Received: by 2002:a05:6359:c8b:b0:c7:702f:21d4 with SMTP id go11csp3665646rwb; Sun, 25 Sep 2022 10:19:30 -0700 (PDT) X-Google-Smtp-Source: AMsMyM5Kt5BiCCCiZE2woq5hp5x4GoUtH2ePgP5XXKJnagQvry2lP+OQB+xUyf08XYDWID6WKiZ2 X-Received: by 2002:a17:906:8a5b:b0:781:7009:965e with SMTP id gx27-20020a1709068a5b00b007817009965emr14920614ejc.625.1664126369953; Sun, 25 Sep 2022 10:19:29 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1664126369; cv=none; d=google.com; s=arc-20160816; b=G8x6yrteXejxryHka3hSHyJX1uzYN4R/afKBKsHAr1Mnv++PWYXXdtM/5CqcoHeHiv WzzcdL5yhlMcbQkqpi9GbAoMZISmkw/ZGIDk42Ta//Pm923/g89Pj7iHcEq9dIkSeoZX RkDosl8ykeyxU5oCobWq0mUUVl1TcThjjrSoXIVIp5mHjEcpiFaYbwNEyZXb4WlNm4t5 TnEvDfqdoLg5uL3+sscjZNhAOWHakkBsMiehvZwYuOrsSxLpRoSuLFMI6lKzK1SseE0I eHsX5KlZzBuiWzccpGFyWi/eQOth2DW8keLY8xt/uIaKXFcQrWGcV6q+M4U/XP9BHCb3 wWDQ== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:cc:to:subject:message-id:date:from:in-reply-to :references:mime-version:dkim-signature; bh=x/mLY200nExok1rcGyv5cZRAN/HZiWpEMUT9zCLunDY=; b=gN9uX8SAx52PoMLryN19xjSIPyXP0XOtCe1ZYsdONui+qG/No7b486AbJ527WbVt3L rGczwbjgb5fVShSe+8bDXkfdG0+4O55E51S2iWdG6Ey/aO2RmH92e+7OAtiBEVFpibYs XpfCCMksh+znppcQb2aJWq2YoXJ0ITO+YeKIaZJd4x6ktIUnGs548p0qfu4NFXnRwYeE LP44GBIqlwxP5mGCFjdvQWJ+0xCJPzmhvQZjlBfnxb+XTx01KDBTJSIoFaWceEwC1IFF XsAzH4+wfddsVJg4Yrq068CJWuNjspGdsyJnzmquXtxW/Z7FojxMUhpaJNzGG2aarkYb w+Yg== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@mojatatu-com.20210112.gappssmtp.com header.s=20210112 header.b=CtuCaN1W; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Return-Path: Received: from out1.vger.email (out1.vger.email. [2620:137:e000::1:20]) by mx.google.com with ESMTP id he36-20020a1709073da400b007804f3dafbesi450744ejc.587.2022.09.25.10.19.05; Sun, 25 Sep 2022 10:19:29 -0700 (PDT) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) client-ip=2620:137:e000::1:20; Authentication-Results: mx.google.com; dkim=pass header.i=@mojatatu-com.20210112.gappssmtp.com header.s=20210112 header.b=CtuCaN1W; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S233039AbiIYRIp (ORCPT + 99 others); Sun, 25 Sep 2022 13:08:45 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:58134 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S233013AbiIYRI3 (ORCPT ); Sun, 25 Sep 2022 13:08:29 -0400 Received: from mail-oi1-x22a.google.com (mail-oi1-x22a.google.com [IPv6:2607:f8b0:4864:20::22a]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 9A0C92E69D for ; Sun, 25 Sep 2022 10:08:28 -0700 (PDT) Received: by mail-oi1-x22a.google.com with SMTP id r125so5801290oia.8 for ; Sun, 25 Sep 2022 10:08:28 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=mojatatu-com.20210112.gappssmtp.com; s=20210112; h=cc:to:subject:message-id:date:from:in-reply-to:references :mime-version:from:to:cc:subject:date; bh=x/mLY200nExok1rcGyv5cZRAN/HZiWpEMUT9zCLunDY=; b=CtuCaN1W/G+5IuzqlATEaaV4Xs2Nc5TepFhZKgkh3REVr+AsXYMElB6HCvsgTDKo1X s+Kit44WHsmSX4qckTDCNtWF8jPNeinculIi1dwp5H9+VoNuADOErzQkpnVXjjZh65UV C7+2O0Ow/N8ap5WmUPKCW8d+78yCB2e9nglH/bC3F1sOZVaUDE40hud882jmDu9+9QeW Kt6Cik7N4ZSASzWFjQnJLAg/bLb3lvFp+7HAeGGwYfaWg7sKKxE7zV39va9GGb0RMKa/ PY/834ql4nU6D3mpBwbV6Cc3Aqhu4Na2ZKAC2DWFuAMFl2C8md3m+UjQ2cOreNLvuur9 XhVw== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20210112; h=cc:to:subject:message-id:date:from:in-reply-to:references :mime-version:x-gm-message-state:from:to:cc:subject:date; bh=x/mLY200nExok1rcGyv5cZRAN/HZiWpEMUT9zCLunDY=; b=SPaXrq1MQXP7SNstw4vEnfs7nyfr+yoq0JGrfgM3/v/t4pn/6NQfM4Su6+EG8AvIwh 7WngyxvSIyOy0gvm3vz/AVir4b6Lz1tlkBSU+Wxfy7kMBOHUiiCYOjHds9uT7BG7Go8W flegZqlGNICYTHcN8ztObH6nekeVfRDMXF4fXKpC2C15Kv2Lwcc7eeJ0EJC+Ea9pq51k RutanTlzPIuv6YEgcgGDCd93/HY9k9R2vLo/nlzO+aXeQCp/IDQP07+EJf6Sb5Qa/kP0 tNBvCUyifkiR0nVF8epEqPYv2W/B2TrLwG9zDsDUE5Z5I27ICI73j8oEA/Ehu5yabCj6 cgLQ== X-Gm-Message-State: ACrzQf1cwPFjfWlinbWbI+ARQmOhWEgy7G2uR0JDZj3tglrg/y2TxLZH MvqSB1j9Gd39b+mW9tyCGhfOHBV3eZcog5o53ZU0uA== X-Received: by 2002:a05:6808:148d:b0:350:7858:63ce with SMTP id e13-20020a056808148d00b00350785863cemr8441959oiw.106.1664125707738; Sun, 25 Sep 2022 10:08:27 -0700 (PDT) MIME-Version: 1.0 References: <000000000000a96c0b05e97f0444@google.com> In-Reply-To: From: Jamal Hadi Salim Date: Sun, 25 Sep 2022 13:08:16 -0400 Message-ID: Subject: Re: [syzbot] WARNING in u32_change To: Eric Dumazet Cc: syzbot , David Miller , Jiri Pirko , Jakub Kicinski , LKML , netdev , Paolo Abeni , syzkaller-bugs , Cong Wang , Kees Cook Content-Type: text/plain; charset="UTF-8" X-Spam-Status: No, score=-1.9 required=5.0 tests=BAYES_00,DKIM_SIGNED, DKIM_VALID,RCVD_IN_DNSWL_NONE,SPF_HELO_NONE,SPF_NONE autolearn=ham autolearn_force=no version=3.4.6 X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on lindbergh.monkeyblade.net Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org Yes, after testing i realize there is nothing wrong here. What warning was i supposed to see from running the reproducer? We will still add the test will multiple keys later cheers, jamal On Sun, Sep 25, 2022 at 12:29 PM Eric Dumazet wrote: > > On Sun, Sep 25, 2022 at 9:14 AM Jamal Hadi Salim wrote: > > > > On Sun, Sep 25, 2022 at 11:38 AM Jamal Hadi Salim wrote: > > > > > > Is there a way to tell the boat "looking into it?" > > > > > > I guess I have to swim across to it to get the message;-> > > > > I couldnt see the warning message but it is obvious by inspection that > > the memcpy is broken. We should add more test coverage. > > This should fix it. Will send a formal patch later: > > > > diff --git a/net/sched/cls_u32.c b/net/sched/cls_u32.c > > index 4d27300c2..591cbbf27 100644 > > --- a/net/sched/cls_u32.c > > +++ b/net/sched/cls_u32.c > > @@ -1019,7 +1019,7 @@ static int u32_change(struct net *net, struct > > sk_buff *in_skb, > > } > > > > s = nla_data(tb[TCA_U32_SEL]); > > - sel_size = struct_size(s, keys, s->nkeys); > > + sel_size = struct_size(s, keys, s->nkeys) + sizeof(n->sel); > > if (nla_len(tb[TCA_U32_SEL]) < sel_size) { > > err = -EINVAL; > > goto erridr; > > This patch is not needed, please look at struct_size() definition. > > Here, we might switch to unsafe_memcpy() instead of memcpy()