lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
Open Source and information security mailing list archives
| ||
|
Date: Wed, 9 Mar 2022 13:37:10 -0800 From: Tadeusz Struk <tadeusz.struk@...aro.org> To: David Ahern <dsahern@...nel.org>, David Laight <David.Laight@...LAB.COM>, "davem@...emloft.net" <davem@...emloft.net> Cc: Hideaki YOSHIFUJI <yoshfuji@...ux-ipv6.org>, Jakub Kicinski <kuba@...nel.org>, Alexei Starovoitov <ast@...nel.org>, Daniel Borkmann <daniel@...earbox.net>, Andrii Nakryiko <andrii@...nel.org>, Martin KaFai Lau <kafai@...com>, Song Liu <songliubraving@...com>, Yonghong Song <yhs@...com>, John Fastabend <john.fastabend@...il.com>, KP Singh <kpsingh@...nel.org>, "netdev@...r.kernel.org" <netdev@...r.kernel.org>, "bpf@...r.kernel.org" <bpf@...r.kernel.org>, "linux-kernel@...r.kernel.org" <linux-kernel@...r.kernel.org>, "stable@...r.kernel.org" <stable@...r.kernel.org>, "syzbot+e223cf47ec8ae183f2a0@...kaller.appspotmail.com" <syzbot+e223cf47ec8ae183f2a0@...kaller.appspotmail.com> Subject: Re: [PATCH] net: ipv6: fix invalid alloclen in __ip6_append_data On 3/8/22 21:01, David Ahern wrote: > On 3/8/22 12:46 PM, Tadeusz Struk wrote: >> That fails in the same way: >> >> skbuff: skb_over_panic: text:ffffffff83e7b48b len:65575 put:65575 >> head:ffff888101f8a000 data:ffff888101f8a088 tail:0x100af end:0x6c0 >> dev:<NULL> >> ------------[ cut here ]------------ >> kernel BUG at net/core/skbuff.c:113! >> invalid opcode: 0000 [#1] PREEMPT SMP KASAN >> CPU: 0 PID: 1852 Comm: repro Not tainted >> 5.17.0-rc7-00020-gea4424be1688-dirty #19 >> Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.15.0-1.fc35 >> RIP: 0010:skb_panic+0x173/0x175 >> >> I'm not sure how it supposed to help since it doesn't change the >> alloclen at all. > > alloclen is a function of fraglen and fraglen is a function of datalen. Ok, but in this case it doesn't affect the alloclen and it still fails. -- Thanks, Tadeusz
Powered by blists - more mailing lists