superrob1500
/
mirror-linux
mirror of https://github.com/torvalds/linux
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity
mirror-linux/net/core
History
Ido Schimmel b15dea3de4 rtnetlink: Reject negative ifindexes in RTM_NEWLINK 
[ Upstream commit 30188bd783 ]

Negative ifindexes are illegal, but the kernel does not validate the
ifindex in the ancillary header of RTM_NEWLINK messages, resulting in
the kernel generating a warning [1] when such an ifindex is specified.

Fix by rejecting negative ifindexes.

[1]
WARNING: CPU: 0 PID: 5031 at net/core/dev.c:9593 dev_index_reserve+0x1a2/0x1c0 net/core/dev.c:9593
[...]
Call Trace:
 <TASK>
 register_netdevice+0x69a/0x1490 net/core/dev.c:10081
 br_dev_newlink+0x27/0x110 net/bridge/br_netlink.c:1552
 rtnl_newlink_create net/core/rtnetlink.c:3471 [inline]
 __rtnl_newlink+0x115e/0x18c0 net/core/rtnetlink.c:3688
 rtnl_newlink+0x67/0xa0 net/core/rtnetlink.c:3701
 rtnetlink_rcv_msg+0x439/0xd30 net/core/rtnetlink.c:6427
 netlink_rcv_skb+0x16b/0x440 net/netlink/af_netlink.c:2545
 netlink_unicast_kernel net/netlink/af_netlink.c:1342 [inline]
 netlink_unicast+0x536/0x810 net/netlink/af_netlink.c:1368
 netlink_sendmsg+0x93c/0xe40 net/netlink/af_netlink.c:1910
 sock_sendmsg_nosec net/socket.c:728 [inline]
 sock_sendmsg+0xd9/0x180 net/socket.c:751
 ____sys_sendmsg+0x6ac/0x940 net/socket.c:2538
 ___sys_sendmsg+0x135/0x1d0 net/socket.c:2592
 __sys_sendmsg+0x117/0x1e0 net/socket.c:2621
 do_syscall_x64 arch/x86/entry/common.c:50 [inline]
 do_syscall_64+0x38/0xb0 arch/x86/entry/common.c:80
 entry_SYSCALL_64_after_hwframe+0x63/0xcd

Fixes: 38f7b870d4 ("[RTNETLINK]: Link creation API")
Reported-by: syzbot+5ba06978f34abb058571@syzkaller.appspotmail.com
Signed-off-by: Ido Schimmel <idosch@nvidia.com>
Reviewed-by: Jiri Pirko <jiri@nvidia.com>
Reviewed-by: Jakub Kicinski <kuba@kernel.org>
Link: https://lore.kernel.org/r/20230823064348.2252280-1-idosch@nvidia.com
Signed-off-by: Paolo Abeni <pabeni@redhat.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
 		2023-08-30 16:11:04 +02:00
..
Makefile devlink: move code to a dedicated directory 2023-08-30 16:11:00 +02:00
bpf_sk_storage.c bpf: Add length check for SK_DIAG_BPF_STORAGE_REQ_MAP_FD parsing 2023-08-11 12:08:12 +02:00
datagram.c net: datagram: fix data-races in datagram_poll() 2023-05-24 17:32:32 +01:00
dev.c net: sched: add rcu annotations around qdisc->qdisc_sleeping 2023-06-14 11:15:21 +02:00
dev.h
dev_addr_lists.c
dev_addr_lists_test.c
dev_ioctl.c
drop_monitor.c
dst.c
dst_cache.c
failover.c
fib_notifier.c
fib_rules.c
filter.c net: core: remove unnecessary frame_sz check in bpf_xdp_adjust_tail() 2023-08-16 18:27:26 +02:00
flow_dissector.c
flow_offload.c
gen_estimator.c
gen_stats.c
gro.c skb: Do mix page pool and page referenced frags in GRO 2023-02-09 11:28:05 +01:00
gro_cells.c
hwbm.c
link_watch.c
lwt_bpf.c
lwtunnel.c
neighbour.c neighbour: delete neigh_lookup_nodev as not used 2023-06-21 16:01:03 +02:00
net-procfs.c
net-sysfs.c
net-sysfs.h
net-traces.c
net_namespace.c net: fix UaF in netns ops registration error path 2023-02-01 08:34:43 +01:00
netclassid_cgroup.c
netevent.c
netpoll.c net: don't let netpoll invoke NAPI if in xmit context 2023-04-13 16:55:21 +02:00
netprio_cgroup.c
of_net.c
page_pool.c page_pool: fix inconsistency for page_pool_ring_[un]lock() 2023-06-05 09:26:20 +02:00
pktgen.c
ptp_classifier.c
request_sock.c
rtnetlink.c rtnetlink: Reject negative ifindexes in RTM_NEWLINK 2023-08-30 16:11:04 +02:00
scm.c scm: add user copy checks to put_cmsg() 2023-03-10 09:33:54 +01:00
secure_seq.c
selftests.c
skbuff.c net: prevent skb corruption on frag list segmentation 2023-07-23 13:49:23 +02:00
skmsg.c bpf, sockmap: Fix bug that strp_done cannot be called 2023-08-16 18:27:26 +02:00
sock.c sock: Fix misuse of sk_under_memory_pressure() 2023-08-23 17:52:35 +02:00
sock_destructor.h
sock_diag.c
sock_map.c bpf, sockmap: Fix map type error in sock_map_del_link 2023-08-16 18:27:26 +02:00
sock_reuseport.c
stream.c net: deal with most data-races in sk_wait_event() 2023-05-24 17:32:32 +01:00
sysctl_net_core.c
timestamping.c
tso.c
utils.c
xdp.c