Received: by 2002:a05:6359:c8b:b0:c7:702f:21d4 with SMTP id go11csp3675731rwb; Sun, 25 Sep 2022 10:30:31 -0700 (PDT) X-Google-Smtp-Source: AMsMyM679h/v41RwxhONV52Kn9bRoWRcMXtqiwDFEMWXOuo0RQMWknh77EoRvT8wrWppzwBc9rxE X-Received: by 2002:a17:902:ecd2:b0:178:3b53:ec0d with SMTP id a18-20020a170902ecd200b001783b53ec0dmr18459457plh.167.1664127031522; Sun, 25 Sep 2022 10:30:31 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1664127031; cv=none; d=google.com; s=arc-20160816; b=E2neVPoWXDh+O+gBQIHIg+TMKdTXCylNJywgn7jZ8gifsIUNC3AEHXs498odkSk9JJ c4P3odY7sNXFGRcrgtw5Xdr/JFjufEqaXZSzdryCptY07V8ojiQ8dPi/eTp/YC9V9WaA 3pdCkXj0e1w2egDzxi4aTMZAbVEtGjXSMfNwIgh3GBrdoeJuDM0r2x75X7NeijuzVis/ S9/jHvP1/jjSQN5PfHZkW6zwKqC1FIAhwDXuGJaDWp0YEAMVGbzh1izlA6P6sKigeDvd e9Xx7QK3+tfqU5L1i0BgbUIaFzIsDGc5JduzDvncy25SqFUb93p9iInoipgDAgtghIJZ k7Pg== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:cc:to:subject:message-id:date:from:in-reply-to :references:mime-version:dkim-signature; bh=V+KaTdAKkQZ1XSBh4p2sc1M/KAQsWHa8khKpB3E7NLs=; b=YkDlYb35/Jm71jm8dZRf501sTEBusNM8raLy924N0XQBFPPRHcjOWdi08M0FVertpT OGiseshylMy1wr5iyCyfJlEdB2DxMzhzcbcsuDD95MxX5582gpCcxCalH2tJlKxKQND3 KBo5iLv1iwRj3fa6pQf9bywhHs9G6YlYzUa2WR2fsmA9zY1ibdxm6iKDBExaleS/T4BR dQkkd+YiR2QfkS/9zmZaZWQnmz6vfdcSb9FdHQfHUyPfQm9ePlA8GgooT+NIF6IRX8Rt 8yieSyfd7/g+cB60qb3xlHLY56LfF6T/DddvAN2U4Hnv7LugYGWG17SG3Ha6AAUpqkz6 Ykxw== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@mojatatu-com.20210112.gappssmtp.com header.s=20210112 header.b=ptQbJTkA; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Return-Path: Received: from out1.vger.email (out1.vger.email. [2620:137:e000::1:20]) by mx.google.com with ESMTP id 81-20020a630654000000b00434e297a5ccsi15896530pgg.142.2022.09.25.10.30.19; Sun, 25 Sep 2022 10:30:31 -0700 (PDT) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) client-ip=2620:137:e000::1:20; Authentication-Results: mx.google.com; dkim=pass header.i=@mojatatu-com.20210112.gappssmtp.com header.s=20210112 header.b=ptQbJTkA; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S232744AbiIYRNf (ORCPT + 99 others); Sun, 25 Sep 2022 13:13:35 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:34686 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S229767AbiIYRNd (ORCPT ); Sun, 25 Sep 2022 13:13:33 -0400 Received: from mail-oa1-x34.google.com (mail-oa1-x34.google.com [IPv6:2001:4860:4864:20::34]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id B9D3527DC4 for ; Sun, 25 Sep 2022 10:13:32 -0700 (PDT) Received: by mail-oa1-x34.google.com with SMTP id 586e51a60fabf-1274ec87ad5so6694549fac.0 for ; Sun, 25 Sep 2022 10:13:32 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=mojatatu-com.20210112.gappssmtp.com; s=20210112; h=cc:to:subject:message-id:date:from:in-reply-to:references :mime-version:from:to:cc:subject:date; bh=V+KaTdAKkQZ1XSBh4p2sc1M/KAQsWHa8khKpB3E7NLs=; b=ptQbJTkAtJ0FiPs+v+66iqNZYHj4Xu12W3RjUQBIaeaRKmcaBUV6BVQ4/T8zVaWuXf SO1w4qbpYGrRofQZAlqgAc4ztEuJWXK1JCtCpLByo9heDygzOaXJ8S5ihRG/PNxyXZm4 423QE5/QJr2XiX/8a2HP9QGz6/OPcFxW4DmNRTo26R7fl4ocobk9DEce8uPrN5dEGwRJ XzaggwIs28HReLk76QrelhQgRDmoubp/dJYzNZQGxQd0K9QhL6WYXGkuIsELWC2oH7kn g6YMAkCsZuBlGZ96KiQBBPsbTIzHKCUNFECA+iFgOekjAl/UflfuP5dBRCvCiYrs719l 0jeQ== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20210112; h=cc:to:subject:message-id:date:from:in-reply-to:references :mime-version:x-gm-message-state:from:to:cc:subject:date; bh=V+KaTdAKkQZ1XSBh4p2sc1M/KAQsWHa8khKpB3E7NLs=; b=x+8EuO+RBA9toP4BTXgdh/fSuIruwoO+Ug33djEHfbesCxzK8hqzOHhxUL4ftmt1nP t8MByDIpBNkjLULwJ2OgUtSgKByDU4sbb3bU+JgiojnbWlxcT+eO8LhqaR7ane6IzSHD G3UMdnH60eD2s9JsyIghluLz0/yC/0/vQzOZP0p3kISomPCdF6jgU5y7nugCTGVs13yq z1vyChNEaUyPvx0o6cdG6zb/XFzljCJvdBsbOr4cAbMTDNQoOf6VkBiMSrsmwhgI7fMw MfG5XcSCjSnPoTt210jim5lvIZCTWvPj+/v4Wp/KmiWeT6C6i0s/J8qX+sLagEvhoXyN aRaA== X-Gm-Message-State: ACrzQf2CDDB7RMMMX6cA0mxA/cctL1JjSLenARtrxvdFEfVi547UYYzP nAGCRQmVmHIIBrdt6aPdF/bneV80c1FACMZYWKx+1w== X-Received: by 2002:a05:6870:1490:b0:126:e07:2a4a with SMTP id k16-20020a056870149000b001260e072a4amr9943567oab.2.1664126011909; Sun, 25 Sep 2022 10:13:31 -0700 (PDT) MIME-Version: 1.0 References: <000000000000a96c0b05e97f0444@google.com> In-Reply-To: From: Jamal Hadi Salim Date: Sun, 25 Sep 2022 13:13:20 -0400 Message-ID: Subject: Re: [syzbot] WARNING in u32_change To: Eric Dumazet Cc: syzbot , David Miller , Jiri Pirko , Jakub Kicinski , LKML , netdev , Paolo Abeni , syzkaller-bugs , Cong Wang , Kees Cook Content-Type: text/plain; charset="UTF-8" X-Spam-Status: No, score=-1.9 required=5.0 tests=BAYES_00,DKIM_SIGNED, DKIM_VALID,RCVD_IN_DNSWL_NONE,SPF_HELO_NONE,SPF_NONE autolearn=unavailable autolearn_force=no version=3.4.6 X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on lindbergh.monkeyblade.net Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org To be clear, that splat didnt happen for me. Is there something else syzbot does to activate it? cheers, jamal On Sun, Sep 25, 2022 at 1:08 PM Jamal Hadi Salim wrote: > > Yes, after testing i realize there is nothing wrong here. > What warning was i supposed to see from running the reproducer? > > We will still add the test will multiple keys later > > cheers, > jamal > > On Sun, Sep 25, 2022 at 12:29 PM Eric Dumazet wrote: > > > > On Sun, Sep 25, 2022 at 9:14 AM Jamal Hadi Salim wrote: > > > > > > On Sun, Sep 25, 2022 at 11:38 AM Jamal Hadi Salim wrote: > > > > > > > > Is there a way to tell the boat "looking into it?" > > > > > > > > > I guess I have to swim across to it to get the message;-> > > > > > > I couldnt see the warning message but it is obvious by inspection that > > > the memcpy is broken. We should add more test coverage. > > > This should fix it. Will send a formal patch later: > > > > > > diff --git a/net/sched/cls_u32.c b/net/sched/cls_u32.c > > > index 4d27300c2..591cbbf27 100644 > > > --- a/net/sched/cls_u32.c > > > +++ b/net/sched/cls_u32.c > > > @@ -1019,7 +1019,7 @@ static int u32_change(struct net *net, struct > > > sk_buff *in_skb, > > > } > > > > > > s = nla_data(tb[TCA_U32_SEL]); > > > - sel_size = struct_size(s, keys, s->nkeys); > > > + sel_size = struct_size(s, keys, s->nkeys) + sizeof(n->sel); > > > if (nla_len(tb[TCA_U32_SEL]) < sel_size) { > > > err = -EINVAL; > > > goto erridr; > > > > This patch is not needed, please look at struct_size() definition. > > > > Here, we might switch to unsafe_memcpy() instead of memcpy()