Received: by 2002:a05:7412:a9a2:b0:e2:908c:2ebd with SMTP id o34csp2599732rdh; Mon, 30 Oct 2023 02:02:15 -0700 (PDT) X-Google-Smtp-Source: AGHT+IFkLbb4kzE84eLMoVyyNqyIWkDjeb6UROFgcIYvNHYTFPzn4nxGhc+xBUn7LZIAhWnLNxJH X-Received: by 2002:a05:6358:9f99:b0:168:e654:1a8f with SMTP id fy25-20020a0563589f9900b00168e6541a8fmr7716389rwb.13.1698656535580; Mon, 30 Oct 2023 02:02:15 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1698656535; cv=none; d=google.com; s=arc-20160816; b=FXwpaK3xXzQiwX4twPsLggXwHkrHjUPtAR3/JgX4MBGNkGPFwK+UKkKlon1eWsxmZJ wKAGAcvTb5YNuIdIRNB0TceXYyZhkip2hlNlVxFHQksbcUdqMF3tZ/SigeMfliZiGn0g EafhtjpyWam5POmmSo+GcijkmF7hJ66v1Kp25F1Q+vy3VoHD/KMF8eEjyrMBYRVBhi1R qDhZmsk/87ybPH5lkhzGv6cyuaFSe75wVE/WIvwJFwYtBkGJfwrbr2MDwXaPN7mZItBj HgDqkj86FvCbpJdF4PTsTXcSE6ACegse9+RkuhgRpgeKNY2ljzdKU7YR9tSEBWCQcuN6 NyQQ== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:content-transfer-encoding:cc:to:subject :message-id:date:from:in-reply-to:references:mime-version :dkim-signature; bh=7K4ygboP/GY4APGAOCgABrUsbdlE386siBpiiPBK5b4=; fh=uIRlYFqnPMePVeE/y5PShmh4b0ltjKqCsFZW6RChB8M=; b=Y/xV/lWbcwIGvjFaTL5a/B3BQL3E1vjVfWRErljjCnSrmOMWKz6lqDlTaFvTsUUgDM HTYgPqc4oeLScVe8BKSOVP+HJYjO7fL6pjsqrnef0l6sULHNGWFMa+7CCGhO1KG0G9na INZKBFAJu5EFS0svafg/JJLrIbre854Zebsct3i6AhY6CZkGZgNOTy9YIHqGmwNgOwgx EKg03+JAhNYNzyqfwLZjTlG8pM+WOcOI4PpucvvFQ8oYMBVzO/KlInkbdcymo19YI2Xn 0Y/E5/tztaktaeaxG9FCgzRq41Qc/4Yl0FtrcFevB0iuVjkZxGZopwJVUC6g5z6xopg3 RRtQ== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@google.com header.s=20230601 header.b=Al4YIthu; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.38 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=REJECT sp=REJECT dis=NONE) header.from=google.com Return-Path: Received: from fry.vger.email (fry.vger.email. [23.128.96.38]) by mx.google.com with ESMTPS id bq19-20020a056a02045300b005b980391aacsi2128489pgb.270.2023.10.30.02.02.15 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Mon, 30 Oct 2023 02:02:15 -0700 (PDT) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.38 as permitted sender) client-ip=23.128.96.38; Authentication-Results: mx.google.com; dkim=pass header.i=@google.com header.s=20230601 header.b=Al4YIthu; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.38 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=REJECT sp=REJECT dis=NONE) header.from=google.com Received: from out1.vger.email (depot.vger.email [IPv6:2620:137:e000::3:0]) by fry.vger.email (Postfix) with ESMTP id A9414807931F; Mon, 30 Oct 2023 02:00:25 -0700 (PDT) X-Virus-Status: Clean X-Virus-Scanned: clamav-milter 0.103.10 at fry.vger.email Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S232359AbjJ3JAP (ORCPT + 99 others); Mon, 30 Oct 2023 05:00:15 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:44254 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S231467AbjJ3JAN (ORCPT ); Mon, 30 Oct 2023 05:00:13 -0400 Received: from mail-ed1-x535.google.com (mail-ed1-x535.google.com [IPv6:2a00:1450:4864:20::535]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 1EB13AB for ; Mon, 30 Oct 2023 02:00:10 -0700 (PDT) Received: by mail-ed1-x535.google.com with SMTP id 4fb4d7f45d1cf-53f647c84d4so12002a12.0 for ; Mon, 30 Oct 2023 02:00:10 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20230601; t=1698656408; x=1699261208; darn=vger.kernel.org; h=content-transfer-encoding:cc:to:subject:message-id:date:from :in-reply-to:references:mime-version:from:to:cc:subject:date :message-id:reply-to; bh=7K4ygboP/GY4APGAOCgABrUsbdlE386siBpiiPBK5b4=; b=Al4YIthuHsCebp5zB5/FcVynOQD56NadVL/vZ3hETTpbsM3FYRBRRgszm+2lQC7vdo SjcCkwmyLToaFuuhiQm4S5bnxTiNMu06/D7HTGbXH+iiRegqO8TZfuRgxJZ+i9mQPJhn f20t03bcmLOBf6tVxjJwDeEpn0VAnVhoJvBWMCwtDXTtmaadqCSgPyntK8a5OW7ElBX1 gB34YsZAxsC6VuFCVam8f3xWbCoWF2TZlzNoP3JdxgWzSnOLzLbDtsQp8V2FUZMf3/4c q4gIb3E8zRdCCXnKNOrDWG1CiZcgRwyIvfZR74XT0RNzvVka5+lS6uclVf3BYC5ksbKE An7w== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1698656408; x=1699261208; h=content-transfer-encoding:cc:to:subject:message-id:date:from :in-reply-to:references:mime-version:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=7K4ygboP/GY4APGAOCgABrUsbdlE386siBpiiPBK5b4=; b=j7csaRQQC4ePN7qUJznyQPBpI1hvLkmsCnkglvi4lkQWl/hQ+lukZ8G8DypZGuf1zZ Kbd8bTTvemW6uIqBL7kyIU6dkCYWfr56aRKitqZwu+dLwTOKIZOLOgb7w5D8kdPqyZge 85t1Z/WfHRzOSd7A+zY9dgL8nYXhz7NQuRD9ft4GxBDKwbnVKD+LbYmHRlPBFSpKGEW9 yPo+MAGU5Pi4vTWsqOyOjy5JxYrK6t+bDevf3+bLnRwByEnkNpcySKu30mznNszTx9tm zRcbIs66x82+1xIS7YwrQ4RkL+lzwAlFsMLTqsz1AOF0i5jQrVLWK8F9Kh8+HeIs4qaj KsGQ== X-Gm-Message-State: AOJu0Yw6UjP3aYiEmOuI0yMVQM6AZ4aZX49ACgnATlEkwlscsKt874HT i7fxsbHZB+tEJ7AXXIWNhtBAa1rtZygQhrgdT4M43Q== X-Received: by 2002:a05:6402:5409:b0:543:1909:1a3a with SMTP id ev9-20020a056402540900b0054319091a3amr48233edb.4.1698656408315; Mon, 30 Oct 2023 02:00:08 -0700 (PDT) MIME-Version: 1.0 References: <20231028144136.3462-1-bragathemanick0908@gmail.com> In-Reply-To: <20231028144136.3462-1-bragathemanick0908@gmail.com> From: Eric Dumazet Date: Mon, 30 Oct 2023 09:59:54 +0100 Message-ID: Subject: Re: [PATCH net] dccp: check for ccid in ccid_hc_tx_send_packet To: Bragatheswaran Manickavel Cc: davem@davemloft.net, kuba@kernel.org, pabeni@redhat.com, dccp@vger.kernel.org, netdev@vger.kernel.org, linux-kernel@vger.kernel.org, syzbot+c71bc336c5061153b502@syzkaller.appspotmail.com Content-Type: text/plain; charset="UTF-8" Content-Transfer-Encoding: quoted-printable X-Spam-Status: No, score=-8.4 required=5.0 tests=DKIMWL_WL_MED,DKIM_SIGNED, DKIM_VALID,DKIM_VALID_AU,HEADER_FROM_DIFFERENT_DOMAINS, MAILING_LIST_MULTI,SPF_HELO_NONE,SPF_PASS,USER_IN_DEF_DKIM_WL autolearn=unavailable autolearn_force=no version=3.4.6 X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on fry.vger.email Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org X-Greylist: Sender passed SPF test, not delayed by milter-greylist-4.6.4 (fry.vger.email [0.0.0.0]); Mon, 30 Oct 2023 02:00:25 -0700 (PDT) On Sat, Oct 28, 2023 at 4:41=E2=80=AFPM Bragatheswaran Manickavel wrote: > > ccid_hc_tx_send_packet might be called with a NULL ccid pointer > leading to a NULL pointer dereference > > Below mentioned commit has similarly changes > commit 276bdb82dedb ("dccp: check ccid before dereferencing") > > Reported-by: syzbot+c71bc336c5061153b502@syzkaller.appspotmail.com > Closes: https://syzkaller.appspot.com/bug?extid=3Dc71bc336c5061153b502 > Signed-off-by: Bragatheswaran Manickavel > --- > net/dccp/ccid.h | 2 +- > 1 file changed, 1 insertion(+), 1 deletion(-) > > diff --git a/net/dccp/ccid.h b/net/dccp/ccid.h > index 105f3734dadb..1015dc2b9392 100644 > --- a/net/dccp/ccid.h > +++ b/net/dccp/ccid.h > @@ -163,7 +163,7 @@ static inline int ccid_packet_dequeue_eval(const int = return_code) > static inline int ccid_hc_tx_send_packet(struct ccid *ccid, struct sock = *sk, > struct sk_buff *skb) > { > - if (ccid->ccid_ops->ccid_hc_tx_send_packet !=3D NULL) > + if (ccid !=3D NULL && ccid->ccid_ops->ccid_hc_tx_send_packet !=3D= NULL) > return ccid->ccid_ops->ccid_hc_tx_send_packet(sk, skb); > return CCID_PACKET_SEND_AT_ONCE; > } > -- > 2.34.1 > If you are willing to fix dccp, I would make sure that some of lockless accesses to dccps_hc_tx_ccid are also double checked and fixed. do_dccp_getsockopt() and dccp_get_info()