leandrof/linux
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
aa3a022094
linux/drivers
History
Li RongQing 7256eac13b vxlan: fix a out of bounds access in __vxlan_find_mac 
The size of all_zeros_mac is 6 byte, but eth_hash() will access the
8 byte, and KASan reported the below bug:

[ 8596.479031] BUG: KASan: out of bounds access in __vxlan_find_mac+0x24/0x100 at addr ffffffff841514c0
[ 8596.487647] Read of size 8 by task ip/52820
[ 8596.490818] Address belongs to variable all_zeros_mac+0x0/0x40
[ 8596.496051] CPU: 0 PID: 52820 Comm: ip Tainted: G WC 4.1.15 
[ 8596.503520] Hardware name: HP ProLiant DL380p Gen8, BIOS P70 02/10/2014
[ 8596.509365] ffffffff841514c0 ffff88007450f0b8 ffffffff822fa5e1 0000000000000032
[ 8596.516112] ffff88007450f150 ffff88007450f138 ffffffff812dd58c ffff88007450f1d8
[ 8596.522856] ffffffff81113b80 0000000000000282 0000000000000001 ffffffff8101ee4d
[ 8596.529599] Call Trace:
[ 8596.530858] [<ffffffff822fa5e1>] dump_stack+0x4f/0x7b
[ 8596.535080] [<ffffffff812dd58c>] kasan_report_error+0x3bc/0x3f0
[ 8596.540258] [<ffffffff81113b80>] ? __lock_acquire+0x90/0x2140
[ 8596.545245] [<ffffffff8101ee4d>] ? save_stack_trace+0x2d/0x80
[ 8596.550234] [<ffffffff812dda70>] kasan_report+0x40/0x50
[ 8596.554647] [<ffffffff81b211e4>] ? __vxlan_find_mac+0x24/0x100
[ 8596.559729] [<ffffffff812dc399>] __asan_load8+0x69/0xa0
[ 8596.564141] [<ffffffff81b211e4>] __vxlan_find_mac+0x24/0x100
[ 8596.569033] [<ffffffff81b2683d>] vxlan_fdb_create+0x9d/0x570

it can be fixed by enlarging the all_zeros_mac to 8 byte, although it is
harmless; eth_hash() will be called in other place with the memory which
is larger and equal to 8 byte.

Signed-off-by: Li RongQing <roy.qing.li@gmail.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
2016-01-29 20:11:16 -08:00
..
accessibility
acpi libnvdimm for 4.5 2016-01-13 19:15:14 -08:00
amba
android
ata Merge branch 'for-4.5' of git://git.kernel.org/pub/scm/linux/kernel/git/tj/libata 2016-01-11 19:33:59 -08:00
atm
auxdisplay
base linux-kselftest-4.5-rc1 2016-01-17 13:31:50 -08:00
bcma GPIO bulk updates for the v4.5 kernel cycle: 2016-01-17 12:32:01 -08:00
block mm, dax, pmem: introduce pfn_t 2016-01-15 17:56:32 -08:00
bluetooth Bluetooth: btmrvl: don't send data to firmware while processing suspend 2016-01-06 16:37:14 +01:00
bus
cdrom cdrom: don't open-code memdup_user() 2016-01-06 08:25:24 -05:00
char Merge branch 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/jmorris/linux-security 2016-01-17 19:13:15 -08:00
clk clk: remove duplicated COMMON_CLK_NXP record from clk/Kconfig 2016-01-13 18:09:52 -08:00
clocksource Merge branches 'clockevents/4.4-fixes' and 'clockevents/4.5-fixes' of http://git.linaro.org/people/daniel.lezcano/linux into timers/urgent 2016-01-12 11:01:12 +01:00
connector connector: bump skb->users before callback invocation 2016-01-04 21:46:45 -05:00
cpufreq powerpc updates for 4.5 2016-01-15 13:18:47 -08:00
cpuidle powerpc updates for 4.5 2016-01-15 13:18:47 -08:00
crypto powerpc updates for 4.5 2016-01-15 13:18:47 -08:00
dca
devfreq
dio
dma sound updates for 4.5-rc1 2016-01-17 12:05:31 -08:00
dma-buf
edac
eisa
extcon
firewire
firmware Merge branch 'dmi-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/jdelvare/staging 2016-01-15 18:12:18 -08:00
fmc
fpga
gpio GPIO bulk updates for the v4.5 kernel cycle: 2016-01-17 12:32:01 -08:00
gpu virtio: barrier rework+fixes 2016-01-18 16:44:24 -08:00
hid GPIO bulk updates for the v4.5 kernel cycle: 2016-01-17 12:32:01 -08:00
hsi HSI: omap_ssi_port: fix handling of_get_named_gpio result 2016-01-07 16:07:54 +01:00
hv char/misc patches for 4.5-rc1 2016-01-13 10:23:36 -08:00
hwmon Merge git://www.linux-watchdog.org/linux-watchdog 2016-01-17 12:15:38 -08:00
hwspinlock
hwtracing
i2c Merge branch 'i2c/for-4.5' of git://git.kernel.org/pub/scm/linux/kernel/git/wsa/linux 2016-01-14 11:25:37 -08:00
ide drivers/ide: make ide-scan-pci.c driver explicitly non-modular 2016-01-18 14:12:33 -05:00
idle
iio include/linux/kernel.h: change abs() macro so it uses consistent return type 2016-01-16 11:17:22 -08:00
infiniband net/mlx5_core: Fix trimming down IRQ number 2016-01-17 12:08:04 -05:00
input GPIO bulk updates for the v4.5 kernel cycle: 2016-01-17 12:32:01 -08:00
iommu Merge branch 'x86-cleanups-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip 2016-01-11 16:26:03 -08:00
ipack
irqchip Merge branches 'clockevents/4.4-fixes' and 'clockevents/4.5-fixes' of http://git.linaro.org/people/daniel.lezcano/linux into timers/urgent 2016-01-12 11:01:12 +01:00
isdn Merge git://git.kernel.org/pub/scm/linux/kernel/git/davem/net 2016-01-11 23:55:43 -05:00
leds GPIO bulk updates for the v4.5 kernel cycle: 2016-01-17 12:32:01 -08:00
lguest lguest: Map switcher text R/O 2016-01-12 12:17:28 +01:00
lightnvm
macintosh
mailbox
mcb
md md updates for 4.5 2016-01-15 12:28:00 -08:00
media fbdev changes for 4.5 2016-01-18 11:58:31 -08:00
memory
memstick
message
mfd GPIO bulk updates for the v4.5 kernel cycle: 2016-01-17 12:32:01 -08:00
misc virtio: barrier rework+fixes 2016-01-18 16:44:24 -08:00
mmc Merge branch 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/egtvedt/linux-avr32 2016-01-18 12:50:55 -08:00
mtd MTD updates for v4.5: 2016-01-13 11:25:54 -08:00
net vxlan: fix a out of bounds access in __vxlan_find_mac 2016-01-29 20:11:16 -08:00
nfc
ntb
nubus
nvdimm mm, dax, pmem: introduce {get|put}_dev_pagemap() for dax-gup 2016-01-15 17:56:32 -08:00
nvme
nvmem
of of: of_mdio: Add a whitelist of PHY compatibilities. 2016-01-28 22:53:16 -08:00
oprofile
parisc parisc: Initialize PCI bridge cache line and default latency 2016-01-12 22:03:21 +01:00
parport
pci sound updates for 4.5-rc1 2016-01-17 12:05:31 -08:00
pcmcia
perf
phy
pinctrl GPIO bulk updates for the v4.5 kernel cycle: 2016-01-17 12:32:01 -08:00
platform Merge branch 'drm-next' of git://people.freedesktop.org/~airlied/linux 2016-01-17 13:40:25 -08:00
pnp
power power: bq27xxx_battery: Fix bq27541 AveragePower register address 2016-01-14 01:03:18 +01:00
powercap Merge branch 'powercap' 2016-01-12 01:12:40 +01:00
pps
ps3
ptp ptp: ixp46x: use helpers for converting ns to timespec 2016-01-29 12:38:59 -08:00
pwm
rapidio
ras
regulator regulator: Update for v4.5 2016-01-15 12:14:47 -08:00
remoteproc virtio: make find_vqs() checkpatch.pl-friendly 2016-01-12 20:47:06 +02:00
reset
rpmsg virtio: make find_vqs() checkpatch.pl-friendly 2016-01-12 20:47:06 +02:00
rtc RTC for 4.5 2016-01-18 12:10:45 -08:00
s390 virtio: barrier rework+fixes 2016-01-18 16:44:24 -08:00
sbus
scsi SCSI misc on 20160113 2016-01-13 19:37:36 -08:00
sfi
sh
sn
soc powerpc updates for 4.5 2016-01-15 13:18:47 -08:00
spi powerpc updates for 4.5 2016-01-15 13:18:47 -08:00
spmi
ssb
staging kmemcg: account certain kmem allocations to memcg 2016-01-14 16:00:49 -08:00
target
tc
thermal
thunderbolt
tty GPIO bulk updates for the v4.5 kernel cycle: 2016-01-17 12:32:01 -08:00
uio
usb powerpc updates for 4.5 2016-01-15 13:18:47 -08:00
uwb
vfio
vhost
video fbdev changes for 4.5 2016-01-18 11:58:31 -08:00
virt
virtio virtio: make find_vqs() checkpatch.pl-friendly 2016-01-12 20:47:06 +02:00
vlynq
vme
w1
watchdog watchdog: asm9260: remove __init and __exit annotations 2016-01-11 22:48:05 +01:00
xen virtio: barrier rework+fixes 2016-01-18 16:44:24 -08:00
zorro
Kconfig
Makefile