Received: by 2002:a25:ca44:0:0:0:0:0 with SMTP id a65csp715274ybg; Tue, 28 Jul 2020 17:34:29 -0700 (PDT) X-Google-Smtp-Source: ABdhPJxwzCMv6glKo4WDHikw50LOLRRelSknirr5yTSCF6TbUxuxryFEiFT0Qd9uaybSzrmJrP9X X-Received: by 2002:a05:6402:1c10:: with SMTP id ck16mr4332764edb.151.1595982869154; Tue, 28 Jul 2020 17:34:29 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1595982869; cv=none; d=google.com; s=arc-20160816; b=ihjmOZGUyA0S3Me/e/YuTMybZpzwb6hgVB1bbPMBI2XIifr3f+2bdCeb7O+8V0ZY4Q PQXPWbz49JxDcpOZbvRkkXIIxzKySIUmxuBCTQ/ZRQIDYvpe7jPyiWbMp/pKx4QZvnS1 tkigbbG++KcZnPEm/uoS0V8gZskI68SLRPH1AxC4X4IUrD+puRdmG1jyg1KlZzRXTT6Z K9VfoC7of9mCANEEupESKU5UtFySjb9bPaFWFjNf09J4N0PM92jQ6dRBogqWrJDDxTIu BFNmTiAOHMYDzDInSxvdT+C8yBw22DRKfYNaSCv6EfLDWlX+iTTaW9JU9jPiOjMfRiJu gVvw== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:content-transfer-encoding:mime-version :references:in-reply-to:from:subject:cc:to:message-id:date; bh=XNBGAFv8nAGzH4HLxBOZQUCSnSC2hz+J4kqUd25FFMQ=; b=zcmdGVFXJJ5Yq8F31krixBoSuJdOMWlDQX4FFIn6JWD5AwROWNbQrFF8ZRIXeeyPF8 GNaszpcBUmrOUj3haD4ayuT6c7YQAEmCI/cGw48sL5r1JD6h54TKQnujQv7KYbBBleQ5 fknQre8Cf9UOb5UB1PUDWcMH/NnoiuDFKEEJkKmqSsUTygPZIxktWysWnswupEdKwjaU ocZ2v7k0e7ElohdHuZ+HvG6ybrCi3WnnEEmf5yQyjF31/NwOsmAtWecyOzYFCd75e34+ sYa93cMTHvpP1efG3Q3vkqD0NuzNsxy9jJm6Gj6gOIopj2tI8c71E1vNqtXhITSdZSu5 KUQw== ARC-Authentication-Results: i=1; mx.google.com; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Return-Path: Received: from vger.kernel.org (vger.kernel.org. [23.128.96.18]) by mx.google.com with ESMTP id w4si226633edi.438.2020.07.28.17.34.06; Tue, 28 Jul 2020 17:34:29 -0700 (PDT) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) client-ip=23.128.96.18; Authentication-Results: mx.google.com; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1730836AbgG2Adp (ORCPT + 99 others); Tue, 28 Jul 2020 20:33:45 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:44554 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1730535AbgG2Adp (ORCPT ); Tue, 28 Jul 2020 20:33:45 -0400 Received: from shards.monkeyblade.net (shards.monkeyblade.net [IPv6:2620:137:e000::1:9]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 3376BC061794; Tue, 28 Jul 2020 17:33:45 -0700 (PDT) Received: from localhost (unknown [IPv6:2601:601:9f00:477::3d5]) (using TLSv1 with cipher AES256-SHA (256/256 bits)) (Client did not present a certificate) (Authenticated sender: davem-davemloft) by shards.monkeyblade.net (Postfix) with ESMTPSA id 0EDC0128D3F7E; Tue, 28 Jul 2020 17:16:58 -0700 (PDT) Date: Tue, 28 Jul 2020 17:33:41 -0700 (PDT) Message-Id: <20200728.173341.1412402860749304096.davem@davemloft.net> To: bkkarthik@pesu.pes.edu Cc: herbert@gondor.apana.org.au, kuznet@ms2.inr.ac.ru, yoshfuji@linux-ipv6.org, kuba@kernel.org, netdev@vger.kernel.org, linux-kernel@vger.kernel.org, gregkh@linuxfoundation.org, skhan@linuxfounation.org Subject: Re: [PATCH] net: ipv6: fix slab-out-of-bounds Read in __xfrm6_tunnel_spi_check From: David Miller In-Reply-To: <20200725133031.a5uxkpikopntgu4c@pesu.pes.edu> References: <20200725133031.a5uxkpikopntgu4c@pesu.pes.edu> X-Mailer: Mew version 6.8 on Emacs 26.3 Mime-Version: 1.0 Content-Type: Text/Plain; charset=us-ascii Content-Transfer-Encoding: 7bit X-Greylist: Sender succeeded SMTP AUTH, not delayed by milter-greylist-4.5.12 (shards.monkeyblade.net [149.20.54.216]); Tue, 28 Jul 2020 17:16:58 -0700 (PDT) Sender: linux-kernel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org From: B K Karthik Date: Sat, 25 Jul 2020 19:00:31 +0530 > use spi_byaddr instead of spi_byspi ... > diff --git a/net/ipv6/xfrm6_tunnel.c b/net/ipv6/xfrm6_tunnel.c > index 25b7ebda2fab..cab7693ccfe3 100644 > --- a/net/ipv6/xfrm6_tunnel.c > +++ b/net/ipv6/xfrm6_tunnel.c > @@ -103,10 +103,10 @@ static int __xfrm6_tunnel_spi_check(struct net *net, u32 spi) > { > struct xfrm6_tunnel_net *xfrm6_tn = xfrm6_tunnel_pernet(net); > struct xfrm6_tunnel_spi *x6spi; > - int index = xfrm6_tunnel_spi_hash_byspi(spi); > + int index = xfrm6_tunnel_spi_hash_byaddr(spi); You are passing a u32 integer into a function that expects a pointer as an argument. This change isn't even compile tested properly, let alone run tested. Please stop making such careless submissions, this takes up valuable developer patch review resources. Thank you.