Received: by 2002:a6b:fb09:0:0:0:0:0 with SMTP id h9csp2757581iog; Mon, 27 Jun 2022 02:14:03 -0700 (PDT) X-Google-Smtp-Source: AGRyM1vwBt6Pjl+lDAR9zCmbaWF8MyM/LHcE1Rgm2iZGura6mqr87DsAI2mCvifLD3NXrQ5YHUtt X-Received: by 2002:a63:d951:0:b0:411:4723:acea with SMTP id e17-20020a63d951000000b004114723aceamr251015pgj.411.1656321242959; Mon, 27 Jun 2022 02:14:02 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1656321242; cv=none; d=google.com; s=arc-20160816; b=wOOf7UwTQQ3n0a+4xXnbbw6+KKXMQ/G1gpN5or4d7SK/4l766cMkm2Q7nBQcjOvhc/ pJ41R6kGKSkTQtdsZfK/6CpJeEmMZbzcbA3oChX3raXQ9vDpfIhVtkA31CHu86pwLwmu jOXMXuSDkDtVxyNZkVqLRGRTlrSBDfrK1NJXVJQ+uPv8m0o9o9SGpHyVvC0lVYk38CPL uLIkkkqI6SFLC+F541nG75VXNjghpFY2xPKVwyy2XhpmLT76fqL4NYNNQKl7H8jaccy9 XjnsAKPBlfS8iUjp/wQHiUkoe/+jzat9ePx5BA4743x0lpv4RvE0aF/FEdkr/wUCOmqS 0nOg== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:cc:to:subject:message-id:date:from:in-reply-to :references:mime-version:dkim-signature; bh=sE+c2xBowUT0oZC9mJQkDcVYUMmhR1gbqrppxK7hGZQ=; b=jA4s/mnPm+DE0m86qCvuCdUgZ/uUDb1XjpeDU23Y9VSB+v+q3RfL9GrIH0TvWXIKLT ZxDXL+Nnb9nC5ImQ3DflYHTMt4Za55nS4nbZwZmlnCauV65LRPOP79eilEmj57c1RIO9 mDBqMqN00KGd4cbzuANqKuNyoiKiZ7lRZbAxW8KJVr5WbRyUvrSOKlY1xSzSx8hM82M0 JBebxlv+poHb3HL+nDf7tpTor0mOLJoHQWIX+6ofAjc92VZbZZxn7vUwcbXAXbwkpbcL Y/DFW97kXYJyobtFYABeCZYFErkxxliO5LXkgSv7MuByXm0j1BGgX/xBVHavfaxUukx3 2TYg== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@google.com header.s=20210112 header.b=EaOtpJG1; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=REJECT sp=REJECT dis=NONE) header.from=google.com Return-Path: Received: from out1.vger.email (out1.vger.email. [2620:137:e000::1:20]) by mx.google.com with ESMTP id bk13-20020a056a02028d00b0040cb43cca7csi14311453pgb.127.2022.06.27.02.13.51; Mon, 27 Jun 2022 02:14:02 -0700 (PDT) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) client-ip=2620:137:e000::1:20; Authentication-Results: mx.google.com; dkim=pass header.i=@google.com header.s=20210112 header.b=EaOtpJG1; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=REJECT sp=REJECT dis=NONE) header.from=google.com Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S233665AbiF0JBV (ORCPT + 99 others); Mon, 27 Jun 2022 05:01:21 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:53640 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S233653AbiF0JBU (ORCPT ); Mon, 27 Jun 2022 05:01:20 -0400 Received: from mail-yb1-xb2f.google.com (mail-yb1-xb2f.google.com [IPv6:2607:f8b0:4864:20::b2f]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 38148638D for ; Mon, 27 Jun 2022 02:01:19 -0700 (PDT) Received: by mail-yb1-xb2f.google.com with SMTP id l11so15540117ybu.13 for ; Mon, 27 Jun 2022 02:01:19 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20210112; h=mime-version:references:in-reply-to:from:date:message-id:subject:to :cc; bh=sE+c2xBowUT0oZC9mJQkDcVYUMmhR1gbqrppxK7hGZQ=; b=EaOtpJG1VTk5K3EQ8AGM1DheeW112pL2+D/Ji/GXydUHnQIKmMQLm+7mzEy7kIf53Q c2I6VJbLQe4LotUrbFCadEldgNY4qPzYukLrtw2PVBXDVhU1iE/+8rEKzz5jseLHlIaf 0uBVTbd9scAsRleKLjLYPlvZwLGUmLMLRVVEOeOvy2cGhWp4hdkWqVEHf3E3298mBfwk 9UpU7jrIASTXhXWU+2qQqPYxxvECCKgpbCdV23BNSmv7eH1QXqT9v5Th05TgAhrc0wGL 21LHUj7KowEgMCZsU9/on9bNp9y5C/0t7P69JhvFswJu6eyRIEtN4htNMP7aARHEBzDy j/tQ== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20210112; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to:cc; bh=sE+c2xBowUT0oZC9mJQkDcVYUMmhR1gbqrppxK7hGZQ=; b=KeUHvCYvTRcHXy7kT95ldPJ6kTlS4zOGVeprrrhWXZ6RgGE4Lj/qmrnX3+2pqW8rqR ZdlOtGYj682Nbh+Trpi+HwGeQerMK915wKveIuZ/K32jZON4qeA5VEEBYL9C5YCNGFrt 1qyjdkFD19g0yjqemNJjId4qrwGP4iOD1tutIfEwENAJEZ+Z2LD0I5QH9IOpXbJS0BfA dIHObKdymw11BFxkrfV7ztxAMt18TpjGwDng1N5Ko78cKB+TYqD7lPD8Np2iGInTKf6a 9dgDtXCEVlkk9oDgyVUNTcSa8mhiI7nV2sT8/d0MUTHsOqJs5FDuPnzlRAoJhfM8kN3M BMEA== X-Gm-Message-State: AJIora8AYPJMNZX5QErm//ZAt7mPffuIxF2NzcNP3gmDGFB3rkjXzlmR PN/iyPNRTRwOwIe5EIbDUEXAq66NN/FmUhLYSoCysA== X-Received: by 2002:a25:3383:0:b0:66b:6205:1583 with SMTP id z125-20020a253383000000b0066b62051583mr12237480ybz.387.1656320478104; Mon, 27 Jun 2022 02:01:18 -0700 (PDT) MIME-Version: 1.0 References: <20220625054524.2445867-1-zys.zljxml@gmail.com> In-Reply-To: <20220625054524.2445867-1-zys.zljxml@gmail.com> From: Eric Dumazet Date: Mon, 27 Jun 2022 11:01:07 +0200 Message-ID: Subject: Re: [PATCH v2] ipv6/sit: fix ipip6_tunnel_get_prl when memory allocation fails To: zys.zljxml@gmail.com Cc: LKML , netdev , Hideaki YOSHIFUJI , David Ahern , Jakub Kicinski , David Miller , Eric Dumazet , Paolo Abeni , katrinzhou Content-Type: text/plain; charset="UTF-8" X-Spam-Status: No, score=-17.6 required=5.0 tests=BAYES_00,DKIMWL_WL_MED, DKIM_SIGNED,DKIM_VALID,DKIM_VALID_AU,DKIM_VALID_EF, ENV_AND_HDR_SPF_MATCH,RCVD_IN_DNSWL_NONE,SPF_HELO_NONE,SPF_PASS, T_SCC_BODY_TEXT_LINE,USER_IN_DEF_DKIM_WL,USER_IN_DEF_SPF_WL autolearn=ham autolearn_force=no version=3.4.6 X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on lindbergh.monkeyblade.net Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org On Sat, Jun 25, 2022 at 7:45 AM wrote: > > From: katrinzhou > > Fix an illegal copy_to_user() attempt when the system fails to > allocate memory for prl due to a lack of memory. I do not really see an illegal copy_to_user() c = 0 -> len = 0 if ((len && copy_to_user(a + 1, kp, len)) || put_user(len, &a->datalen)) So the copy_to_user() should not be called ? I think you should only mention that after this patch, correct error code is returned (-ENOMEM) > > Addresses-Coverity: ("Unused value") > Fixes: 300aaeeaab5f ("[IPV6] SIT: Add SIOCGETPRL ioctl to get/dump PRL.") > Signed-off-by: katrinzhou > --- > > Changes in v2: > - Move the position of label "out" > > net/ipv6/sit.c | 7 +++---- > 1 file changed, 3 insertions(+), 4 deletions(-) > > diff --git a/net/ipv6/sit.c b/net/ipv6/sit.c > index c0b138c20992..3330882c0f94 100644 > --- a/net/ipv6/sit.c > +++ b/net/ipv6/sit.c > @@ -323,8 +323,6 @@ static int ipip6_tunnel_get_prl(struct net_device *dev, struct ip_tunnel_prl __u > kcalloc(cmax, sizeof(*kp), GFP_KERNEL_ACCOUNT | __GFP_NOWARN) : > NULL; > > - rcu_read_lock(); > - > ca = min(t->prl_count, cmax); > > if (!kp) { > @@ -342,6 +340,7 @@ static int ipip6_tunnel_get_prl(struct net_device *dev, struct ip_tunnel_prl __u > } > > c = 0; > + rcu_read_lock(); > for_each_prl_rcu(t->prl) { > if (c >= cmax) > break; > @@ -353,7 +352,7 @@ static int ipip6_tunnel_get_prl(struct net_device *dev, struct ip_tunnel_prl __u > if (kprl.addr != htonl(INADDR_ANY)) > break; > } > -out: > + > rcu_read_unlock(); > > len = sizeof(*kp) * c; > @@ -362,7 +361,7 @@ static int ipip6_tunnel_get_prl(struct net_device *dev, struct ip_tunnel_prl __u > ret = -EFAULT; > > kfree(kp); > - > +out: > return ret; > } > > -- > 2.27.0 >