Received: by 2002:ab2:6857:0:b0:1ef:ffd0:ce49 with SMTP id l23csp387224lqp; Thu, 21 Mar 2024 04:39:56 -0700 (PDT) X-Forwarded-Encrypted: i=3; AJvYcCXxmSBcIJ9niieBgKxPndHqfVjPyvlJXQs+US0qaIMi+d30YfFzE9KBw+THjoEGwlAsoE4eMoDNoEn9yCt8sIe7HlsFESYWXekfySUkKg== X-Google-Smtp-Source: AGHT+IFDIH9bF6uBN96e7kV3wknPX6pjCfFWDZ0h4FvHbLhHiClZpw/QUFpgfWHA3fUp1AkSPkmq X-Received: by 2002:a17:90b:3652:b0:2a0:1c59:23b8 with SMTP id nh18-20020a17090b365200b002a01c5923b8mr1418436pjb.39.1711021196202; Thu, 21 Mar 2024 04:39:56 -0700 (PDT) ARC-Seal: i=2; a=rsa-sha256; t=1711021196; cv=pass; d=google.com; s=arc-20160816; b=azFMEGZO9IhZuAxh/4qjtnE8/mknT7Ez1zhdJVvxgco37pOiPFrgr2IqjJ9BgruCib W5SSsZVgtu8iuWZxPijd3LPRNvfN3inmV4qz5YazNRLW3NoJIBLREGsJJeNC9EjklT5p xW2iJQ8hA5ojegBetBYdB44CQqz/xZ8Z2bn4QxsKeOWYDZVoK6dnyvtIVvQxqwo3NhrR qTMW4nsN89u7w4AYuZY925gdupUawrJjjgIDQfNFasowcgkLrg52u+GKVOqrKQSLpsiJ kBR1YHzEdnYBGA4IgqMKkub73UAzyczY5Hpc/9VFySDKeSphZTzXzE36/orwv2VQV2CR HjIQ== ARC-Message-Signature: i=2; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=content-transfer-encoding:in-reply-to:from:references:cc:to :content-language:subject:user-agent:mime-version:list-unsubscribe :list-subscribe:list-id:precedence:date:message-id:dkim-signature :dkim-signature:dkim-signature:dkim-signature; bh=B1EI9gkxhBA49ptnSU9hxPOI/RB588le3UPlmmKJ3rY=; fh=/3mosjR5w/55ZievhQ/KAXcea8ObMNBEYvQxUYnlZK0=; b=S2FyyLw3RgD8goBjUNKmtSJazvPXXjnUASJEj/whv9SAZon9kxVhlX0NRTzQrXSMW3 PbVq/wtOog9FzzDBG0TFvCzbwxFlwRNp2OyUrPGS5W1A2U9eASwBm2Y/xZQwZ7MFleY3 GN497jc1K10nrZpskT+dnbh6Chc2PEY9R4YQUjHzMlIj44FIKTWiHBUB7LUbZNl3jaa+ WZGqCz/O7l+gAQyX8RwDMv1JagiXmJeruGNnN7qYJ/CcnWQYFlQOPCVMZPSdwDu7S7ch 3QTJd+1eeU7xad+FxFy9SOnVaszBoFTWlWlMNbR1EJwc2QfpLsQrVqEFDma/gUd67ih2 1m0g==; dara=google.com ARC-Authentication-Results: i=2; mx.google.com; dkim=pass header.i=@suse.de header.s=susede2_rsa header.b=GBGnGY7Y; dkim=neutral (no key) header.i=@suse.de header.s=susede2_ed25519 header.b=u3XlXb9O; dkim=pass header.i=@suse.de header.s=susede2_rsa header.b=vhZWhXi5; dkim=neutral (no key) header.i=@suse.de header.s=susede2_ed25519; arc=pass (i=1 spf=pass spfdomain=suse.de dkim=pass dkdomain=suse.de dkim=pass dkdomain=suse.de dmarc=pass fromdomain=suse.de); spf=pass (google.com: domain of linux-kernel+bounces-109977-linux.lists.archive=gmail.com@vger.kernel.org designates 147.75.48.161 as permitted sender) smtp.mailfrom="linux-kernel+bounces-109977-linux.lists.archive=gmail.com@vger.kernel.org"; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=suse.de Return-Path: Received: from sy.mirrors.kernel.org (sy.mirrors.kernel.org. [147.75.48.161]) by mx.google.com with ESMTPS id a4-20020a17090ad80400b0029c110de133si3411927pjv.10.2024.03.21.04.39.55 for (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Thu, 21 Mar 2024 04:39:56 -0700 (PDT) Received-SPF: pass (google.com: domain of linux-kernel+bounces-109977-linux.lists.archive=gmail.com@vger.kernel.org designates 147.75.48.161 as permitted sender) client-ip=147.75.48.161; Authentication-Results: mx.google.com; dkim=pass header.i=@suse.de header.s=susede2_rsa header.b=GBGnGY7Y; dkim=neutral (no key) header.i=@suse.de header.s=susede2_ed25519 header.b=u3XlXb9O; dkim=pass header.i=@suse.de header.s=susede2_rsa header.b=vhZWhXi5; dkim=neutral (no key) header.i=@suse.de header.s=susede2_ed25519; arc=pass (i=1 spf=pass spfdomain=suse.de dkim=pass dkdomain=suse.de dkim=pass dkdomain=suse.de dmarc=pass fromdomain=suse.de); spf=pass (google.com: domain of linux-kernel+bounces-109977-linux.lists.archive=gmail.com@vger.kernel.org designates 147.75.48.161 as permitted sender) smtp.mailfrom="linux-kernel+bounces-109977-linux.lists.archive=gmail.com@vger.kernel.org"; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=suse.de Received: from smtp.subspace.kernel.org (wormhole.subspace.kernel.org [52.25.139.140]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by sy.mirrors.kernel.org (Postfix) with ESMTPS id 63EC9B211D4 for ; Thu, 21 Mar 2024 11:39:54 +0000 (UTC) Received: from localhost.localdomain (localhost.localdomain [127.0.0.1]) by smtp.subspace.kernel.org (Postfix) with ESMTP id A2BBB59162; Thu, 21 Mar 2024 11:39:40 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; dkim=pass (1024-bit key) header.d=suse.de header.i=@suse.de header.b="GBGnGY7Y"; dkim=permerror (0-bit key) header.d=suse.de header.i=@suse.de header.b="u3XlXb9O"; dkim=pass (1024-bit key) header.d=suse.de header.i=@suse.de header.b="vhZWhXi5"; dkim=permerror (0-bit key) header.d=suse.de header.i=@suse.de header.b="hQK9qFSQ" Received: from smtp-out1.suse.de (smtp-out1.suse.de [195.135.223.130]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 1DF6E5FB81; Thu, 21 Mar 2024 11:39:37 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=195.135.223.130 ARC-Seal:i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1711021179; cv=none; b=FyUEC4ilJl77qqEZDyTsugaG/dRaIZJz2W05400rSoCp+vfLSpYT2yE5QZU6xwsHAs3vZoxQq4Q0CtpBBHd4o8lQl9jnGR6SbMqe8LwQ8Gwjv98tipxNScImSCE2ahMs3LShtO9jQRvsGpUJh17AaN4ZiMQGKG+1I8URNKdMpkw= ARC-Message-Signature:i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1711021179; c=relaxed/simple; bh=vJ791anuvB8t8GIBHGJ8C+s5alJbeJIp7vc6EwMHfHU=; h=Message-ID:Date:MIME-Version:Subject:To:Cc:References:From: In-Reply-To:Content-Type; b=Hx+50jfwboYhQ0vrV0vlCqA33JbNGOdJjwturI2dohw+BnMJNHKAns8Z12argLEUPxfkzmc6PEwa/e/ZsDVQ7H9I8dNLj1Enjtwt9JS1MtxIprKsbvrzmPHUC6y8EJCwdlEUP52/8oAZ/COhDqRIEPoZB+dDalKUizGT20nSTyA= ARC-Authentication-Results:i=1; smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=suse.de; spf=pass smtp.mailfrom=suse.de; dkim=pass (1024-bit key) header.d=suse.de header.i=@suse.de header.b=GBGnGY7Y; dkim=permerror (0-bit key) header.d=suse.de header.i=@suse.de header.b=u3XlXb9O; dkim=pass (1024-bit key) header.d=suse.de header.i=@suse.de header.b=vhZWhXi5; dkim=permerror (0-bit key) header.d=suse.de header.i=@suse.de header.b=hQK9qFSQ; arc=none smtp.client-ip=195.135.223.130 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=suse.de Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=suse.de Received: from imap1.dmz-prg2.suse.org (imap1.dmz-prg2.suse.org [10.150.64.97]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256) (No client certificate requested) by smtp-out1.suse.de (Postfix) with ESMTPS id 5A7A2372E0; Thu, 21 Mar 2024 11:39:34 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=suse.de; s=susede2_rsa; t=1711021176; h=from:from:reply-to:date:date:message-id:message-id:to:to:cc:cc: mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=B1EI9gkxhBA49ptnSU9hxPOI/RB588le3UPlmmKJ3rY=; b=GBGnGY7YmVNzKjUpQrAPaWZrciK0LYPg2kT//oFbBuL8o3U9rgDc0xDj+MkQVOiRMmkYfN DA6nFE2BX/BiVXZ8DKn7KObHa4anY/gosL0Ihtr2k1X/hgtjePDni2xfOwaH7gBraUD1XK 33FxdT0WNbO/G4d3LbBkercelQy0tMc= DKIM-Signature: v=1; a=ed25519-sha256; c=relaxed/relaxed; d=suse.de; s=susede2_ed25519; t=1711021176; h=from:from:reply-to:date:date:message-id:message-id:to:to:cc:cc: mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=B1EI9gkxhBA49ptnSU9hxPOI/RB588le3UPlmmKJ3rY=; b=u3XlXb9OrP1RAIoOVdkUVBEdfPvJVuhGO8+45th6e8EyRQIq0ozIn5aEahlodiSO1uKJcq XK0XBkT2OFBeqKAw== DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=suse.de; s=susede2_rsa; t=1711021174; h=from:from:reply-to:date:date:message-id:message-id:to:to:cc:cc: mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=B1EI9gkxhBA49ptnSU9hxPOI/RB588le3UPlmmKJ3rY=; b=vhZWhXi5BW4nPtTRBB7Ua1bTCDfez63fP5zFmO51UtrOn1yJm5t4YjAhkCo1i4MFhpanw6 nm1i4kZ3vegyxFKzBecv8WBHUO6xMdspH0p6Rb0/hXN2s7RnG5hWgI4QCmd1aCvsFtA2+E Py6e7nmShVxWdsAuK98akIVew4T6iac= DKIM-Signature: v=1; a=ed25519-sha256; c=relaxed/relaxed; d=suse.de; s=susede2_ed25519; t=1711021174; h=from:from:reply-to:date:date:message-id:message-id:to:to:cc:cc: mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=B1EI9gkxhBA49ptnSU9hxPOI/RB588le3UPlmmKJ3rY=; b=hQK9qFSQiirubEaPqhnMpJy6YUSZGkp7w/Ma5/X5Gjg0LY/5PdsjJKX+91nlsaZwH2pPPR CDmNjIFK0B+cKBBw== Received: from imap1.dmz-prg2.suse.org (localhost [127.0.0.1]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256) (No client certificate requested) by imap1.dmz-prg2.suse.org (Postfix) with ESMTPS id CA95313976; Thu, 21 Mar 2024 11:39:33 +0000 (UTC) Received: from dovecot-director2.suse.de ([2a07:de40:b281:106:10:150:64:167]) by imap1.dmz-prg2.suse.org with ESMTPSA id 3AYALnUc/GXJNQAAD6G6ig (envelope-from ); Thu, 21 Mar 2024 11:39:33 +0000 Message-ID: <01390102-200d-4d5d-9982-d7f93c8f950b@suse.de> Date: Thu, 21 Mar 2024 14:39:33 +0300 Precedence: bulk X-Mailing-List: linux-kernel@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 User-Agent: Mozilla Thunderbird Subject: Re: [PATCH] flow_dissector: prevent NULL pointer dereference in __skb_flow_dissect Content-Language: en-US To: Jiri Pirko , Anastasia Belova Cc: "David S. Miller" , Eric Dumazet , Jakub Kicinski , netdev@vger.kernel.org, linux-kernel@vger.kernel.org, lvc-project@linuxtesting.org References: <20240320125635.1444-1-abelova@astralinux.ru> From: Denis Kirjanov In-Reply-To: Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit X-Spam-Score: -4.25 X-Spamd-Result: default: False [-4.25 / 50.00]; ARC_NA(0.00)[]; RCVD_VIA_SMTP_AUTH(0.00)[]; XM_UA_NO_VERSION(0.01)[]; FROM_HAS_DN(0.00)[]; TO_DN_SOME(0.00)[]; TO_MATCH_ENVRCPT_ALL(0.00)[]; BAYES_HAM(-3.00)[100.00%]; MIME_GOOD(-0.10)[text/plain]; NEURAL_HAM_LONG(-1.00)[-1.000]; RCVD_COUNT_THREE(0.00)[3]; DKIM_SIGNED(0.00)[suse.de:s=susede2_rsa,suse.de:s=susede2_ed25519]; NEURAL_HAM_SHORT(-0.16)[-0.789]; RCPT_COUNT_SEVEN(0.00)[8]; FUZZY_BLOCKED(0.00)[rspamd.com]; FROM_EQ_ENVFROM(0.00)[]; MIME_TRACE(0.00)[0:+]; RCVD_TLS_ALL(0.00)[]; MID_RHS_MATCH_FROM(0.00)[] X-Spam-Level: Authentication-Results: smtp-out1.suse.de; none X-Spam-Flag: NO On 3/21/24 13:57, Jiri Pirko wrote: > Thu, Mar 21, 2024 at 10:36:53AM CET, abelova@astralinux.ru wrote: >> >> >> 20/03/24 16:38, Jiri Pirko пишет: >>> Wed, Mar 20, 2024 at 01:56:35PM CET, abelova@astralinux.ru wrote: >>>> skb is an optional parameter, so it may be NULL. >>>> Add check defore dereference in eth_hdr. >>>> >>>> Found by Linux Verification Center (linuxtesting.org) with SVACE. >>> Either drop this line which provides no value, or attach a link to the >>> actual report. >>> >> >> It is an established practice for our project. You can find 700+ applied >> patches with similar line: >> https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/log/?qt=grep&q=linuxtesting.org > > Okay. So would it be possible to attach a link to the actual report? > >> >> >>>> Fixes: 67a900cc0436 ("flow_dissector: introduce support for Ethernet addresses") >>> This looks incorrect. I believe that this is the offending commit: >>> commit 690e36e726d00d2528bc569809048adf61550d80 >>> Author: David S. Miller >>> Date: Sat Aug 23 12:13:41 2014 -0700 >>> >>> net: Allow raw buffers to be passed into the flow dissector. >>> >> >> Got it. Looks like it's a static checker, there is no actual bug report or kernel oops/crash >> >>> >>>> Signed-off-by: Anastasia Belova >>>> --- >>>> net/core/flow_dissector.c | 2 +- >>>> 1 file changed, 1 insertion(+), 1 deletion(-) >>>> >>>> diff --git a/net/core/flow_dissector.c b/net/core/flow_dissector.c >>>> index 272f09251343..05db3a8aa771 100644 >>>> --- a/net/core/flow_dissector.c >>>> +++ b/net/core/flow_dissector.c >>>> @@ -1137,7 +1137,7 @@ bool __skb_flow_dissect(const struct net *net, >>>> rcu_read_unlock(); >>>> } >>>> >>>> - if (dissector_uses_key(flow_dissector, >>>> + if (skb && dissector_uses_key(flow_dissector, >>>> FLOW_DISSECTOR_KEY_ETH_ADDRS)) { >>>> struct ethhdr *eth = eth_hdr(skb); >>>> struct flow_dissector_key_eth_addrs *key_eth_addrs; >>> Looks like FLOW_DISSECT_RET_OUT_BAD should be returned in case the >>> FLOW_DISSECTOR_KEY_ETH_ADDRS are selected and there is no skb, no? >> >> I agree, I'll send the second version. >> >> Anastasia Belova >> >