2019-03-28 09:48:20

by Alexander Potapenko

[permalink] [raw]
Subject: [PATCH] netfilter: conntrack: initialize ct->timeout

KMSAN started reporting an error when accessing ct->timeout for the
first time without initialization:

BUG: KMSAN: uninit-value in __nf_ct_refresh_acct+0x1ae/0x470 net/netfilter/nf_conntrack_core.c:1765
...
dump_stack+0x173/0x1d0 lib/dump_stack.c:113
kmsan_report+0x131/0x2a0 mm/kmsan/kmsan.c:624
__msan_warning+0x7a/0xf0 mm/kmsan/kmsan_instr.c:310
__nf_ct_refresh_acct+0x1ae/0x470 net/netfilter/nf_conntrack_core.c:1765
nf_ct_refresh_acct ./include/net/netfilter/nf_conntrack.h:201
nf_conntrack_udp_packet+0xb44/0x1040 net/netfilter/nf_conntrack_proto_udp.c:122
nf_conntrack_handle_packet net/netfilter/nf_conntrack_core.c:1605
nf_conntrack_in+0x1250/0x26c9 net/netfilter/nf_conntrack_core.c:1696
...
Uninit was created at:
kmsan_save_stack_with_flags mm/kmsan/kmsan.c:205
kmsan_internal_poison_shadow+0x92/0x150 mm/kmsan/kmsan.c:159
kmsan_kmalloc+0xa9/0x130 mm/kmsan/kmsan_hooks.c:173
kmem_cache_alloc+0x554/0xb10 mm/slub.c:2789
__nf_conntrack_alloc+0x16f/0x690 net/netfilter/nf_conntrack_core.c:1342
init_conntrack+0x6cb/0x2490 net/netfilter/nf_conntrack_core.c:1421

Signed-off-by: Alexander Potapenko <[email protected]>
Fixes: cc16921351d8ba1 ("netfilter: conntrack: avoid same-timeout update")
Cc: Florian Westphal <[email protected]>
---
net/netfilter/nf_conntrack_core.c | 1 +
1 file changed, 1 insertion(+)

diff --git a/net/netfilter/nf_conntrack_core.c b/net/netfilter/nf_conntrack_core.c
index 82bfbeef46af..a137d4e7f218 100644
--- a/net/netfilter/nf_conntrack_core.c
+++ b/net/netfilter/nf_conntrack_core.c
@@ -1350,6 +1350,7 @@ __nf_conntrack_alloc(struct net *net,
/* save hash for reusing when confirming */
*(unsigned long *)(&ct->tuplehash[IP_CT_DIR_REPLY].hnnode.pprev) = hash;
ct->status = 0;
+ ct->timeout = 0;
write_pnet(&ct->ct_net, net);
memset(&ct->__nfct_init_offset[0], 0,
offsetof(struct nf_conn, proto) -
--
2.21.0.392.gf8f6787159e-goog



2019-03-28 10:06:19

by Florian Westphal

[permalink] [raw]
Subject: Re: [PATCH] netfilter: conntrack: initialize ct->timeout

Alexander Potapenko <[email protected]> wrote:
> KMSAN started reporting an error when accessing ct->timeout for the
> first time without initialization:
>
> BUG: KMSAN: uninit-value in __nf_ct_refresh_acct+0x1ae/0x470 net/netfilter/nf_conntrack_core.c:1765
> ...
> dump_stack+0x173/0x1d0 lib/dump_stack.c:113
> kmsan_report+0x131/0x2a0 mm/kmsan/kmsan.c:624
> __msan_warning+0x7a/0xf0 mm/kmsan/kmsan_instr.c:310
> __nf_ct_refresh_acct+0x1ae/0x470 net/netfilter/nf_conntrack_core.c:1765
> nf_ct_refresh_acct ./include/net/netfilter/nf_conntrack.h:201
> nf_conntrack_udp_packet+0xb44/0x1040 net/netfilter/nf_conntrack_proto_udp.c:122
> nf_conntrack_handle_packet net/netfilter/nf_conntrack_core.c:1605
> nf_conntrack_in+0x1250/0x26c9 net/netfilter/nf_conntrack_core.c:1696
> ...
> Uninit was created at:
> kmsan_save_stack_with_flags mm/kmsan/kmsan.c:205
> kmsan_internal_poison_shadow+0x92/0x150 mm/kmsan/kmsan.c:159
> kmsan_kmalloc+0xa9/0x130 mm/kmsan/kmsan_hooks.c:173
> kmem_cache_alloc+0x554/0xb10 mm/slub.c:2789
> __nf_conntrack_alloc+0x16f/0x690 net/netfilter/nf_conntrack_core.c:1342
> init_conntrack+0x6cb/0x2490 net/netfilter/nf_conntrack_core.c:1421

Acked-by: Florian Westphal <[email protected]>

2019-04-13 12:58:25

by Pablo Neira Ayuso

[permalink] [raw]
Subject: Re: [PATCH] netfilter: conntrack: initialize ct->timeout

On Thu, Mar 28, 2019 at 10:47:20AM +0100, Alexander Potapenko wrote:
> KMSAN started reporting an error when accessing ct->timeout for the
> first time without initialization:
>
> BUG: KMSAN: uninit-value in __nf_ct_refresh_acct+0x1ae/0x470 net/netfilter/nf_conntrack_core.c:1765

Applied, thanks.