Received: by 2002:a05:7412:b10a:b0:f3:1519:9f41 with SMTP id az10csp2810447rdb; Mon, 4 Dec 2023 08:08:03 -0800 (PST) X-Google-Smtp-Source: AGHT+IGN0kEjf9YFEWK1eoqPnCjF2PKQrZEo2ixgbjLjQM6GacDRO7K7Q9TjDuY5HZICaHwvxytf X-Received: by 2002:a17:902:d4d2:b0:1d0:9471:808d with SMTP id o18-20020a170902d4d200b001d09471808dmr2323613plg.93.1701706083503; Mon, 04 Dec 2023 08:08:03 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1701706083; cv=none; d=google.com; s=arc-20160816; b=tMpLkdZqz0lQF95K9a9+vsawn04jUaDN8duHPXuyfAKr6biVmqlH0Udql1ulTMePCH vxERNYHKh2Q07eP4JMIROba4zpGofm5jxGA6mV6j9vgeWj8xcWaW19vwk8+ogebcKSJ2 3huQcC5Ty9Ylv3i3N+WoKS8Qfb3y34D9K+94sySpDARtu4JmE7yDnTXUmPFhY/k/pJ9D pKkOgOWd3sOZpgYs0srvdjNMxASW4mH+buugBKbN6HjY4wcgmmBllRdIJbnv6ohncSuM op5ZJw5g50xAp3fSoFCnYnR34ZNt0Snyj0SKTz3q7B6Z8vjh9B+Fsp0g7q2y4kHKmm66 7MGw== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:content-transfer-encoding:in-reply-to:from :content-language:references:cc:to:subject:user-agent:mime-version :date:message-id:dkim-signature; bh=UxGwEKMqb77hSj2gwUSJa6e+ATYUziz0FtksrLEqbDc=; fh=d56VXl13lroPpYzzCD4Hs9h8siBNBc3BMFuuPemVc18=; b=fNGQgRxJkJrKFNRmaGIcSjjkzpydJwmvmWyxTe158X81sraMrAx9Rny7babqUgk4cM SnPYPvmgGJbWWMeof1LVT55pWWX+wfpCfmSu9o++KiRDB1LfRcLK/Y8cbkQ+hJk+6rf4 +mtZ5wcpUVcZmCwXcL4FoBTa7DGVjlaRmGjyfIvT2a4Wyd2OZyQKiAJIzH9ZQsmTIQfr Fc4FWTBujgzDM4oCud7TRKPWbqK2PvHwJxbcf3+BDi9UDIYEoh5LehP+6kaTCADfXskR vd0KSKQ4SHEE5SNBi6dgzgoN4t3H0AayRoFInlRmfmoxZdpGw4T078PUp2JxcMNXF1t/ qlaA== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@marvell.com header.s=pfpt0220 header.b=aL+XXb5Q; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::3:1 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=REJECT dis=NONE) header.from=marvell.com Return-Path: Received: from morse.vger.email (morse.vger.email. [2620:137:e000::3:1]) by mx.google.com with ESMTPS id b12-20020a170902b60c00b001d06e87b213si4310062pls.184.2023.12.04.08.08.02 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Mon, 04 Dec 2023 08:08:03 -0800 (PST) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::3:1 as permitted sender) client-ip=2620:137:e000::3:1; Authentication-Results: mx.google.com; dkim=pass header.i=@marvell.com header.s=pfpt0220 header.b=aL+XXb5Q; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::3:1 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=REJECT dis=NONE) header.from=marvell.com Received: from out1.vger.email (depot.vger.email [IPv6:2620:137:e000::3:0]) by morse.vger.email (Postfix) with ESMTP id A867B80BEF28; Mon, 4 Dec 2023 08:08:00 -0800 (PST) X-Virus-Status: Clean X-Virus-Scanned: clamav-milter 0.103.11 at morse.vger.email Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S234774AbjLDQHf (ORCPT + 99 others); Mon, 4 Dec 2023 11:07:35 -0500 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:33670 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S234949AbjLDQHe (ORCPT ); Mon, 4 Dec 2023 11:07:34 -0500 Received: from mx0b-0016f401.pphosted.com (mx0a-0016f401.pphosted.com [67.231.148.174]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 67CAACA; Mon, 4 Dec 2023 08:07:39 -0800 (PST) Received: from pps.filterd (m0045849.ppops.net [127.0.0.1]) by mx0a-0016f401.pphosted.com (8.17.1.19/8.17.1.19) with ESMTP id 3B4CxuPc022087; Mon, 4 Dec 2023 08:06:52 -0800 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=marvell.com; h=message-id : date : mime-version : subject : to : cc : references : from : in-reply-to : content-type : content-transfer-encoding; s=pfpt0220; bh=UxGwEKMqb77hSj2gwUSJa6e+ATYUziz0FtksrLEqbDc=; b=aL+XXb5QHCpAsH44dhOEFE9kyihBRMnyEqQTS4uv+EVfGFJ5Pl55D0OMMantvZrk4aij MZLeQ8FZUuKO6IFisV+MG2QPPxgEnU6OXmPFvvtf1m403X85LT4KRcrRhz9DLus8PANI /s6il0mqas8CXq49KYf11D8E5WvamZr6lCF+jmzrMcCpsAAaQF2hhYWjK7vstV8fwQOM x1Map7hQpR0RiItiUz3vwHRfX4qcqyYudtDc/dVRLSh7J2MI6dF6mwLGBnr5dayFkz0Z ArUZ0FY96KIzXZ9rW9sfaKRe8V6DmAskD8O31FlAOLcxdE1JXUtDgxiRTz3uUIw2rx0p GQ== Received: from dc5-exch01.marvell.com ([199.233.59.181]) by mx0a-0016f401.pphosted.com (PPS) with ESMTPS id 3ur2tvdxt3-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-SHA384 bits=256 verify=NOT); Mon, 04 Dec 2023 08:06:51 -0800 Received: from DC5-EXCH01.marvell.com (10.69.176.38) by DC5-EXCH01.marvell.com (10.69.176.38) with Microsoft SMTP Server (TLS) id 15.0.1497.48; Mon, 4 Dec 2023 08:06:50 -0800 Received: from maili.marvell.com (10.69.176.80) by DC5-EXCH01.marvell.com (10.69.176.38) with Microsoft SMTP Server id 15.0.1497.48 via Frontend Transport; Mon, 4 Dec 2023 08:06:50 -0800 Received: from [10.9.8.90] (OBi302.marvell.com [10.9.8.90]) by maili.marvell.com (Postfix) with ESMTP id DA6AA3F7057; Mon, 4 Dec 2023 08:06:46 -0800 (PST) Message-ID: <08ae0a18-669e-b479-94d4-450a7a12efe9@marvell.com> Date: Mon, 4 Dec 2023 17:06:46 +0100 MIME-Version: 1.0 User-Agent: Mozilla Thunderbird Subject: Re: [EXT] [PATCH] net: atlantic: Fix NULL dereference of skb pointer in To: Daniil Maximov CC: "David S. Miller" , Eric Dumazet , Jakub Kicinski , Paolo Abeni , Richard Cochran , Alexei Starovoitov , Daniel Borkmann , Jesper Dangaard Brouer , John Fastabend , Taehee Yoo , Alexey Khoroshilov , , , , References: <20231204085810.1681386-1-daniil31415it@gmail.com> Content-Language: en-US From: Igor Russkikh In-Reply-To: <20231204085810.1681386-1-daniil31415it@gmail.com> Content-Type: text/plain; charset="UTF-8" Content-Transfer-Encoding: 7bit X-Proofpoint-ORIG-GUID: 4kUdbOM2gkTdP-w4txwaAiQJ8EVdSGKm X-Proofpoint-GUID: 4kUdbOM2gkTdP-w4txwaAiQJ8EVdSGKm X-Proofpoint-Virus-Version: vendor=baseguard engine=ICAP:2.0.272,Aquarius:18.0.997,Hydra:6.0.619,FMLib:17.11.176.26 definitions=2023-12-04_15,2023-12-04_01,2023-05-22_02 X-Spam-Status: No, score=-0.9 required=5.0 tests=DKIM_SIGNED,DKIM_VALID, DKIM_VALID_AU,HEADER_FROM_DIFFERENT_DOMAINS,MAILING_LIST_MULTI, SPF_HELO_NONE,SPF_PASS,T_SCC_BODY_TEXT_LINE autolearn=unavailable autolearn_force=no version=3.4.6 X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on morse.vger.email Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org X-Greylist: Sender passed SPF test, not delayed by milter-greylist-4.6.4 (morse.vger.email [0.0.0.0]); Mon, 04 Dec 2023 08:08:00 -0800 (PST) Hi Daniil, > If is_ptp_ring == true in the loop of __aq_ring_xdp_clean function, > then a timestamp is stored from a packet in a field of skb object, > which is not allocated at the moment of the call (skb == NULL). > > Generalize aq_ptp_extract_ts and other affected functions so they don't > work with struct sk_buff*, but with struct skb_shared_hwtstamps*. > > Found by Linux Verification Center (linuxtesting.org) with SVACE Thanks for finding this and working on this. Have you reproduced it in wild, or this just comes out of static analysis? I'm asking because looking into the flow you described - it looks like XDP mode should immediately fail with null pointer access on any rx traffic. But that was never reported. I will try to debug and validate the fix, but this may take some time. So for now Reviewed-by: Igor Russkikh Thanks Igor