| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-Id: <20241129063112.763095-1-xiyou.wangcong@gmail.com>
Date: Thu, 28 Nov 2024 22:31:12 -0800
From: Cong Wang <xiyou.wangcong@...il.com>
To: netdev@...r.kernel.org
Cc: Cong Wang <cong.wang@...edance.com>,
syzbot+21ba4d5adff0b6a7cfc6@...kaller.appspotmail.com,
Kuniyuki Iwashima <kuniyu@...zon.com>
Subject: [Patch net] rtnetlink: catch error pointer for rtnl_link_get_net()
From: Cong Wang <cong.wang@...edance.com>
Currently all callers of rtnl_link_get_net() assume that it always
returns a valid netns pointer, when rtnl_link_get_net_ifla() fails,
it uses 'src_net' as a fallback.
This is not true, because rtnl_link_get_net_ifla() can return an
error pointer too, we need to handle this error case and propagate
the error code to its callers.
Add a comment to better document its return value.
Reported-by: syzbot+21ba4d5adff0b6a7cfc6@...kaller.appspotmail.com
Closes: https://syzkaller.appspot.com/bug?extid=21ba4d5adff0b6a7cfc6
Fixes: 0eb87b02a705 ("veth: Set VETH_INFO_PEER to veth_link_ops.peer_type.")
Fixes: 6b84e558e95d ("vxcan: Set VXCAN_INFO_PEER to vxcan_link_ops.peer_type.")
Fixes: fefd5d082172 ("netkit: Set IFLA_NETKIT_PEER_INFO to netkit_link_ops.peer_type.")
Cc: Kuniyuki Iwashima <kuniyu@...zon.com>
Signed-off-by: Cong Wang <cong.wang@...edance.com>
---
drivers/net/can/vxcan.c | 3 +++
drivers/net/netkit.c | 3 +++
drivers/net/veth.c | 3 +++
net/core/rtnetlink.c | 12 ++++++++++++
4 files changed, 21 insertions(+)
diff --git a/drivers/net/can/vxcan.c b/drivers/net/can/vxcan.c
index da7c72105fb6..6d03a5314034 100644
--- a/drivers/net/can/vxcan.c
+++ b/drivers/net/can/vxcan.c
@@ -204,6 +204,9 @@ static int vxcan_newlink(struct net *net, struct net_device *dev,
}
peer_net = rtnl_link_get_net(net, tbp);
+ if (IS_ERR(peer_net))
+ return PTR_ERR(peer_net);
+
peer = rtnl_create_link(peer_net, ifname, name_assign_type,
&vxcan_link_ops, tbp, extack);
if (IS_ERR(peer)) {
diff --git a/drivers/net/netkit.c b/drivers/net/netkit.c
index bb07725d1c72..44fe99a82ac3 100644
--- a/drivers/net/netkit.c
+++ b/drivers/net/netkit.c
@@ -386,6 +386,9 @@ static int netkit_new_link(struct net *src_net, struct net_device *dev,
return -EOPNOTSUPP;
net = rtnl_link_get_net(src_net, tbp);
+ if (IS_ERR(net))
+ return PTR_ERR(net);
+
peer = rtnl_create_link(net, ifname, ifname_assign_type,
&netkit_link_ops, tbp, extack);
if (IS_ERR(peer)) {
diff --git a/drivers/net/veth.c b/drivers/net/veth.c
index 0d6d0d749d44..3a42a982c638 100644
--- a/drivers/net/veth.c
+++ b/drivers/net/veth.c
@@ -1801,6 +1801,9 @@ static int veth_newlink(struct net *src_net, struct net_device *dev,
}
net = rtnl_link_get_net(src_net, tbp);
+ if (IS_ERR(net))
+ return PTR_ERR(net);
+
peer = rtnl_create_link(net, ifname, name_assign_type,
&veth_link_ops, tbp, extack);
if (IS_ERR(peer)) {
diff --git a/net/core/rtnetlink.c b/net/core/rtnetlink.c
index dd142f444659..6a4363276117 100644
--- a/net/core/rtnetlink.c
+++ b/net/core/rtnetlink.c
@@ -2527,6 +2527,18 @@ static struct net *rtnl_link_get_net_ifla(struct nlattr *tb[])
return net;
}
+/**
+ * rtnl_link_get_net - Get the network namespace from the netlink attributes
+ * or just @src_net.
+ *
+ * @src_net: the source network namespace
+ * @tb: the netlink attributes
+ *
+ * Returns:
+ * The network namespace specified in the netlink attributes,
+ * in case of error, an error pointer is returned.
+ * Or, @src_net if no netns attributes were passed.
+ */
struct net *rtnl_link_get_net(struct net *src_net, struct nlattr *tb[])
{
struct net *net = rtnl_link_get_net_ifla(tb);
--
2.34.1
Powered by blists - more mailing lists