Received: by 2002:ab2:6857:0:b0:1ef:ffd0:ce49 with SMTP id l23csp1062648lqp;
        Fri, 22 Mar 2024 04:43:16 -0700 (PDT)
X-Forwarded-Encrypted: i=3; AJvYcCWowTO6B74SBga7cckGxIT01h+U/NYMNV8COrGy1TzpuOzZS4D+HDxFlD1lAGq9WlsWVz34lEdrMvKQODH2oN0E07RcApm/7C9GMrsMiQ==
X-Google-Smtp-Source: AGHT+IHD2KD9xClZpRxrnisiHctlCoq2YpD5leKwnslGx8yDZ8Y/aza20HN24YgN14dI85FzQsVi
X-Received: by 2002:a05:6a20:72ab:b0:1a3:a638:3f66 with SMTP id o43-20020a056a2072ab00b001a3a6383f66mr1147234pzk.12.1711107796103;
        Fri, 22 Mar 2024 04:43:16 -0700 (PDT)
ARC-Seal: i=2; a=rsa-sha256; t=1711107796; cv=pass;
        d=google.com; s=arc-20160816;
        b=VL84r/G3N9iW6GjMp/6fghFvS9jLMamqfbsfk/ILhjp+xRKck7bh9ln5t5qKkrWZQi
         blw7yxNy5DmdpTdeWrRrHV3RaUIGxfWG23x2P+r6b+FRZ899Un9nCZPHVJr7DWM4gGuy
         4CUaoQB1Oy7Xqy3cqkKesk72CnZvyw5hHXeerCM/A0KRD7KLTXITxo5EBai+6ZNzrAD/
         0q+hBQvqSQnrMdE3GTOCLVPor3JLVOs45YFjvTO3CITFycceRDtBB7txOXs5rszqXi02
         q7vJGtnSGQfTlH1Ry3Bu5RbP8RHvRKWgLUf4AY5Fs50wwEJct0FBtuADu79GRY/YFSmG
         f6fg==
ARC-Message-Signature: i=2; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816;
        h=in-reply-to:content-transfer-encoding:content-disposition
         :mime-version:list-unsubscribe:list-subscribe:list-id:precedence
         :references:message-id:subject:cc:to:from:date:dkim-signature;
        bh=vx2AzG9KKFCZEkOD8Q/aF/lFCxq5jhVzkOOJYhYVE5M=;
        fh=oetQ92S+jddILMkUmeNnYAuJ3Eq8dkX7CYDv3Rba9Mw=;
        b=GwiZPAOYSul34MA8bxJb5TJLERcIBh2IeiGq9URxSuHsS8kD6d2KEZUspT9L5OeDOe
         DszjxkCQjw6HDN5+0hHynjer1oqKFCMlN7t8wmi8PnnpX4pmX2yqn4adZXNPnNNCCob5
         hHGRUfI+9vo2THcLza0OK+WE/QSFvy/aHnQkqd5du0YXOD56hXPiMDWY3YChAziOkSHR
         VVEXq4pLAGkyhwz4Qip0dQZ8O/kzR0W3kVQ6CuhDq6anXJCE0R0OtctaSiPKo3A/2gf9
         BrMRuSC1iyPI3N5AWz6J2Gzz56UJpWd8HJBw1+cvnle6g+Cli1Dc6euFsp+dnbpOaXsM
         iyWg==;
        dara=google.com
ARC-Authentication-Results: i=2; mx.google.com;
       dkim=pass header.i=@kernel.org header.s=k20201202 header.b=ik50+Tid;
       arc=pass (i=1 dkim=pass dkdomain=kernel.org);
       spf=pass (google.com: domain of linux-kernel+bounces-111374-linux.lists.archive=gmail.com@vger.kernel.org designates 2604:1380:40f1:3f00::1 as permitted sender) smtp.mailfrom="linux-kernel+bounces-111374-linux.lists.archive=gmail.com@vger.kernel.org";
       dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=kernel.org
Return-Path: <linux-kernel+bounces-111374-linux.lists.archive=gmail.com@vger.kernel.org>
Received: from sy.mirrors.kernel.org (sy.mirrors.kernel.org. [2604:1380:40f1:3f00::1])
        by mx.google.com with ESMTPS id y20-20020a170902e19400b001dd6bd1ba2dsi1669844pla.193.2024.03.22.04.43.15
        for <linux.lists.archive@gmail.com>
        (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256);
        Fri, 22 Mar 2024 04:43:16 -0700 (PDT)
Received-SPF: pass (google.com: domain of linux-kernel+bounces-111374-linux.lists.archive=gmail.com@vger.kernel.org designates 2604:1380:40f1:3f00::1 as permitted sender) client-ip=2604:1380:40f1:3f00::1;
Authentication-Results: mx.google.com;
       dkim=pass header.i=@kernel.org header.s=k20201202 header.b=ik50+Tid;
       arc=pass (i=1 dkim=pass dkdomain=kernel.org);
       spf=pass (google.com: domain of linux-kernel+bounces-111374-linux.lists.archive=gmail.com@vger.kernel.org designates 2604:1380:40f1:3f00::1 as permitted sender) smtp.mailfrom="linux-kernel+bounces-111374-linux.lists.archive=gmail.com@vger.kernel.org";
       dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=kernel.org
Received: from smtp.subspace.kernel.org (wormhole.subspace.kernel.org [52.25.139.140])
	(using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
	(No client certificate requested)
	by sy.mirrors.kernel.org (Postfix) with ESMTPS id 09DD2B22320
	for <linux.lists.archive@gmail.com>; Fri, 22 Mar 2024 11:41:30 +0000 (UTC)
Received: from localhost.localdomain (localhost.localdomain [127.0.0.1])
	by smtp.subspace.kernel.org (Postfix) with ESMTP id 8FD1C3F9D9;
	Fri, 22 Mar 2024 11:41:20 +0000 (UTC)
Authentication-Results: smtp.subspace.kernel.org;
	dkim=pass (2048-bit key) header.d=kernel.org header.i=@kernel.org header.b="ik50+Tid"
Received: from smtp.kernel.org (aws-us-west-2-korg-mail-1.web.codeaurora.org [10.30.226.201])
	(using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
	(No client certificate requested)
	by smtp.subspace.kernel.org (Postfix) with ESMTPS id B3EA517564;
	Fri, 22 Mar 2024 11:41:19 +0000 (UTC)
Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=10.30.226.201
ARC-Seal:i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116;
	t=1711107679; cv=none; b=S/rbW1hb3ylq63bTZ9X9YPcHTyytMmqwxLX0nrXEPScWPU7A4yK3O/0uENRSCYlOdw6ZAkKgZXtFvr0/1onlduFa+cvBZj90zSkZhERfgG5CydgKowDu6P5IIWIoECinja/MTR0NE92eBlaUesvufzUM91LGy1tN7esLfG9lQvg=
ARC-Message-Signature:i=1; a=rsa-sha256; d=subspace.kernel.org;
	s=arc-20240116; t=1711107679; c=relaxed/simple;
	bh=LF2rr9dOfpEZuuPPXmvnPc6f8+IaaJWMgYsu8binxPo=;
	h=Date:From:To:Cc:Subject:Message-ID:References:MIME-Version:
	 Content-Type:Content-Disposition:In-Reply-To; b=rSiYUfRSQbOhMOXwrW9c3VQyVCe/YZrGly9B9ytm0jeABlD6YNSHhPXbllwW8wSf/X5FWsIKaumj2QLdNY4d2zbDvY2DHslCdZVhFCqDCcRgualTgmGP9XN/oADaMC4Q2p5O8olyQtDso251BM7qZMIVSE1+H5KgXdA8/DX+WIU=
ARC-Authentication-Results:i=1; smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=kernel.org header.i=@kernel.org header.b=ik50+Tid; arc=none smtp.client-ip=10.30.226.201
Received: by smtp.kernel.org (Postfix) with ESMTPSA id 8858CC433C7;
	Fri, 22 Mar 2024 11:41:17 +0000 (UTC)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org;
	s=k20201202; t=1711107679;
	bh=LF2rr9dOfpEZuuPPXmvnPc6f8+IaaJWMgYsu8binxPo=;
	h=Date:From:To:Cc:Subject:References:In-Reply-To:From;
	b=ik50+Tid+IK1cuGjNPX272PhSxzPR9jT24fFkvLmo3GWTuS5DKQIuKnQhRqcUwDdg
	 2R9X6ilqTc5Kb8nWL29j5GJtA+DVqsRNXPHUHg9/2uZiaBtiT7nknbvSHwBFJTxR/T
	 YxQUOl1eL2DWupnzUon8IDpAo5hNoz58YUb8tnAaSmULOQVQTes9UlMeNqNpxAZtT7
	 KC5qFgOhLUYLJ5O3kgMhLpOnO5wRNdyR6joTx96nrgeV61X4bTAwZ7D2J7RpZ6GGNJ
	 y5tMlsgPA5yVeNSkaWhIW4QAtbrX4vlZOGymzjb+JIH8oUEgOTIz9890u7HRCsWi4j
	 NXTHG1lAiqKMQ==
Date: Fri, 22 Mar 2024 11:41:15 +0000
From: Simon Horman <horms@kernel.org>
To: Eric Dumazet <edumazet@google.com>
Cc: Anastasia Belova <abelova@astralinux.ru>,
	"David S. Miller" <davem@davemloft.net>,
	Jakub Kicinski <kuba@kernel.org>, Jiri Pirko <jiri@resnulli.us>,
	netdev@vger.kernel.org, linux-kernel@vger.kernel.org,
	lvc-project@linuxtesting.org
Subject: Re: [PATCH v2] flow_dissector: prevent NULL pointer dereference in
 __skb_flow_dissect
Message-ID: <20240322114115.GB372561@kernel.org>
References: <Zfrmv4u0tVcYGS5n@nanopsycho>
 <20240321123446.7012-1-abelova@astralinux.ru>
 <CANn89iK1SO32Zggz5fh4J=NmrVW5RjkdbxJ+-ULP8ysmKXLGvg@mail.gmail.com>
Precedence: bulk
X-Mailing-List: linux-kernel@vger.kernel.org
List-Id: <linux-kernel.vger.kernel.org>
List-Subscribe: <mailto:linux-kernel+subscribe@vger.kernel.org>
List-Unsubscribe: <mailto:linux-kernel+unsubscribe@vger.kernel.org>
MIME-Version: 1.0
Content-Type: text/plain; charset=utf-8
Content-Disposition: inline
Content-Transfer-Encoding: 8bit
In-Reply-To: <CANn89iK1SO32Zggz5fh4J=NmrVW5RjkdbxJ+-ULP8ysmKXLGvg@mail.gmail.com>

On Thu, Mar 21, 2024 at 06:16:30PM +0100, Eric Dumazet wrote:
> On Thu, Mar 21, 2024 at 1:35 PM Anastasia Belova <abelova@astralinux.ru> wrote:
> >
> > skb is an optional parameter, so it may be NULL.
> > Add check defore dereference in eth_hdr.
> >
> > Found by Linux Verification Center (linuxtesting.org) with SVACE.
> >
> > Fixes: 690e36e726d0 ("net: Allow raw buffers to be passed into the flow dissector.")
> > Signed-off-by: Anastasia Belova <abelova@astralinux.ru>
> > ---
> >  net/core/flow_dissector.c | 2 ++
> >  1 file changed, 2 insertions(+)
> >
> > diff --git a/net/core/flow_dissector.c b/net/core/flow_dissector.c
> > index 272f09251343..68a8228ffae3 100644
> > --- a/net/core/flow_dissector.c
> > +++ b/net/core/flow_dissector.c
> > @@ -1139,6 +1139,8 @@ bool __skb_flow_dissect(const struct net *net,
> >
> >         if (dissector_uses_key(flow_dissector,
> >                                FLOW_DISSECTOR_KEY_ETH_ADDRS)) {
> > +               if (!skb)
> > +                       goto out_bad;
> >                 struct ethhdr *eth = eth_hdr(skb);
> >                 struct flow_dissector_key_eth_addrs *key_eth_addrs;
> >
> 
> 
> I think you ignored my prior feedback.
> 
> In which case can we go to this point with skb == NULL ?
> How come nobody complained of crashes here ?
> 
> I think we need to know if adding code here is useful or not.
> 
> You have to understand that a patch like this might need days of work
> from various teams in the world,
> flooded by questionable CVE.

Hi Eric and Anastasia,

I have conducted a review of the callers of __skb_flow_dissect()
that I could find in net-next and my conclusion is that, given
current usage, the code path above will not be hit with a NULL skb.

A summary of the analysis is as follows.

bond_flow_dissect:
- Analysis: skb parameter may be NULL but FLOW_DISSECTOR_KEY_ETH_ADDRS
  is not included in flow_keys_bonding_keys
- Conclusion: Code path in question is not hit for this user

skb_flow_dissect:
skb_flow_dissect_flow_keys:
fib6_rules_early_flow_dissect:
fib4_rules_early_flow_dissect:
__skb_get_hash_symmetric:
- Analysis: data parameter is NULL, which means that skb must be non-NULL
  else a crash would occur in the following code near the top of
  __skb_flow_dissect().
	if (!data) {
		data = skb->data;
- Conclusion: Calling eth_hdr(skb) is safe for these users

Assuming my analysis is correct (please check!) then
as this code is in the fast path for many users I think it is best
not to add this unnecessary check (which I assume is Eric's concern too).