Received: by 10.213.65.68 with SMTP id h4csp1033587imn;
        Wed, 14 Mar 2018 07:41:46 -0700 (PDT)
X-Google-Smtp-Source: AG47ELuTNI1Ypesco+2Dp/EEThQ04poHWMtlRMHLmaASZ892rcdMRKnkIURvRJ20s/m0Gfg/qVah
X-Received: by 2002:a17:902:64cf:: with SMTP id y15-v6mr4395746pli.49.1521038505996;
        Wed, 14 Mar 2018 07:41:45 -0700 (PDT)
ARC-Seal: i=1; a=rsa-sha256; t=1521038505; cv=none;
        d=google.com; s=arc-20160816;
        b=Ivr4HAkA6Iyts7lbEnH3FGKMDuGmRMS9YZWAqiZ472MLlNTTsG0yCxO56pkUChQAOt
         IGrKC52Xqd57soB5PTeAuFbdVeRQHZ/9MUDIpeJ8BPSRDp0GqEzMs8y0FKHlv7Bpmctu
         RvXK4JLMPdqeFPyJ6FymP5S7gNPnhSBVEbLcv/wjiXuwlbyYQ3qlJdlb/Tmlb0gcv2aP
         x4jFSXId/DZ0wWQxWgiul7vnaeNWBV5r1Vv/W00MAbLbplAAoXdRRaAYJC1lC6vvS/gV
         Hib1H8+qaitG1K5QoYxQlpgDUq5H5Sc+QrPEg1lWHtn31Tw3SHqbH5X8ucTQJObTNIuB
         GEKQ==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816;
        h=list-id:precedence:sender:cc:to:subject:message-id:date:from
         :references:in-reply-to:mime-version:dkim-signature
         :arc-authentication-results;
        bh=afcjsdUG4QB9WZpXX9DMbaJYIR4Nw0j2LbyBhs1Gn3U=;
        b=uHrWZ2ozELOU9wt3kb4MnATnTT/oPDz+yLIuwS185mGxZ1WNr7LFY7Lj65VefR944A
         /mE7jtuNvsumIZptO8saSlL5J470GKnKViVgCieFVD55IAS9PvhxjxRJcnPnWL/6BOPh
         QP7F5LmccOVO5qEyuL41FXuKwMTdbtdBKCCV8oVGrIi4auw6hbBRRYvmZwpMqFMI/K5R
         wHxmwXtXqK91J0DBg/0V2sURLS1kGbzmtRqgXwEx6ZKPxUCiQG3L0zJ0TIuN/Z8/3Tgv
         xdmFCzqCExyF2vhrMM/zlrPG5EMzKxgzo4IfC4DkvjVlBhRxYV9cHPJvggod0nzcaXzm
         v3EQ==
ARC-Authentication-Results: i=1; mx.google.com;
       dkim=pass header.i=@google.com header.s=20161025 header.b=URyfU9Pv;
       spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org;
       dmarc=pass (p=REJECT sp=REJECT dis=NONE) header.from=google.com
Return-Path: <linux-kernel-owner@vger.kernel.org>
Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67])
        by mx.google.com with ESMTP id g3-v6si2057876pld.366.2018.03.14.07.41.29;
        Wed, 14 Mar 2018 07:41:45 -0700 (PDT)
Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67;
Authentication-Results: mx.google.com;
       dkim=pass header.i=@google.com header.s=20161025 header.b=URyfU9Pv;
       spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org;
       dmarc=pass (p=REJECT sp=REJECT dis=NONE) header.from=google.com
Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand
        id S1751961AbeCNOkX (ORCPT <rfc822;uzarths@gmail.com> + 99 others);
        Wed, 14 Mar 2018 10:40:23 -0400
Received: from mail-wm0-f68.google.com ([74.125.82.68]:35046 "EHLO
        mail-wm0-f68.google.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org
        with ESMTP id S1751387AbeCNOkV (ORCPT
        <rfc822;linux-kernel@vger.kernel.org>);
        Wed, 14 Mar 2018 10:40:21 -0400
Received: by mail-wm0-f68.google.com with SMTP id x7so4501774wmc.0
        for <linux-kernel@vger.kernel.org>; Wed, 14 Mar 2018 07:40:21 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=google.com; s=20161025;
        h=mime-version:in-reply-to:references:from:date:message-id:subject:to
         :cc;
        bh=afcjsdUG4QB9WZpXX9DMbaJYIR4Nw0j2LbyBhs1Gn3U=;
        b=URyfU9PvbipqMR81Iqaxx6pf7q1YQjM6W1ozn3QKRlbw4qlDTPzbiL15c+gR5fIkCI
         16cW8KGssXhbIkjzztmENmdO13jD0PiD5C21mV9Z6dm+UqFE8NOJP45d/xYHLnXc9Z5g
         cIQ4nm9gfuCJ8zrH0WsWjgx2U2G9rJqrmbFz2xSdFxjRWCF3fLW5wAORdz2o1j7otAJP
         /OlZSMJugJdix1pDyENPXp7ZowReuRgZSb4jyXIOG6wkYcj0TnGiNpL4UIVJskMSgzmh
         IV9ToRYKejMXcaeZ/1P9+7T4ccFk8aHfLlC46xhgw3k/ECsPRETxAOCFajKQp9YHQUe3
         lCtg==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=1e100.net; s=20161025;
        h=x-gm-message-state:mime-version:in-reply-to:references:from:date
         :message-id:subject:to:cc;
        bh=afcjsdUG4QB9WZpXX9DMbaJYIR4Nw0j2LbyBhs1Gn3U=;
        b=RToFzzaiSFGopu9rHDjE1YdUmqMP/BwtaWNy+E6Lv2HsdsbRC2p2FU5juhlaW0LIkQ
         NeILX18aJZy9HBaZYeFIEQXXXQot4TwnkMVG1ZmOibd1i/pUh9zbgE7pGMoEh2nu0nyZ
         xDjChEY2VVB1oHcvENqXj8D8jq2bz/qzAOrgiTkwyY0vE37CH+Q6r9mqNr3VvX0WMtN7
         2IUD5sdI11Vx1q9YLPFVZu/rhO3dJeENvmyQ43aEXA0ElslHAGTPrl3culRSKiDWyoMI
         ia9QIrx+0yQwjiRcgeFVO+OzPniO0LtTTyMUFld1oT15PfIlfVolJhyQc13jXP0xaxwU
         lN3w==
X-Gm-Message-State: AElRT7FWbuVagQUga5FNlRaXw02TJXuipzQK8PNg52UI/m37Um5ZwncF
        ziEkkg3E8Y/BvyZ0qjTIPYrmB9L/N5p0YfIx1LGTFA==
X-Received: by 10.28.207.73 with SMTP id f70mr2007539wmg.92.1521038420136;
 Wed, 14 Mar 2018 07:40:20 -0700 (PDT)
MIME-Version: 1.0
Received: by 10.28.87.139 with HTTP; Wed, 14 Mar 2018 07:40:19 -0700 (PDT)
In-Reply-To: <CAG_fn=VMj0KDqr24Mx71QBZjHzJDdQi0OthA-E1YcB0q=Sk0BA@mail.gmail.com>
References: <20180314140322.233047-1-glider@google.com> <CANn89iL8gWYReSPRfhHdyYT1+TC+GwxTD45SG+zjCMBEYjY3KQ@mail.gmail.com>
 <CAG_fn=VMj0KDqr24Mx71QBZjHzJDdQi0OthA-E1YcB0q=Sk0BA@mail.gmail.com>
From:   Eric Dumazet <edumazet@google.com>
Date:   Wed, 14 Mar 2018 07:40:19 -0700
Message-ID: <CANn89iL3wh6DJBOGGjvH+dPX7Q+otNPH4N+CDrBDGAyFqaM5jQ@mail.gmail.com>
Subject: Re: [PATCH] netlink: make sure nladdr has correct size in netlink_connect()
To:     Alexander Potapenko <glider@google.com>
Cc:     Dmitriy Vyukov <dvyukov@google.com>,
        David Miller <davem@davemloft.net>,
        Networking <netdev@vger.kernel.org>,
        LKML <linux-kernel@vger.kernel.org>
Content-Type: text/plain; charset="UTF-8"
Sender: linux-kernel-owner@vger.kernel.org
Precedence: bulk
List-ID: <linux-kernel.vger.kernel.org>
X-Mailing-List: linux-kernel@vger.kernel.org

On Wed, Mar 14, 2018 at 7:16 AM, Alexander Potapenko <glider@google.com> wrote:
>
>
>
> On Wed, Mar 14, 2018 at 3:11 PM Eric Dumazet <edumazet@google.com> wrote:
>>
>> On Wed, Mar 14, 2018 at 7:03 AM, Alexander Potapenko <glider@google.com>
>> wrote:
>> > KMSAN reports use of uninitialized memory in the case when |alen| is
>> > smaller than sizeof(struct netlink_sock), and therefore |nladdr| isn't
>> > fully copied from the userspace.
>> >
>> > Signed-off-by: Alexander Potapenko <glider@google.com>
>> > Fixes: 1da177e4c3f41524 ("Linux-2.6.12-rc2")
>> > ---
>> >  net/netlink/af_netlink.c | 3 +++
>> >  1 file changed, 3 insertions(+)
>> >
>> > diff --git a/net/netlink/af_netlink.c b/net/netlink/af_netlink.c
>> > index 07e8478068f0..5d49b39e81c3 100644
>> > --- a/net/netlink/af_netlink.c
>> > +++ b/net/netlink/af_netlink.c
>> > @@ -1085,6 +1085,9 @@ static int netlink_connect(struct socket *sock,
>> > struct sockaddr *addr,
>> >         if (addr->sa_family != AF_NETLINK)
>> >                 return -EINVAL;
>> >
>> > +       if (alen < sizeof(struct netlink_sock))
>> > +               return -EINVAL;
>> > +
>> >
>>
>> Hmmm. How was this patch tested exactly ?
>
> You're absolutely right, I should have been using sizeof(sockaddr_nl).
> The reproducer that I used to trigger the bug was passing alen=2, so the
> patch still worked despite being incorrect.
> Is there any generic set of networking tests that I can use for such bugs?

There are upstream tests in tools/testing/selftests/

In your case, making sure tools like iproute2 ss are still working
would have done the job.