leandrof/linux
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
022e9d6090
linux/drivers/net
History
Taehee Yoo 022e9d6090 net: macsec: fix using wrong structure in macsec_changelink() 
In the macsec_changelink(), "struct macsec_tx_sa tx_sc" is used to
store "macsec_secy.tx_sc".
But, the struct type of tx_sc is macsec_tx_sc, not macsec_tx_sa.
So, the macsec_tx_sc should be used instead.

Test commands:
    ip link add dummy0 type dummy
    ip link add macsec0 link dummy0 type macsec
    ip link set macsec0 type macsec encrypt off

Splat looks like:
[61119.963483][ T9335] ==================================================================
[61119.964709][ T9335] BUG: KASAN: slab-out-of-bounds in macsec_changelink.part.34+0xb6/0x200 [macsec]
[61119.965787][ T9335] Read of size 160 at addr ffff888020d69c68 by task ip/9335
[61119.966699][ T9335]
[61119.966979][ T9335] CPU: 0 PID: 9335 Comm: ip Not tainted 5.6.0+ #503
[61119.967791][ T9335] Hardware name: innotek GmbH VirtualBox/VirtualBox, BIOS VirtualBox 12/01/2006
[61119.968914][ T9335] Call Trace:
[61119.969324][ T9335]  dump_stack+0x96/0xdb
[61119.969809][ T9335]  ? macsec_changelink.part.34+0xb6/0x200 [macsec]
[61119.970554][ T9335]  print_address_description.constprop.5+0x1be/0x360
[61119.971294][ T9335]  ? macsec_changelink.part.34+0xb6/0x200 [macsec]
[61119.971973][ T9335]  ? macsec_changelink.part.34+0xb6/0x200 [macsec]
[61119.972703][ T9335]  __kasan_report+0x12a/0x170
[61119.973323][ T9335]  ? macsec_changelink.part.34+0xb6/0x200 [macsec]
[61119.973942][ T9335]  kasan_report+0xe/0x20
[61119.974397][ T9335]  check_memory_region+0x149/0x1a0
[61119.974866][ T9335]  memcpy+0x1f/0x50
[61119.975209][ T9335]  macsec_changelink.part.34+0xb6/0x200 [macsec]
[61119.975825][ T9335]  ? macsec_get_stats64+0x3e0/0x3e0 [macsec]
[61119.976451][ T9335]  ? kernel_text_address+0x111/0x120
[61119.976990][ T9335]  ? pskb_expand_head+0x25f/0xe10
[61119.977503][ T9335]  ? stack_trace_save+0x82/0xb0
[61119.977986][ T9335]  ? memset+0x1f/0x40
[61119.978397][ T9335]  ? __nla_validate_parse+0x98/0x1ab0
[61119.978936][ T9335]  ? macsec_alloc_tfm+0x90/0x90 [macsec]
[61119.979511][ T9335]  ? __kasan_slab_free+0x111/0x150
[61119.980021][ T9335]  ? kfree+0xce/0x2f0
[61119.980700][ T9335]  ? netlink_trim+0x196/0x1f0
[61119.981420][ T9335]  ? nla_memcpy+0x90/0x90
[61119.982036][ T9335]  ? register_lock_class+0x19e0/0x19e0
[61119.982776][ T9335]  ? memcpy+0x34/0x50
[61119.983327][ T9335]  __rtnl_newlink+0x922/0x1270
[ ... ]

Fixes: 3cf3227a21 ("net: macsec: hardware offloading infrastructure")
Signed-off-by: Taehee Yoo <ap420073@gmail.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
2020-04-09 10:16:00 -07:00
..
appletalk
arcnet
bonding Merge git://git.kernel.org/pub/scm/linux/kernel/git/netdev/net 2020-03-12 22:34:48 -07:00
caif net: caif: Use scnprintf() for avoiding potential buffer overflow 2020-03-15 17:06:22 -07:00
can slcan: Don't transmit uninitialized stack data in padding 2020-04-01 11:22:35 -07:00
dsa net: dsa: mt7530: move mt7623 settings out off the mt7530 2020-04-07 18:28:28 -07:00
ethernet net/mlx5e: CT: Use rhashtable's ct entries instead of a separate list 2020-04-08 15:46:54 -07:00
fddi net: skfp: use new constant PCI_STATUS_ERROR_BITS 2020-03-04 14:21:00 -08:00
fjes
hamradio
hippi
hyperv hv_netvsc: Remove unnecessary round_up for recv_completion_cnt 2020-03-30 19:43:42 -07:00
ieee802154
ipa soc: qcom: ipa: kill IPA_RX_BUFFER_ORDER 2020-03-21 19:46:43 -07:00
ipvlan ipvlan: do not use cond_resched_rcu() in ipvlan_process_multicast() 2020-03-09 18:32:03 -07:00
netdevsim netdevsim: dev: Fix memory leak in nsim_dev_take_snapshot_write 2020-03-30 20:14:22 -07:00
phy Documentation: mdio_bus.c - fix warnings 2020-04-07 18:33:48 -07:00
plip
ppp
slip Merge git://git.kernel.org/pub/scm/linux/kernel/git/netdev/net 2020-03-12 22:34:48 -07:00
team
usb pegasus: Remove pegasus' own workqueue 2020-04-02 17:58:25 -07:00
vmxnet3 vmxnet3: let core reject the unsupported coalescing parameters 2020-03-06 22:45:55 -08:00
wan SPDX patches for 5.7-rc1. 2020-04-03 13:12:26 -07:00
wimax wimax: remove some redundant assignments to variable result 2020-04-06 10:20:03 -07:00
wireguard net: Fix CONFIG_NET_CLS_ACT=n and CONFIG_NFT_FWD_NETDEV={y, m} build 2020-03-25 12:24:33 -07:00
wireless Merge git://git.kernel.org/pub/scm/linux/kernel/git/netdev/net-next 2020-03-31 17:29:33 -07:00
xen-netback
bareudp.c bareudp: Fixed bareudp receive handling 2020-03-11 22:54:27 -07:00
dummy.c
eql.c
geneve.c geneve: move debug check after netdev unregister 2020-03-15 00:42:35 -07:00
gtp.c
ifb.c net: Fix CONFIG_NET_CLS_ACT=n and CONFIG_NFT_FWD_NETDEV={y, m} build 2020-03-25 12:24:33 -07:00
Kconfig Merge git://git.kernel.org/pub/scm/linux/kernel/git/netdev/net 2020-03-25 18:58:11 -07:00
LICENSE.SRC
loopback.c
macsec.c net: macsec: fix using wrong structure in macsec_changelink() 2020-04-09 10:16:00 -07:00
macvlan.c macvlan: add cond_resched() during multicast processing 2020-03-09 18:02:19 -07:00
macvtap.c
Makefile soc: qcom: ipa: support build of IPA code 2020-03-08 22:07:10 -07:00
mdio.c
mii.c
net_failover.c
netconsole.c
nlmon.c
ntb_netdev.c
rionet.c
sb1000.c
Space.c
sungem_phy.c
tap.c
thunderbolt.c
tun.c tun: Don't put_page() for all negative return values from XDP program 2020-04-06 10:00:43 -07:00
veth.c veth: rely on peer veth_rq for ndo_xdp_xmit accounting 2020-03-26 19:35:13 -07:00
virtio_net.c virtio_net: reject unsupported coalescing params 2020-03-05 12:12:35 -08:00
vrf.c Remove DST_HOST 2020-03-23 21:57:44 -07:00
vsockmon.c
vxlan.c vxlan: check return value of gro_cells_init() 2020-03-18 16:43:12 -07:00
xen-netfront.c