Received: by 2002:ac0:a5a6:0:0:0:0:0 with SMTP id m35-v6csp5462965imm; Tue, 18 Sep 2018 09:54:00 -0700 (PDT) X-Google-Smtp-Source: ANB0VdYdWl9hrGef8OUC7tOmzwNFQBdNuUsskrcuVikRjSu1uhLYvjLNV7dLAGDLX8l36qFx0Svy X-Received: by 2002:aa7:86cb:: with SMTP id h11-v6mr31432880pfo.58.1537289640136; Tue, 18 Sep 2018 09:54:00 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1537289640; cv=none; d=google.com; s=arc-20160816; b=eOfQsJSXTGYjdZ5twV9BgTcij4I1kWjW5WwOgsmIAjTMQgMeNojvvv7QXD1rs0hJj9 MPFCfhEJzFkEi0IEBTXKUZxjVAsjjQp2/5ZJne4maeUENvq6xt5GP4IzO8hJG1J25arn tkDD+AO6BuoQhNdr5I02lIeSQ1Dtwd7bY1twwGRl6Y5ybZpYypXaHr35a97+8xIDAhx4 063ZLlq1aty0OJIGdAudZrC0ZUGHT08qv7Q55NOOuqJVyFbmf3ctpqwYmoealWh88FJ+ fcEplh/20p0Y1eqF5iR9IET+iZSi4ZyQnALTdAwD0U7+Lt8+wgTP4MRKCwXoRO1dsTtc ODGA== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:user-agent:in-reply-to :content-disposition:mime-version:references:message-id:subject:cc :to:from:date; bh=v/6TarJhEAgldi78E1CjnX5AJJQ3R9oRbPDrrkHKLZ4=; b=YOhg82fyd/0cTZXV/sGo97wZJY+vXfJOCdOfLEHjPgIMk5Vw/M/MizZ78+m6HUiH4M DuENxBcojkobLwiySCtfEaHpEBhkQ0sZ5rTO/U+hihtNC/rS5mt0gUkZJ5atKsc5pT9j uhoLHOZ/0/MzEa6z2xAcjCPMF3VkKiSdYA45XBLE0lx+QkL8JgDQ7sgGBKOHbYDlSoOs LY1BGV2jA3zJvLSSA9Z5kOxlH+u+Vtu2U9XrmpwQtVA6VZL6DIYhP7BOVurzf58LI7c2 sHQO5+3QHN6aNrQv+QvCL8XCADXEBIXNHwEy57ZFTDMJ+orh6fD/LrGRdoNUYEccxNQ9 zbgw== ARC-Authentication-Results: i=1; mx.google.com; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Return-Path: Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67]) by mx.google.com with ESMTP id 23-v6si17771350pgr.493.2018.09.18.09.53.44; Tue, 18 Sep 2018 09:54:00 -0700 (PDT) Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67; Authentication-Results: mx.google.com; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1730200AbeIRW0X (ORCPT + 99 others); Tue, 18 Sep 2018 18:26:23 -0400 Received: from zimbra.alphalink.fr ([217.15.80.77]:52508 "EHLO zimbra.alphalink.fr" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1729583AbeIRW0X (ORCPT ); Tue, 18 Sep 2018 18:26:23 -0400 Received: from localhost (localhost [127.0.0.1]) by mail-2-cbv2.admin.alphalink.fr (Postfix) with ESMTP id DB3502B52057; Tue, 18 Sep 2018 18:52:55 +0200 (CEST) Received: from zimbra.alphalink.fr ([127.0.0.1]) by localhost (mail-2-cbv2.admin.alphalink.fr [127.0.0.1]) (amavisd-new, port 10032) with ESMTP id 7IRdn2atwe1w; Tue, 18 Sep 2018 18:52:54 +0200 (CEST) Received: from localhost (localhost [127.0.0.1]) by mail-2-cbv2.admin.alphalink.fr (Postfix) with ESMTP id 97C622B52099; Tue, 18 Sep 2018 18:52:54 +0200 (CEST) X-Virus-Scanned: amavisd-new at mail-2-cbv2.admin.alphalink.fr Received: from zimbra.alphalink.fr ([127.0.0.1]) by localhost (mail-2-cbv2.admin.alphalink.fr [127.0.0.1]) (amavisd-new, port 10026) with ESMTP id XFZBZy_CznG4; Tue, 18 Sep 2018 18:52:54 +0200 (CEST) Received: from c-dev-0.admin.alphalink.fr (94-84-15-217.reverse.alphalink.fr [217.15.84.94]) by mail-2-cbv2.admin.alphalink.fr (Postfix) with ESMTP id 5E09E2B52057; Tue, 18 Sep 2018 18:52:54 +0200 (CEST) Received: by c-dev-0.admin.alphalink.fr (Postfix, from userid 1000) id 38DE860205; Tue, 18 Sep 2018 18:52:54 +0200 (CEST) Date: Tue, 18 Sep 2018 18:52:54 +0200 From: Guillaume Nault To: Eric Dumazet Cc: Alexander Potapenko , syzbot+f5f6080811c849739212@syzkaller.appspotmail.com, LKML , mostrows@earthlink.net, Networking , syzkaller-bugs@googlegroups.com Subject: Re: KMSAN: uninit-value in pppoe_rcv Message-ID: <20180918165254.GB1473@alphalink.fr> References: <0000000000004624c30575a9fd40@google.com> <7424e094-afda-084a-ad80-299f219ced92@gmail.com> MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <7424e094-afda-084a-ad80-299f219ced92@gmail.com> User-Agent: Mutt/1.10.1 (2018-07-13) Sender: linux-kernel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org On Thu, Sep 13, 2018 at 06:57:54AM -0700, Eric Dumazet wrote: > > > I guess the following patch would fix the issue > > (I will submit it more formally) > Hi Eric, Do you still plan to submit this patch? Otherwise I can take care of it. > diff --git a/drivers/net/ppp/pppoe.c b/drivers/net/ppp/pppoe.c > index ce61231e96ea5fe27f512fbd0d80d4609997e508..333e967ed968ea3ff2dda25289f7f657263db2b9 100644 > --- a/drivers/net/ppp/pppoe.c > +++ b/drivers/net/ppp/pppoe.c > @@ -423,6 +423,7 @@ static int pppoe_rcv(struct sk_buff *skb, struct net_device *dev, > struct pppoe_hdr *ph; > struct pppox_sock *po; > struct pppoe_net *pn; > + __be16 sid; > int len; > > skb = skb_share_check(skb, GFP_ATOMIC); > @@ -434,6 +435,7 @@ static int pppoe_rcv(struct sk_buff *skb, struct net_device *dev, > > ph = pppoe_hdr(skb); > len = ntohs(ph->length); > + sid = ph->sid; > > skb_pull_rcsum(skb, sizeof(*ph)); > if (skb->len < len) > @@ -447,7 +449,7 @@ static int pppoe_rcv(struct sk_buff *skb, struct net_device *dev, > /* Note that get_item does a sock_hold(), so sk_pppox(po) > * is known to be safe. > */ > - po = get_item(pn, ph->sid, eth_hdr(skb)->h_source, dev->ifindex); > + po = get_item(pn, sid, eth_hdr(skb)->h_source, dev->ifindex); > if (!po) > goto drop; > > >