bianbu-repo-mirror/bianbu-linux-6.6
1
0
Fork 0
mirror of https://gitee.com/bianbu-linux/linux-6.6 synced 2025-04-24 14:07:52 -04:00
Code Issues Projects Releases Packages Wiki Activity Actions
bianbu-linux-6.6/net/ipv6
History
Eric Dumazet 73e7c8ca6a ipv6: prevent possible NULL dereference in rt6_probe() 
[ Upstream commit b86762dbe19a62e785c189f313cda5b989931f37 ]

syzbot caught a NULL dereference in rt6_probe() [1]

Bail out if  __in6_dev_get() returns NULL.

[1]
Oops: general protection fault, probably for non-canonical address 0xdffffc00000000cb: 0000 [#1] PREEMPT SMP KASAN PTI
KASAN: null-ptr-deref in range [0x0000000000000658-0x000000000000065f]
CPU: 1 PID: 22444 Comm: syz-executor.0 Not tainted 6.10.0-rc2-syzkaller-00383-gb8481381d4e2 #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/02/2024
 RIP: 0010:rt6_probe net/ipv6/route.c:656 [inline]
 RIP: 0010:find_match+0x8c4/0xf50 net/ipv6/route.c:758
Code: 14 fd f7 48 8b 85 38 ff ff ff 48 c7 45 b0 00 00 00 00 48 8d b8 5c 06 00 00 48 b8 00 00 00 00 00 fc ff df 48 89 fa 48 c1 ea 03 <0f> b6 14 02 48 89 f8 83 e0 07 83 c0 03 38 d0 7c 08 84 d2 0f 85 19
RSP: 0018:ffffc900034af070 EFLAGS: 00010203
RAX: dffffc0000000000 RBX: 0000000000000000 RCX: ffffc90004521000
RDX: 00000000000000cb RSI: ffffffff8990d0cd RDI: 000000000000065c
RBP: ffffc900034af150 R08: 0000000000000005 R09: 0000000000000000
R10: 0000000000000001 R11: 0000000000000002 R12: 000000000000000a
R13: 1ffff92000695e18 R14: ffff8880244a1d20 R15: 0000000000000000
FS:  00007f4844a5a6c0(0000) GS:ffff8880b9300000(0000) knlGS:0000000000000000
CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 0000001b31b27000 CR3: 000000002d42c000 CR4: 00000000003506f0
DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
Call Trace:
 <TASK>
  rt6_nh_find_match+0xfa/0x1a0 net/ipv6/route.c:784
  nexthop_for_each_fib6_nh+0x26d/0x4a0 net/ipv4/nexthop.c:1496
  __find_rr_leaf+0x6e7/0xe00 net/ipv6/route.c:825
  find_rr_leaf net/ipv6/route.c:853 [inline]
  rt6_select net/ipv6/route.c:897 [inline]
  fib6_table_lookup+0x57e/0xa30 net/ipv6/route.c:2195
  ip6_pol_route+0x1cd/0x1150 net/ipv6/route.c:2231
  pol_lookup_func include/net/ip6_fib.h:616 [inline]
  fib6_rule_lookup+0x386/0x720 net/ipv6/fib6_rules.c:121
  ip6_route_output_flags_noref net/ipv6/route.c:2639 [inline]
  ip6_route_output_flags+0x1d0/0x640 net/ipv6/route.c:2651
  ip6_dst_lookup_tail.constprop.0+0x961/0x1760 net/ipv6/ip6_output.c:1147
  ip6_dst_lookup_flow+0x99/0x1d0 net/ipv6/ip6_output.c:1250
  rawv6_sendmsg+0xdab/0x4340 net/ipv6/raw.c:898
  inet_sendmsg+0x119/0x140 net/ipv4/af_inet.c:853
  sock_sendmsg_nosec net/socket.c:730 [inline]
  __sock_sendmsg net/socket.c:745 [inline]
  sock_write_iter+0x4b8/0x5c0 net/socket.c:1160
  new_sync_write fs/read_write.c:497 [inline]
  vfs_write+0x6b6/0x1140 fs/read_write.c:590
  ksys_write+0x1f8/0x260 fs/read_write.c:643
  do_syscall_x64 arch/x86/entry/common.c:52 [inline]
  do_syscall_64+0xcd/0x250 arch/x86/entry/common.c:83
 entry_SYSCALL_64_after_hwframe+0x77/0x7f

Fixes: 52e1635631 ("[IPV6]: ROUTE: Add router_probe_interval sysctl.")
Signed-off-by: Eric Dumazet <edumazet@google.com>
Reviewed-by: Jason Xing <kerneljasonxing@gmail.com>
Reviewed-by: David Ahern <dsahern@kernel.org>
Link: https://lore.kernel.org/r/20240615151454.166404-1-edumazet@google.com
Signed-off-by: Jakub Kicinski <kuba@kernel.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
2024-06-27 13:49:06 +02:00
..
ila ila: Remove unnecessary file net/ila.h 2023-08-02 12:28:16 -07:00
netfilter netfilter: complete validation of user input 2024-04-17 11:19:30 +02:00
addrconf.c ipv6: annotate data-races around cnf.disable_ipv6 2024-05-17 12:02:24 +02:00
addrconf_core.c ipv6: Ensure natural alignment of const ipv6 loopback and router addresses 2024-02-05 20:14:36 +00:00
addrlabel.c ipv6: addrlabel: fix infoleak when sending struct ifaddrlblmsg to network 2022-11-07 12:26:15 +00:00
af_inet6.c bpf: Derive source IP addr via bpf_*_fib_lookup() 2024-03-01 13:35:04 +01:00
ah6.c net: ipv6: Remove completion function scaffolding 2023-02-13 18:35:15 +08:00
anycast.c IPv6: add extack info for IPv6 address add/delete 2023-07-28 11:01:56 +01:00
calipso.c
datagram.c inet: introduce inet->inet_flags 2023-08-16 11:09:16 +01:00
esp6.c net: esp: fix bad handling of pages from page_pool 2024-04-03 15:28:35 +02:00
esp6_offload.c Merge git://git.kernel.org/pub/scm/linux/kernel/git/netdev/net 2023-06-22 18:40:38 -07:00
exthdrs.c Fix write to cloned skb in ipv6_hop_ioam() 2024-03-01 13:35:10 +01:00
exthdrs_core.c ipv6: Fix out-of-bounds access in ipv6_find_tlv() 2023-05-24 08:43:39 +01:00
exthdrs_offload.c
fib6_notifier.c
fib6_rules.c ipv6: fib6_rules: avoid possible NULL dereference in fib6_rule_action() 2024-05-17 12:02:23 +02:00
fou6.c
icmp.c sysctl-6.6-rc1 2023-08-29 17:39:15 -07:00
inet6_connection_sock.c net: annotate lockless accesses to sk->sk_err_soft 2023-03-17 08:25:05 +00:00
inet6_hashtables.c net: remove duplicate INDIRECT_CALLABLE_DECLARE of udp[6]_ehashfn 2023-07-31 13:53:10 -07:00
ioam6.c genetlink: start to validate reserved header bytes 2022-08-29 12:47:15 +01:00
ioam6_iptunnel.c ipv6: ioam: block BH from ioam6_output() 2024-06-21 14:38:15 +02:00
ip6_checksum.c
ip6_fib.c ipv6: fix possible race in __fib6_drop_pcpu_from() 2024-06-21 14:38:20 +02:00
ip6_flowlabel.c ipv6: flowlabel: do not disable BH where not needed 2023-03-21 21:32:18 -07:00
ip6_gre.c net: add netdev_lockdep_set_classes() to virtual drivers 2024-04-13 13:07:30 +02:00
ip6_icmp.c
ip6_input.c ipv6: annotate data-races around cnf.disable_ipv6 2024-05-17 12:02:24 +02:00
ip6_offload.c net: gro: fix udp bad offset in socket lookup by adding {inner_}network_offset to napi_gro_cb 2024-05-17 12:02:07 +02:00
ip6_offload.h
ip6_output.c ipv6: prevent NULL dereference in ip6_output() 2024-05-17 12:02:24 +02:00
ip6_tunnel.c net: add netdev_lockdep_set_classes() to virtual drivers 2024-04-13 13:07:30 +02:00
ip6_udp_tunnel.c
ip6_vti.c net: add netdev_lockdep_set_classes() to virtual drivers 2024-04-13 13:07:30 +02:00
ip6mr.c net: ipv4, ipv6: fix IPSTATS_MIB_OUTOCTETS increment duplicated 2023-08-30 09:44:09 +01:00
ipcomp6.c xfrm: ipcomp: add extack to ipcomp{4,6}_init_state 2022-09-29 07:18:00 +02:00
ipv6_sockglue.c net: selectively purge error queue in IP_RECVERR / IPV6_RECVERR 2023-08-20 15:17:47 +01:00
Kconfig ipv6: fix indentation of a config attribute 2023-08-16 10:03:08 +01:00
Makefile
mcast.c net: fix IPSTATS_MIB_OUTPKGS increment in OutForwDatagrams. 2024-04-03 15:28:39 +02:00
mcast_snoop.c
mip6.c xfrm: mip6: add extack to mip6_destopt_init_state, mip6_rthdr_init_state 2022-09-29 07:18:01 +02:00
ndisc.c net: fix IPSTATS_MIB_OUTPKGS increment in OutForwDatagrams. 2024-04-03 15:28:39 +02:00
netfilter.c netfilter: Use l3mdev flow key when re-routing mangled packets 2022-05-16 13:03:29 +02:00
output_core.c treewide: use get_random_u32_{above,below}() instead of manual loop 2022-11-18 02:15:22 +01:00
ping.c bpf: Propagate modified uaddrlen from cgroup sockaddr programs 2024-01-31 16:19:04 -08:00
proc.c net: fix IPSTATS_MIB_OUTPKGS increment in OutForwDatagrams. 2024-04-03 15:28:39 +02:00
protocol.c
raw.c net: fix IPSTATS_MIB_OUTPKGS increment in OutForwDatagrams. 2024-04-03 15:28:39 +02:00
reassembly.c net: ipv6: fix wrong start position when receive hop-by-hop fragment 2024-06-12 11:11:51 +02:00
route.c ipv6: prevent possible NULL dereference in rt6_probe() 2024-06-27 13:49:06 +02:00
rpl.c ipv6: rpl: Remove pskb(_may)?_pull() in ipv6_rpl_srh_rcv(). 2023-06-19 11:32:58 -07:00
rpl_iptunnel.c ipv6: rpl: Remove redundant skb_dst_drop(). 2023-07-12 17:12:29 -07:00
seg6.c ipv6: sr: fix invalid unregister error path 2024-06-12 11:11:53 +02:00
seg6_hmac.c ipv6: sr: fix memleak in seg6_hmac_init_algo 2024-06-12 11:12:48 +02:00
seg6_iptunnel.c ipv6: sr: block BH in seg6_output_core() and seg6_input_core() 2024-06-21 14:38:16 +02:00
seg6_local.c seg6: add NEXT-C-SID support for SRv6 End.X behavior 2023-08-15 18:51:47 -07:00
sit.c net: add netdev_lockdep_set_classes() to virtual drivers 2024-04-13 13:07:30 +02:00
syncookies.c dccp/tcp: Call security_inet_conn_request() after setting IPv6 addresses. 2023-11-20 11:59:35 +01:00
sysctl_net_ipv6.c networking: Update to register_net_sysctl_sz 2023-08-15 15:26:18 -07:00
tcp_ipv6.c tcp: fix race in tcp_v6_syn_recv_sock() 2024-06-21 14:38:33 +02:00
tcpv6_offload.c net: Make gro complete function to return void 2023-05-31 09:50:17 +01:00
tunnel6.c
udp.c udp: Avoid call to compute_score on multiple sites 2024-06-12 11:11:42 +02:00
udp_impl.h tcp/udp: Call inet6_destroy_sock() in IPv6 sk->sk_destruct(). 2022-10-12 17:50:37 -07:00
udp_offload.c net: gro: fix udp bad offset in socket lookup by adding {inner_}network_offset to napi_gro_cb 2024-05-17 12:02:07 +02:00
udplite.c udplite: remove UDPLITE_BIT 2023-11-20 11:58:56 +01:00
xfrm6_input.c xfrm: Preserve vlan tags for transport mode software GRO 2024-05-17 12:02:20 +02:00
xfrm6_output.c xfrm: fix tunnel model fragmentation behavior 2022-03-01 12:08:40 +01:00
xfrm6_policy.c ipsec-2023-10-17 2023-10-17 18:21:13 -07:00
xfrm6_protocol.c
xfrm6_state.c
xfrm6_tunnel.c xfrm: tunnel: add extack to ipip_init_state, xfrm6_tunnel_init_state 2022-09-29 07:18:00 +02:00