lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
Open Source and information security mailing list archives
| ||
|
Message-ID: <CAK-6q+iqPFxrM7qdmi4xcF8e+2mgqXT9otEwRA+Vh-JfRQ18Wg@mail.gmail.com> Date: Tue, 4 Oct 2022 21:49:02 -0400 From: Alexander Aring <aahringo@...hat.com> To: Stefan Schmidt <stefan@...enfreihafen.org> Cc: Tetsuo Handa <penguin-kernel@...ove.sakura.ne.jp>, patchwork-bot+netdevbpf@...nel.org, "David S. Miller" <davem@...emloft.net>, alex.aring@...il.com, shaozhengchao@...wei.com, ast@...nel.org, sdf@...gle.com, linux-wpan@...r.kernel.org, syzbot+5ea725c25d06fb9114c4@...kaller.appspotmail.com, syzkaller-bugs@...glegroups.com, bpf@...r.kernel.org, netdev@...r.kernel.org Subject: Re: [PATCH] net/ieee802154: reject zero-sized raw_sendmsg() Hi, On Tue, Oct 4, 2022 at 1:59 PM Stefan Schmidt <stefan@...enfreihafen.org> wrote: > > Hello. > > On 04.10.22 00:29, Alexander Aring wrote: > > Hi, > > > > On Mon, Oct 3, 2022 at 8:35 AM Tetsuo Handa > > <penguin-kernel@...ove.sakura.ne.jp> wrote: > >> > >> On 2022/10/03 21:30, patchwork-bot+netdevbpf@...nel.org wrote: > >>> Hello: > >>> > >>> This patch was applied to netdev/net.git (master) > >>> by David S. Miller <davem@...emloft.net>: > >>> > >>> On Sun, 2 Oct 2022 01:43:44 +0900 you wrote: > >>>> syzbot is hitting skb_assert_len() warning at raw_sendmsg() for ieee802154 > >>>> socket. What commit dc633700f00f726e ("net/af_packet: check len when > >>>> min_header_len equals to 0") does also applies to ieee802154 socket. > >>>> > >>>> Link: https://syzkaller.appspot.com/bug?extid=5ea725c25d06fb9114c4 > >>>> Reported-by: syzbot <syzbot+5ea725c25d06fb9114c4@...kaller.appspotmail.com> > >>>> Fixes: fd1894224407c484 ("bpf: Don't redirect packets with invalid pkt_len") > >>>> Signed-off-by: Tetsuo Handa <penguin-kernel@...ove.SAKURA.ne.jp> > >>>> > >>>> [...] > >>> > >>> Here is the summary with links: > >>> - net/ieee802154: reject zero-sized raw_sendmsg() > >>> https://git.kernel.org/netdev/net/c/3a4d061c699b > >> > >> > >> Are you sure that returning -EINVAL is OK? > >> > >> In v2 patch, I changed to return 0, for PF_IEEE802154 socket's zero-sized > >> raw_sendmsg() request was able to return 0. > > > > I currently try to get access to kernel.org wpan repositories and try > > to rebase/apply your v2 on it. > > This will only work once I merged net into wpan. Which I normally do > only after a pull request to avoid merge requests being created. > ok. > We have two options here a) reverting this patch and applying v2 of it > b) Tetsu sending an incremental patch on top of the applied one to come > to the same state as after v2. > > > Then it should be fixed in the next ok. > > pull request to net. For netdev maintainers, please don't apply wpan > > patches. Stefan and I will care about it. > > Keep in mind that Dave and Jakub do this to help us out because we are > sometimes slow on applying patches and getting them to net. Normally > this is all fine for clear fixes. > If we move getting patches for wpan to net then we should move it completely to that behaviour and not having a mixed setup which does not work, or it works and hope we don't have conflicts and if we have conflicts we need to fix them when doing the pull-request that the next instance has no conflicts because they touched maybe the same code area. > For -next material I agree this should only go through the wpan-next > tree for us to coordinate, but for the occasional fix its often faster > if it hits net directly. Normally I don't mind that. In this case v2 was > overlooked. But this is easily rectified with either of the two options > mentioned above. > I think a) would be the fastest way here and I just sent something. - Alex
Powered by blists - more mailing lists