Minki/linux
1
0
Fork 1
mirror of https://github.com/torvalds/linux.git synced 2024-12-04 18:13:04 +00:00
Code Issues Packages Projects Releases Wiki Activity
c5d9ab85eb
linux/tools/testing/selftests/net
History
Ido Schimmel d8a21070b6 nexthop: Fix out-of-bounds access during attribute validation 
Passing a maximum attribute type to nlmsg_parse() that is larger than
the size of the passed policy will result in an out-of-bounds access [1]
when the attribute type is used as an index into the policy array.

Fix by setting the maximum attribute type according to the policy size,
as is already done for RTM_NEWNEXTHOP messages. Add a test case that
triggers the bug.

No regressions in fib nexthops tests:

 # ./fib_nexthops.sh
 [...]
 Tests passed: 236
 Tests failed:   0

[1]
BUG: KASAN: global-out-of-bounds in __nla_validate_parse+0x1e53/0x2940
Read of size 1 at addr ffffffff99ab4d20 by task ip/610

CPU: 3 PID: 610 Comm: ip Not tainted 6.8.0-rc7-custom-gd435d6e3e161 #9
Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.16.2-1.fc38 04/01/2014
Call Trace:
 <TASK>
 dump_stack_lvl+0x8f/0xe0
 print_report+0xcf/0x670
 kasan_report+0xd8/0x110
 __nla_validate_parse+0x1e53/0x2940
 __nla_parse+0x40/0x50
 rtm_del_nexthop+0x1bd/0x400
 rtnetlink_rcv_msg+0x3cc/0xf20
 netlink_rcv_skb+0x170/0x440
 netlink_unicast+0x540/0x820
 netlink_sendmsg+0x8d3/0xdb0
 ____sys_sendmsg+0x31f/0xa60
 ___sys_sendmsg+0x13a/0x1e0
 __sys_sendmsg+0x11c/0x1f0
 do_syscall_64+0xc5/0x1d0
 entry_SYSCALL_64_after_hwframe+0x63/0x6b
[...]

The buggy address belongs to the variable:
 rtm_nh_policy_del+0x20/0x40

Fixes: 2118f9390d ("net: nexthop: Adjust netlink policy parsing for a new attribute")
Reported-by: Eric Dumazet <edumazet@google.com>
Closes: https://lore.kernel.org/netdev/CANn89i+UNcG0PJMW5X7gOMunF38ryMh=L1aeZUKH3kL4UdUqag@mail.gmail.com/
Reported-by: syzbot+65bb09a7208ce3d4a633@syzkaller.appspotmail.com
Closes: https://lore.kernel.org/netdev/00000000000088981b06133bc07b@google.com/
Signed-off-by: Ido Schimmel <idosch@nvidia.com>
Reviewed-by: David Ahern <dsahern@kernel.org>
Link: https://lore.kernel.org/r/20240311162307.545385-4-idosch@nvidia.com
Signed-off-by: Jakub Kicinski <kuba@kernel.org>
2024-03-11 20:35:20 -07:00
..
af_unix selftests/net: unix: fix unused variable compiler warning 2023-11-27 18:12:07 -08:00
forwarding selftests: forwarding: Add a test for NH group stats 2024-03-11 14:14:10 -07:00
hsr selftests: hsr: Extend the testsuite to also cover HSRv1. 2023-09-18 08:26:19 +01:00
mptcp selftests: mptcp: use KSFT_SKIP/KSFT_PASS/KSFT_FAIL 2024-03-11 15:07:27 -07:00
openvswitch Merge git://git.kernel.org/pub/scm/linux/kernel/git/netdev/net 2024-02-15 16:20:04 -08:00
tcp_ao selftests/net: Amend per-netns counter checks 2024-02-06 10:35:29 +01:00
.gitignore selftests/net: Add log.txt and tools to .gitignore 2023-08-20 15:15:41 +01:00
altnames.sh
amt.sh
arp_ndisc_evict_nocarrier.sh selftests/net: convert arp_ndisc_evict_nocarrier.sh to run it in unique namespace 2023-12-05 13:00:55 +01:00
arp_ndisc_untracked_subnets.sh selftests/net: convert arp_ndisc_untracked_subnets.sh to run it in unique namespace 2023-12-05 13:00:56 +01:00
bareudp.sh
big_tcp.sh selftests: net: let big_tcp test cope with slow env 2024-02-05 12:36:16 +00:00
bind_bhash.c
bind_bhash.sh selftests/net: Improve bind_bhash.sh to accommodate predictable network interface names 2023-09-10 18:49:29 +01:00
bind_timewait.c tcp: Add selftest for bind() and TIME_WAIT. 2022-12-30 07:25:53 +00:00
bind_wildcard.c selftest: tcp: Add v4-mapped-v6 cases in bind_wildcard.c. 2023-09-13 07:18:04 +01:00
cmsg_ipv6.sh selftests: cmsg_ipv6: repeat the exact packet 2024-02-07 13:38:14 +00:00
cmsg_sender.c Merge git://git.kernel.org/pub/scm/linux/kernel/git/netdev/net 2023-11-30 16:11:19 -08:00
cmsg_so_mark.sh selftests/net: convert cmsg tests to make them run in unique namespace 2023-12-05 13:00:56 +01:00
cmsg_time.sh selftests/net: convert cmsg tests to make them run in unique namespace 2023-12-05 13:00:56 +01:00
config selftests: net: add more missing kernel config 2024-02-08 19:02:51 -08:00
csum.c selftests/net: replace manual array size calc with ARRAYSIZE macro. 2023-07-18 17:43:51 -07:00
devlink_port_split.py selftests: net: devlink_port_split.py: skip test if no suitable device available 2023-03-16 17:38:05 -07:00
drop_monitor_tests.sh selftests/net: convert drop_monitor_tests.sh to run it in unique namespace 2023-12-05 13:00:56 +01:00
fcnal-test.sh selftests: Declare local variable for pause in fcnal-test.sh 2024-01-31 21:14:51 -08:00
fdb_flush.sh selftests/net: convert fdb_flush.sh to run it in unique namespace 2023-12-14 18:38:36 -08:00
fib_nexthop_multiprefix.sh selftests/net: convert fib_nexthop_multiprefix to run it in unique namespace 2023-12-14 18:38:35 -08:00
fib_nexthop_nongw.sh selftests/net: convert fib_nexthop_nongw.sh to run it in unique namespace 2023-12-14 18:38:35 -08:00
fib_nexthops.sh nexthop: Fix out-of-bounds access during attribute validation 2024-03-11 20:35:20 -07:00
fib_rule_tests.sh selftests/net: convert fib_rule_tests.sh to run it in unique namespace 2023-12-14 18:38:36 -08:00
fib_tests.sh selftests/net: fix waiting time for ipv6_gc test in fib_tests.sh. 2024-03-07 20:47:59 -08:00
fib-onlink-tests.sh selftests/net: convert fib-onlink-tests.sh to run it in unique namespace 2023-12-14 18:38:35 -08:00
fin_ack_lat.c
fin_ack_lat.sh
fq_band_pktlimit.sh selftests/net: calibrate fq_band_pktlimit 2024-01-31 11:11:09 +00:00
gre_gso.sh selftests/net: convert gre_gso.sh to run it in unique namespace 2023-12-23 00:26:32 +00:00
gro.c selftests/net: fix GRO coalesce test and add ext header coalesce tests 2024-01-05 08:11:50 -08:00
gro.sh selftests: net: cope with slow env in gro.sh test 2024-02-13 10:10:11 -08:00
hwtstamp_config.c selftests/net: replace manual array size calc with ARRAYSIZE macro. 2023-07-18 17:43:51 -07:00
icmp_redirect.sh selftests/net: convert icmp_redirect.sh to run it in unique namespace 2023-12-05 13:00:56 +01:00
icmp.sh sleftests/net: convert icmp.sh to run it in unique namespace 2023-12-05 13:00:56 +01:00
in_netns.sh
io_uring_zerocopy_tx.c selftests/net: Extract uring helpers to be reusable 2023-10-19 16:42:03 -06:00
io_uring_zerocopy_tx.sh selftests/net: optmem_max became per netns 2023-12-15 11:01:27 +00:00
ioam6_parser.c selftests: ioam: refactoring to align with the fix 2024-02-22 09:28:03 +01:00
ioam6.sh selftests: ioam: refactoring to align with the fix 2024-02-22 09:28:03 +01:00
ip6_gre_headroom.sh
ip_defrag.c
ip_defrag.sh
ip_local_port_range.c selftests: ip_local_port_range: use XFAIL instead of SKIP 2024-03-01 10:30:29 +00:00
ip_local_port_range.sh selftests/net: Cover the IP_LOCAL_PORT_RANGE socket option 2023-01-25 22:45:00 -08:00
ipsec.c selftests/net: ipsec: fix constant out of range 2023-11-27 18:12:07 -08:00
ipv6_flowlabel_mgr.c
ipv6_flowlabel.c
ipv6_flowlabel.sh
l2_tos_ttl_inherit.sh selftests/net: l2_tos_ttl_inherit.sh: Ensure environment cleanup on failure. 2023-01-10 10:13:52 +01:00
l2tp.sh selftests/net: convert l2tp.sh to run it in unique namespace 2023-12-05 13:00:56 +01:00
lib.sh selftests/net/lib: update busywait timeout value 2024-01-25 17:07:14 -08:00
Makefile selftests: net: include forwarding lib 2024-02-09 12:50:22 -08:00
msg_zerocopy.c
msg_zerocopy.sh selftests/net: optmem_max became per netns 2023-12-15 11:01:27 +00:00
nat6to4.c selftests/net: mv bpf/nat6to4.c to net folder 2023-01-19 13:25:53 +01:00
ndisc_unsolicited_na_test.sh selftests/net: convert ndisc_unsolicited_na_test.sh to run it in unique namespace 2023-12-05 13:00:56 +01:00
net_helper.sh selftests: net: more strict check in net_helper 2024-02-13 10:19:05 -08:00
netdevice.sh
netns-name.sh selftests/net: convert netns-name.sh to run it in unique namespace 2023-12-23 00:26:32 +00:00
nettest.c selftests: net: remove unused variables 2023-10-16 09:20:08 +01:00
pmtu.sh selftests: net: more pmtu.sh fixes 2024-02-13 10:19:05 -08:00
psock_fanout.c
psock_lib.h selftests/net: replace manual array size calc with ARRAYSIZE macro. 2023-07-18 17:43:51 -07:00
psock_snd.c
psock_snd.sh
psock_tpacket.c
reuseaddr_conflict.c
reuseaddr_ports_exhausted.c
reuseaddr_ports_exhausted.sh
reuseport_addr_any.c
reuseport_addr_any.sh
reuseport_bpf_cpu.c
reuseport_bpf_numa.c
reuseport_bpf.c
reuseport_dualstack.c
route_localnet.sh selftests: net: change ifconfig with ip command 2023-10-24 13:53:39 -07:00
rps_default_mask.sh selftests: net: fix rps_default_mask with >32 CPUs 2024-01-24 13:55:19 -08:00
rtnetlink.sh netdevsim: fix rtnetlink.sh selftest 2024-03-01 10:43:10 +00:00
run_afpackettests
run_netsocktests
rxtimestamp.c
rxtimestamp.sh
sctp_hello.c
sctp_vrf.sh selftests/net: convert sctp_vrf.sh to run it in unique namespace 2023-12-05 13:00:56 +01:00
settings selftests/net: convert fcnal-test.sh to run it in unique namespace 2023-12-14 18:38:35 -08:00
setup_loopback.sh selftests: net: Remove executable bits from library scripts 2024-02-01 08:36:29 -08:00
setup_veth.sh selftests: net: give more time for GRO aggregation 2024-01-26 14:11:57 -08:00
sk_bind_sendto_listen.c
sk_connect_zero_addr.c
so_incoming_cpu.c selftest: Don't reuse port for SO_INCOMING_CPU test. 2024-01-23 10:48:07 +01:00
so_netns_cookie.c
so_txtime.c selftests/net: ignore timing errors in so_txtime if KSFT_MACHINE_SLOW 2024-02-06 10:19:06 +01:00
so_txtime.sh selftests: net: cope with slow env in so_txtime.sh test 2024-02-13 10:10:44 -08:00
socket.c
srv6_end_dt4_l3vpn_test.sh selftests/net: convert srv6_end_dt4_l3vpn_test.sh to run it in unique namespace 2023-12-14 18:38:34 -08:00
srv6_end_dt6_l3vpn_test.sh selftests/net: convert srv6_end_dt6_l3vpn_test.sh to run it in unique namespace 2023-12-14 18:38:35 -08:00
srv6_end_dt46_l3vpn_test.sh selftests/net: convert srv6_end_dt46_l3vpn_test.sh to run it in unique namespace 2023-12-14 18:38:34 -08:00
srv6_end_flavors_test.sh selftests: seg6: add selftest for PSP flavor in SRv6 End behavior 2023-02-16 13:18:06 +01:00
srv6_end_next_csid_l3vpn_test.sh
srv6_end_x_next_csid_l3vpn_test.sh selftests: seg6: add selftest for NEXT-C-SID flavor in SRv6 End.X behavior 2023-08-15 18:51:47 -07:00
srv6_hencap_red_l3vpn_test.sh
srv6_hl2encap_red_l2vpn_test.sh
stress_reuseport_listen.c
stress_reuseport_listen.sh selftests/net: convert stress_reuseport_listen.sh to run it in unique namespace 2023-12-23 00:26:32 +00:00
tap.c
tcp_fastopen_backup_key.c
tcp_fastopen_backup_key.sh
tcp_inq.c
tcp_mmap.c selftests/net: report rcv_mss in tcp_mmap 2023-08-02 11:40:49 +01:00
test_blackhole_dev.sh
test_bpf.sh
test_bridge_backup_port.sh selftests: net: Fix bridge backup port test flakiness 2024-02-09 11:29:52 -08:00
test_bridge_neigh_suppress.sh selftests/net: convert test_bridge_neigh_suppress.sh to run it in unique namespace 2023-12-08 12:12:15 +00:00
test_ingress_egress_chaining.sh
test_vxlan_fdb_changelink.sh
test_vxlan_mdb.sh selftests: vxlan_mdb: Avoid duplicate test names 2024-02-28 20:14:49 -08:00
test_vxlan_nolocalbypass.sh selftests/net: convert test_vxlan_nolocalbypass.sh to run it in unique namespace 2023-12-08 12:12:16 +00:00
test_vxlan_under_vrf.sh selftests/net: convert test_vxlan_under_vrf.sh to run it in unique namespace 2023-12-08 12:12:16 +00:00
test_vxlan_vnifiltering.sh selftests/net: convert test_vxlan_vnifiltering.sh to run it in unique namespace 2023-12-08 12:12:16 +00:00
timestamping.c
tls.c selftests: kselftest_harness: save full exit code in metadata 2024-03-01 10:30:28 +00:00
toeplitz_client.sh
toeplitz.c selftests/net: toeplitz: fix race on tpacket_v3 block close 2023-01-19 09:27:15 -08:00
toeplitz.sh selftests/net: use unique netns name for setup_loopback.sh setup_veth.sh 2023-12-23 00:26:32 +00:00
traceroute.sh selftests/net: convert traceroute.sh to run it in unique namespace 2023-12-05 13:00:56 +01:00
tun.c
txring_overwrite.c
txtimestamp.c selftests: net: ignore timing errors in txtimestamp if KSFT_MACHINE_SLOW 2024-02-12 10:21:15 +00:00
txtimestamp.sh selftests/net: calibrate txtimestamp 2024-01-31 10:22:13 -08:00
udpgro_bench.sh selftests: net: remove dependency on ebpf tests 2024-01-25 15:59:22 -08:00
udpgro_frglist.sh selftests: net: remove dependency on ebpf tests 2024-01-25 15:59:22 -08:00
udpgro_fwd.sh selftests: net: cut more slack for gro fwd tests. 2024-02-02 21:10:36 -08:00
udpgro.sh selftests: net: remove dependency on ebpf tests 2024-01-25 15:59:22 -08:00
udpgso_bench_rx.c selftests: net: cut more slack for gro fwd tests. 2024-02-02 21:10:36 -08:00
udpgso_bench_tx.c selftests: net: udpgso_bench_tx: Cater for pending datagrams zerocopy benchmarking 2023-02-02 13:29:51 +01:00
udpgso_bench.sh selftests: net: udpgso_bench: Fix racing bug between the rx/tx programs 2023-02-02 13:29:51 +01:00
udpgso.c selftests: udpgso: Pull up network setup into shell script 2024-02-09 12:56:49 -08:00
udpgso.sh selftests: udpgso: Pull up network setup into shell script 2024-02-09 12:56:49 -08:00
unicast_extensions.sh selftests/net: change shebang to bash to support "source" 2024-01-03 17:08:28 -08:00
veth.sh selftests: net: veth: test syncing GRO and XDP state while device is down 2024-02-26 11:34:13 +00:00
vlan_hw_filter.sh selftests: add vlan hw filter tests 2023-12-19 13:13:56 +01:00
vrf_route_leaking.sh selftests/net: convert vrf_route_leaking.sh to run it in unique namespace 2023-12-08 12:12:16 +00:00
vrf_strict_mode_test.sh selftests/net: convert vrf_strict_mode_test.sh to run it in unique namespace 2023-12-08 12:12:16 +00:00
vrf-xfrm-tests.sh selftests/net: convert vrf-xfrm-tests.sh to run it in unique namespace 2023-12-08 12:12:16 +00:00
xdp_dummy.c selftests: net: remove dependency on ebpf tests 2024-01-25 15:59:22 -08:00
xfrm_policy.sh selftests/net: convert xfrm_policy.sh to run it in unique namespace 2023-12-23 00:26:32 +00:00