Received: by 2002:ad5:474a:0:0:0:0:0 with SMTP id i10csp3697397imu; Mon, 28 Jan 2019 09:13:12 -0800 (PST) X-Google-Smtp-Source: ALg8bN5phpb6QRF9zxyblbiBFmT4HlHnFNHQuZwSPghMsTek/EhKncr42XiuJkL7ygSBD2q/GNNs X-Received: by 2002:a17:902:d70b:: with SMTP id w11mr22947397ply.294.1548695592683; Mon, 28 Jan 2019 09:13:12 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1548695592; cv=none; d=google.com; s=arc-20160816; b=KW5AZzVA/8n+qwdwIS36FHOyl+UQTaYTlNpvE4pgIzVB+7ZhmlwhZ4aGE8Lzd3fKlH lqJFaZQeWKTwDghzi5tObMpuzme7Zi3U+QLeKTqk231KJc6dfS7UjcjOijE1NpCEI3Og 4qJWvMndc23DXnz/CITLOkgONCClwuMOkUcnseQbVvKqzzfMw1oo4BYgsRsBo5pfx+LI d62EDaVnfqRX/IZv6ZOo2xJn6sxL6jw5UjfzZPLofSwWK247FLcayl+XbH1DWaihLhVJ bIE/riRS9/6/76S/CdYzThdVohi6oZ4E12LgIAxAItLxRevEBidlHOJSInmJNhCsGnqp CHdg== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:content-transfer-encoding:mime-version :references:in-reply-to:message-id:date:subject:cc:to:from :dkim-signature; bh=1V+tYNGfRiwQCYCQjuIUXsPnmRJ5H8BjVEomaUN+PWs=; b=nN/LvQhoB6aywGBBtge8Tcm8xA3FaN3b96pynh5v4JVb7t/BeOme/ZYJTNOZbptURt tzsyD+k/fqDhYYxwWdv7tHMSEoLdcEECEShkZxCAOsunMBy0haAsp2glWnqO1N94CR+M 1ZBhRZm2vfOa89aB8qQKeby8ST7NIShqn2wgga3UWbzL/GLehFPMPA7OmxoKvaCrYdfE 6IT6B0mcYY+B2jH1ktYT/var6vpraYjsWbW5X0wX/dNCJ0Ca9zv3BOaB7Nz8Em5dwgCp R1hKWPs8IWFBPEkoCbVii3/EsOCzNuW+H78NC5epjMXj727ow1Vsw2csPaYftkBRN3a1 9UCQ== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@kernel.org header.s=default header.b=Md8e+IsZ; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=kernel.org Return-Path: Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67]) by mx.google.com with ESMTP id 93si32863665plc.2.2019.01.28.09.12.57; Mon, 28 Jan 2019 09:13:12 -0800 (PST) Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67; Authentication-Results: mx.google.com; dkim=pass header.i=@kernel.org header.s=default header.b=Md8e+IsZ; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=kernel.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1732583AbfA1QJX (ORCPT + 99 others); Mon, 28 Jan 2019 11:09:23 -0500 Received: from mail.kernel.org ([198.145.29.99]:33806 "EHLO mail.kernel.org" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1732566AbfA1QJS (ORCPT ); Mon, 28 Jan 2019 11:09:18 -0500 Received: from sasha-vm.mshome.net (c-73-47-72-35.hsd1.nh.comcast.net [73.47.72.35]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by mail.kernel.org (Postfix) with ESMTPSA id 1B8172147A; Mon, 28 Jan 2019 16:09:15 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org; s=default; t=1548691757; bh=OckqL4Uw1cZI5gQjkSFf2zzFdyTsNLGfqfieTeKf6zw=; h=From:To:Cc:Subject:Date:In-Reply-To:References:From; b=Md8e+IsZzjIMeTZ/IlLri/Mcmrz+h5ndnKilimfVwfNZtOrt0YTNERdURlIiyLeoN wt5eXJJGmLHvv0bsTW4plCSC4iMdNl1vtOwmRc9IRnQ5ECyaisEi7fG4opD0q63COm bm/c/PHC5CUrqTFz6+/31ilEEq7h7Q+mEoKzyMUg= From: Sasha Levin To: linux-kernel@vger.kernel.org, stable@vger.kernel.org Cc: Konstantin Khorenko , Jeff Kirsher , Sasha Levin , netdev@vger.kernel.org Subject: [PATCH AUTOSEL 4.19 207/258] i40e: define proper net_device::neigh_priv_len Date: Mon, 28 Jan 2019 10:58:33 -0500 Message-Id: <20190128155924.51521-207-sashal@kernel.org> X-Mailer: git-send-email 2.19.1 In-Reply-To: <20190128155924.51521-1-sashal@kernel.org> References: <20190128155924.51521-1-sashal@kernel.org> MIME-Version: 1.0 X-Patchwork-Hint: Ignore Content-Transfer-Encoding: 8bit Sender: linux-kernel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org From: Konstantin Khorenko [ Upstream commit 31389b53b3e0b535867af9090a5d19ec64768d55 ] Out of bound read reported by KASan. i40iw_net_event() reads unconditionally 16 bytes from neigh->primary_key while the memory allocated for "neighbour" struct is evaluated in neigh_alloc() as tbl->entry_size + dev->neigh_priv_len where "dev" is a net_device. But the driver does not setup dev->neigh_priv_len and we read beyond the neigh entry allocated memory, so the patch in the next mail fixes this. Signed-off-by: Konstantin Khorenko Tested-by: Andrew Bowers Signed-off-by: Jeff Kirsher Signed-off-by: Sasha Levin --- drivers/net/ethernet/intel/i40e/i40e_main.c | 3 +++ 1 file changed, 3 insertions(+) diff --git a/drivers/net/ethernet/intel/i40e/i40e_main.c b/drivers/net/ethernet/intel/i40e/i40e_main.c index bfa5c525cf31..41fa22c562c1 100644 --- a/drivers/net/ethernet/intel/i40e/i40e_main.c +++ b/drivers/net/ethernet/intel/i40e/i40e_main.c @@ -12016,6 +12016,9 @@ static int i40e_config_netdev(struct i40e_vsi *vsi) ether_addr_copy(netdev->dev_addr, mac_addr); ether_addr_copy(netdev->perm_addr, mac_addr); + /* i40iw_net_event() reads 16 bytes from neigh->primary_key */ + netdev->neigh_priv_len = sizeof(u32) * 4; + netdev->priv_flags |= IFF_UNICAST_FLT; netdev->priv_flags |= IFF_SUPP_NOFCS; /* Setup netdev TC information */ -- 2.19.1