Received: by 2002:a05:6358:11c7:b0:104:8066:f915 with SMTP id i7csp3012607rwl; Mon, 27 Mar 2023 08:09:01 -0700 (PDT) X-Google-Smtp-Source: AKy350YrI+Imi91T8YMWPltgVqFVQDHOiEJnlIOsNsEwKx4tyRbatue5QCMXOkJBBCM2G2f743da X-Received: by 2002:a17:907:6e22:b0:930:3916:df1d with SMTP id sd34-20020a1709076e2200b009303916df1dmr17319298ejc.0.1679929740901; Mon, 27 Mar 2023 08:09:00 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1679929740; cv=none; d=google.com; s=arc-20160816; b=kXIoPGzF+xprDUvD4UssotZMBuTRoT/bAqxohcfTnGrOioCSh/F6Ni522sNUbXetWx nnQwvOKx0WPDnFDQjjycwlb1JC5hz4c8WGoXT41IRznhhN3zlssmrbyV0ZXATLl42X0o lXXr5xCyLk55+dgyPvKFhW0/woV3Xuoy54fufoEi/aFipELYPTQ9Y2HoSpFooOfk8FNk /xV5fk8WWPP5pKkONX2XKOtpZVP1FRIKXpLqtRUKkBQTh5RhKToqnYGKTMbT16ObsFaK xX8IvYAke6jC4jDFTo4pdnPBx+3+MOsQ8urqjRqrpTxMDJKBRWv6ZtMpC/FsPJtdQy9B xKLg== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:content-transfer-encoding:in-reply-to:from :references:cc:to:content-language:subject:user-agent:mime-version :date:message-id; bh=9rGdLgWv1YWqdqKdbKXTMJB98u5X3qFnjHoTZdJbC2g=; b=euqU2gdQpCMxng+zyTov3buSEgIhF2mjrOqfV9oteTDU6Gb+PaUxeJA09EItRYbJYZ TUdQzAMIEK83fyTxVvJZNMulVVqs3o2ALFSsOrymBYU2mx1UpM3GUPX8hWBdRvT+degY F6NbF9XgF2HDLS31qhg0Ggqg0RJV0UqMDGMpcqjA1po9iF5BLtorOxR3uDabDUN+gJth nfmK7APQ1XUPcvtlYoXtisd+vm+T+uAqw+2Jx2XCHWkeY0TWrKUNqkGgOjpacK7eWN6I Gy/v5aZrILA9c9GEppqnkWIE7J8/4Jp+VtzGegDuwapyZTYMEnSAwo+hNsjQ45osUDwY 2T3A== ARC-Authentication-Results: i=1; mx.google.com; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=fail (p=QUARANTINE sp=QUARANTINE dis=NONE) header.from=mcst.ru Return-Path: Received: from out1.vger.email (out1.vger.email. [2620:137:e000::1:20]) by mx.google.com with ESMTP id m21-20020a170906849500b008b1e792860dsi25459195ejx.339.2023.03.27.08.08.34; Mon, 27 Mar 2023 08:09:00 -0700 (PDT) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) client-ip=2620:137:e000::1:20; Authentication-Results: mx.google.com; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=fail (p=QUARANTINE sp=QUARANTINE dis=NONE) header.from=mcst.ru Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S232790AbjC0PGX (ORCPT + 99 others); Mon, 27 Mar 2023 11:06:23 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:49478 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S232702AbjC0PGP (ORCPT ); Mon, 27 Mar 2023 11:06:15 -0400 Received: from tretyak2.mcst.ru (tretyak2.mcst.ru [212.5.119.215]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id CE23D49E0; Mon, 27 Mar 2023 08:05:54 -0700 (PDT) Received: from tretyak2.mcst.ru (localhost [127.0.0.1]) by tretyak2.mcst.ru (Postfix) with ESMTP id ADE3110238E; Mon, 27 Mar 2023 18:05:52 +0300 (MSK) Received: from frog.lab.sun.mcst.ru (frog.lab.sun.mcst.ru [172.16.4.50]) by tretyak2.mcst.ru (Postfix) with ESMTP id A748D102376; Mon, 27 Mar 2023 18:04:52 +0300 (MSK) Received: from [172.16.7.18] (gang [172.16.7.18]) by frog.lab.sun.mcst.ru (8.13.4/8.12.11) with ESMTP id 32RF4pED030907; Mon, 27 Mar 2023 18:04:52 +0300 Message-ID: Date: Mon, 27 Mar 2023 18:09:50 +0300 MIME-Version: 1.0 User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:102.0) Gecko/20100101 Thunderbird/102.5.0 Subject: Re: [lvc-project] [PATCH] netfilter: nfnetlink: NULL-check skb->dev in __build_packet_message() Content-Language: en-US To: Pablo Neira Ayuso Cc: Jozsef Kadlecsik , Florian Westphal , "David S . Miller" , Eric Dumazet , Jakub Kicinski , Paolo Abeni , netfilter-devel@vger.kernel.org, coreteam@netfilter.org, netdev@vger.kernel.org, linux-kernel@vger.kernel.org, lvc-project@linuxtesting.org References: <20230327094116.1763201-1-Igor.A.Artemiev@mcst.ru> From: "Igor A. Artemiev" In-Reply-To: Content-Type: text/plain; charset=UTF-8; format=flowed Content-Transfer-Encoding: 7bit X-Anti-Virus: Kaspersky Anti-Virus for Linux Mail Server 5.6.39/RELEASE, bases: 20111107 #2745587, check: 20230327 notchecked X-AV-Checked: ClamAV using ClamSMTP X-Spam-Status: No, score=-0.0 required=5.0 tests=NICE_REPLY_A,SPF_HELO_NONE, SPF_PASS autolearn=unavailable autolearn_force=no version=3.4.6 X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on lindbergh.monkeyblade.net Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org On 3/27/23 13:22, Pablo Neira Ayuso wrote: > On Mon, Mar 27, 2023 at 12:41:16PM +0300, Igor Artemiev wrote: >> After having been compared to NULL value at nfnetlink_log.c:560, >> pointer 'skb->dev' is dereferenced at nfnetlink_log.c:576. >> >> Found by Linux Verification Center (linuxtesting.org) with SVACE. >> >> Signed-off-by: Igor Artemiev >> --- >> net/netfilter/nfnetlink_log.c | 2 +- >> 1 file changed, 1 insertion(+), 1 deletion(-) >> >> diff --git a/net/netfilter/nfnetlink_log.c b/net/netfilter/nfnetlink_log.c >> index d97eb280cb2e..2711509eb9a5 100644 >> --- a/net/netfilter/nfnetlink_log.c >> +++ b/net/netfilter/nfnetlink_log.c >> @@ -572,7 +572,7 @@ __build_packet_message(struct nfnl_log_net *log, >> } >> } >> >> - if (indev && skb_mac_header_was_set(skb)) { >> + if (indev && skb->dev && skb_mac_header_was_set(skb)) { > This cannot ever happen, we assume skb->dev is always set on. > >> if (nla_put_be16(inst->skb, NFULA_HWTYPE, htons(skb->dev->type)) || >> nla_put_be16(inst->skb, NFULA_HWLEN, >> htons(skb->dev->hard_header_len))) >> -- >> 2.30.2 >> If skb->dev is always set on, should the check at nfnetlink_log.c:560 be removed? | if (indev && skb->dev && skb_mac_header_was_set(skb) && skb_mac_header_len(skb) != 0) { | ||Thanks, Igor