc attributes")
Reported-and-tested-by: syzbot+618aacd49e8c8b8486bd@syzkaller•appspotmail.com
Cc: Jamal Hadi Salim <jhs@mojatatu•com>
Signed-off-by: Cong Wang <xiyou.wangcong@gmail•com>
Reviewed-by: David Ahern <dsahern@gmail•com>
Acked-by: Jiri Pirko <jiri@mellanox•com>
Signed-off-by: Jakub Kicinski <jakub.kicinski@netronome•com>
Signed-off-by: Sasha Levin <sashal@kernel•org>
---
 net/sched/sch_api.c | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/net/sched/sch_api.c b/net/sched/sch_api.c
index 1047825d9f48d..81d58b2806122 100644
--- a/net/sched/sch_api.c
+++ b/net/sched/sch_api.c
@@ -1390,7 +1390,8 @@ check_loop_fn(struct Qdisc *q, unsigned long cl, struct qdisc_walker *w)
 }
 
 const struct nla_policy rtm_tca_policy[TCA_MAX + 1] = {
-	[TCA_KIND]		= { .type = NLA_STRING },
+	[TCA_KIND]		= { .type = NLA_NUL_STRING,
+				    .len = IFNAMSIZ - 1 },
 	[TCA_RATE]		= { .type = NLA_BINARY,
 				    .len = sizeof(struct tc_estimator) },
 	[TCA_STAB]		= { .type = NLA_NESTED },
-- 
2.20.1

next prev parent reply	other threads:[~2019-10-01 16:40 UTC|newest]

Thread overview: 30+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
     [not found] <20191001163922.14735-1-sashal@kernel.org>
2019-10-01 16:38 ` [PATCH AUTOSEL 5.3 05/71] xprtrdma: Toggle XPRT_CONGESTED in xprtrdma's slot methods Sasha Levin
2019-10-01 16:38 ` [PATCH AUTOSEL 5.3 06/71] xprtrdma: Send Queue size grows after a reconnect Sasha Levin
2019-10-01 16:38 ` [PATCH AUTOSEL 5.3 07/71] 9p: Transport error uninitialized Sasha Levin
2019-10-01 16:38 ` [PATCH AUTOSEL 5.3 16/71] SUNRPC: RPC level errors should always set task->tk_rpc_status Sasha Levin
2019-10-01 16:38 ` [PATCH AUTOSEL 5.3 18/71] netfilter: nf_tables: allow lookups in dynamic sets Sasha Levin
2019-10-01 16:38 ` [PATCH AUTOSEL 5.3 23/71] SUNRPC: Don't try to parse incomplete RPC messages Sasha Levin
2019-10-01 16:38 ` [PATCH AUTOSEL 5.3 24/71] net/sched: act_sample: don't push mac header on ip6gre ingress Sasha Levin
2019-10-01 16:38 ` [PATCH AUTOSEL 5.3 26/71] cdc_ncm: fix divide-by-zero caused by invalid wMaxPacketSize Sasha Levin
2019-10-01 16:38 ` [PATCH AUTOSEL 5.3 27/71] usbnet: ignore endpoints with " Sasha Levin
2019-10-01 16:38 ` [PATCH AUTOSEL 5.3 28/71] net/phy: fix DP83865 10 Mbps HDX loopback disable function Sasha Levin
2019-10-01 16:38 ` Sasha Levin [this message]
2019-10-01 16:38 ` [PATCH AUTOSEL 5.3 30/71] selftests/seccomp: fix build on older kernels Sasha Levin
2019-10-01 16:38 ` [PATCH AUTOSEL 5.3 37/71] net/mlx5e: Fix matching on tunnel addresses type Sasha Levin
2019-10-01 16:38 ` [PATCH AUTOSEL 5.3 38/71] net/mlx5e: Fix traffic duplication in ethtool steering Sasha Levin
2019-10-01 16:38 ` [PATCH AUTOSEL 5.3 42/71] arcnet: provide a buffer big enough to actually receive packets Sasha Levin
2019-10-01 16:38 ` [PATCH AUTOSEL 5.3 44/71] ppp: Fix memory leak in ppp_write Sasha Levin
2019-10-01 16:39 ` [PATCH AUTOSEL 5.3 50/71] selftests/bpf: adjust strobemeta loop to satisfy latest clang Sasha Levin
2019-10-01 16:39 ` [PATCH AUTOSEL 5.3 52/71] libbpf: fix false uninitialized variable warning Sasha Levin
2019-10-01 16:39 ` [PATCH AUTOSEL 5.3 55/71] bpf: Fix bpf_event_output re-entry issue Sasha Levin
2019-10-01 16:39 ` [PATCH AUTOSEL 5.3 56/71] macsec: drop skb sk before calling gro_cells_receive Sasha Levin
2019-10-01 16:39 ` [PATCH AUTOSEL 5.3 57/71] net: dsa: microchip: Always set regmap stride to 1 Sasha Levin
2019-10-01 16:39 ` [PATCH AUTOSEL 5.3 60/71] nfp: flower: fix memory leak in nfp_flower_spawn_vnic_reprs Sasha Levin
2019-10-01 16:39 ` [PATCH AUTOSEL 5.3 61/71] net: stmmac: Fix page pool size Sasha Levin
2019-10-01 16:39 ` [PATCH AUTOSEL 5.3 62/71] net: phy: micrel: add Asym Pause workaround for KSZ9021 Sasha Levin
2019-10-01 16:39 ` [PATCH AUTOSEL 5.3 63/71] mlxsw: spectrum_flower: Fail in case user specifies multiple mirror actions Sasha Levin
2019-10-01 16:39 ` [PATCH AUTOSEL 5.3 64/71] vrf: Do not attempt to create IPv6 mcast rule if IPv6 is disabled Sasha Levin
2019-10-01 16:39 ` [PATCH AUTOSEL 5.3 65/71] nfp: flower: prevent memory leak in nfp_flower_spawn_phy_reprs Sasha Levin
2019-10-01 16:39 ` [PATCH AUTOSEL 5.3 66/71] nfp: abm: fix memory leak in nfp_abm_u32_knode_replace Sasha Levin
2019-10-01 16:39 ` [PATCH AUTOSEL 5.3 69/71] usbnet: sanity checking of packet sizes and device mtu Sasha Levin
2019-10-01 16:39 ` [PATCH AUTOSEL 5.3 70/71] sch_netem: fix a divide by zero in tabledist() Sasha Levin

find likely ancestor, descendant, or conflicting patches for this message:
( dfblob:1047825d9f48 dfblob:81d58b280612 )
 OR (
bs:"[PATCH AUTOSEL 5.3 29/71] net_sched: add max len check for TCA_KIND" )
	(help)

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=20191001163922.14735-29-sashal@kernel.org \
    --to=sashal@kernel$(echo .)org \
    --cc=dsahern@gmail$(echo .)com \
    --cc=jakub.kicinski@netronome$(echo .)com \
    --cc=jhs@mojatatu$(echo .)com \
    --cc=jiri@mellanox$(echo .)com \
    --cc=linux-kernel@vger$(echo .)kernel.org \
    --cc=netdev@vger$(echo .)kernel.org \
    --cc=stable@vger$(echo .)kernel.org \
    --cc=syzbot+618aacd49e8c8b8486bd@syzkaller$(echo .)appspotmail.com \
    --cc=xiyou.wangcong@gmail$(echo .)com \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

Be sure your reply has a Subject: header at the top and a blank line before the message body.

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox