Received: by 2002:ab2:6857:0:b0:1ef:ffd0:ce49 with SMTP id l23csp1062648lqp; Fri, 22 Mar 2024 04:43:16 -0700 (PDT) X-Forwarded-Encrypted: i=3; AJvYcCWowTO6B74SBga7cckGxIT01h+U/NYMNV8COrGy1TzpuOzZS4D+HDxFlD1lAGq9WlsWVz34lEdrMvKQODH2oN0E07RcApm/7C9GMrsMiQ== X-Google-Smtp-Source: AGHT+IHD2KD9xClZpRxrnisiHctlCoq2YpD5leKwnslGx8yDZ8Y/aza20HN24YgN14dI85FzQsVi X-Received: by 2002:a05:6a20:72ab:b0:1a3:a638:3f66 with SMTP id o43-20020a056a2072ab00b001a3a6383f66mr1147234pzk.12.1711107796103; Fri, 22 Mar 2024 04:43:16 -0700 (PDT) ARC-Seal: i=2; a=rsa-sha256; t=1711107796; cv=pass; d=google.com; s=arc-20160816; b=VL84r/G3N9iW6GjMp/6fghFvS9jLMamqfbsfk/ILhjp+xRKck7bh9ln5t5qKkrWZQi blw7yxNy5DmdpTdeWrRrHV3RaUIGxfWG23x2P+r6b+FRZ899Un9nCZPHVJr7DWM4gGuy 4CUaoQB1Oy7Xqy3cqkKesk72CnZvyw5hHXeerCM/A0KRD7KLTXITxo5EBai+6ZNzrAD/ 0q+hBQvqSQnrMdE3GTOCLVPor3JLVOs45YFjvTO3CITFycceRDtBB7txOXs5rszqXi02 q7vJGtnSGQfTlH1Ry3Bu5RbP8RHvRKWgLUf4AY5Fs50wwEJct0FBtuADu79GRY/YFSmG f6fg== ARC-Message-Signature: i=2; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=in-reply-to:content-transfer-encoding:content-disposition :mime-version:list-unsubscribe:list-subscribe:list-id:precedence :references:message-id:subject:cc:to:from:date:dkim-signature; bh=vx2AzG9KKFCZEkOD8Q/aF/lFCxq5jhVzkOOJYhYVE5M=; fh=oetQ92S+jddILMkUmeNnYAuJ3Eq8dkX7CYDv3Rba9Mw=; b=GwiZPAOYSul34MA8bxJb5TJLERcIBh2IeiGq9URxSuHsS8kD6d2KEZUspT9L5OeDOe DszjxkCQjw6HDN5+0hHynjer1oqKFCMlN7t8wmi8PnnpX4pmX2yqn4adZXNPnNNCCob5 hHGRUfI+9vo2THcLza0OK+WE/QSFvy/aHnQkqd5du0YXOD56hXPiMDWY3YChAziOkSHR VVEXq4pLAGkyhwz4Qip0dQZ8O/kzR0W3kVQ6CuhDq6anXJCE0R0OtctaSiPKo3A/2gf9 BrMRuSC1iyPI3N5AWz6J2Gzz56UJpWd8HJBw1+cvnle6g+Cli1Dc6euFsp+dnbpOaXsM iyWg==; dara=google.com ARC-Authentication-Results: i=2; mx.google.com; dkim=pass header.i=@kernel.org header.s=k20201202 header.b=ik50+Tid; arc=pass (i=1 dkim=pass dkdomain=kernel.org); spf=pass (google.com: domain of linux-kernel+bounces-111374-linux.lists.archive=gmail.com@vger.kernel.org designates 2604:1380:40f1:3f00::1 as permitted sender) smtp.mailfrom="linux-kernel+bounces-111374-linux.lists.archive=gmail.com@vger.kernel.org"; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=kernel.org Return-Path: Received: from sy.mirrors.kernel.org (sy.mirrors.kernel.org. [2604:1380:40f1:3f00::1]) by mx.google.com with ESMTPS id y20-20020a170902e19400b001dd6bd1ba2dsi1669844pla.193.2024.03.22.04.43.15 for (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Fri, 22 Mar 2024 04:43:16 -0700 (PDT) Received-SPF: pass (google.com: domain of linux-kernel+bounces-111374-linux.lists.archive=gmail.com@vger.kernel.org designates 2604:1380:40f1:3f00::1 as permitted sender) client-ip=2604:1380:40f1:3f00::1; Authentication-Results: mx.google.com; dkim=pass header.i=@kernel.org header.s=k20201202 header.b=ik50+Tid; arc=pass (i=1 dkim=pass dkdomain=kernel.org); spf=pass (google.com: domain of linux-kernel+bounces-111374-linux.lists.archive=gmail.com@vger.kernel.org designates 2604:1380:40f1:3f00::1 as permitted sender) smtp.mailfrom="linux-kernel+bounces-111374-linux.lists.archive=gmail.com@vger.kernel.org"; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=kernel.org Received: from smtp.subspace.kernel.org (wormhole.subspace.kernel.org [52.25.139.140]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by sy.mirrors.kernel.org (Postfix) with ESMTPS id 09DD2B22320 for ; Fri, 22 Mar 2024 11:41:30 +0000 (UTC) Received: from localhost.localdomain (localhost.localdomain [127.0.0.1]) by smtp.subspace.kernel.org (Postfix) with ESMTP id 8FD1C3F9D9; Fri, 22 Mar 2024 11:41:20 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=kernel.org header.i=@kernel.org header.b="ik50+Tid" Received: from smtp.kernel.org (aws-us-west-2-korg-mail-1.web.codeaurora.org [10.30.226.201]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id B3EA517564; Fri, 22 Mar 2024 11:41:19 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=10.30.226.201 ARC-Seal:i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1711107679; cv=none; b=S/rbW1hb3ylq63bTZ9X9YPcHTyytMmqwxLX0nrXEPScWPU7A4yK3O/0uENRSCYlOdw6ZAkKgZXtFvr0/1onlduFa+cvBZj90zSkZhERfgG5CydgKowDu6P5IIWIoECinja/MTR0NE92eBlaUesvufzUM91LGy1tN7esLfG9lQvg= ARC-Message-Signature:i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1711107679; c=relaxed/simple; bh=LF2rr9dOfpEZuuPPXmvnPc6f8+IaaJWMgYsu8binxPo=; h=Date:From:To:Cc:Subject:Message-ID:References:MIME-Version: Content-Type:Content-Disposition:In-Reply-To; b=rSiYUfRSQbOhMOXwrW9c3VQyVCe/YZrGly9B9ytm0jeABlD6YNSHhPXbllwW8wSf/X5FWsIKaumj2QLdNY4d2zbDvY2DHslCdZVhFCqDCcRgualTgmGP9XN/oADaMC4Q2p5O8olyQtDso251BM7qZMIVSE1+H5KgXdA8/DX+WIU= ARC-Authentication-Results:i=1; smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=kernel.org header.i=@kernel.org header.b=ik50+Tid; arc=none smtp.client-ip=10.30.226.201 Received: by smtp.kernel.org (Postfix) with ESMTPSA id 8858CC433C7; Fri, 22 Mar 2024 11:41:17 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org; s=k20201202; t=1711107679; bh=LF2rr9dOfpEZuuPPXmvnPc6f8+IaaJWMgYsu8binxPo=; h=Date:From:To:Cc:Subject:References:In-Reply-To:From; b=ik50+Tid+IK1cuGjNPX272PhSxzPR9jT24fFkvLmo3GWTuS5DKQIuKnQhRqcUwDdg 2R9X6ilqTc5Kb8nWL29j5GJtA+DVqsRNXPHUHg9/2uZiaBtiT7nknbvSHwBFJTxR/T YxQUOl1eL2DWupnzUon8IDpAo5hNoz58YUb8tnAaSmULOQVQTes9UlMeNqNpxAZtT7 KC5qFgOhLUYLJ5O3kgMhLpOnO5wRNdyR6joTx96nrgeV61X4bTAwZ7D2J7RpZ6GGNJ y5tMlsgPA5yVeNSkaWhIW4QAtbrX4vlZOGymzjb+JIH8oUEgOTIz9890u7HRCsWi4j NXTHG1lAiqKMQ== Date: Fri, 22 Mar 2024 11:41:15 +0000 From: Simon Horman To: Eric Dumazet Cc: Anastasia Belova , "David S. Miller" , Jakub Kicinski , Jiri Pirko , netdev@vger.kernel.org, linux-kernel@vger.kernel.org, lvc-project@linuxtesting.org Subject: Re: [PATCH v2] flow_dissector: prevent NULL pointer dereference in __skb_flow_dissect Message-ID: <20240322114115.GB372561@kernel.org> References: <20240321123446.7012-1-abelova@astralinux.ru> Precedence: bulk X-Mailing-List: linux-kernel@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Disposition: inline Content-Transfer-Encoding: 8bit In-Reply-To: On Thu, Mar 21, 2024 at 06:16:30PM +0100, Eric Dumazet wrote: > On Thu, Mar 21, 2024 at 1:35 PM Anastasia Belova wrote: > > > > skb is an optional parameter, so it may be NULL. > > Add check defore dereference in eth_hdr. > > > > Found by Linux Verification Center (linuxtesting.org) with SVACE. > > > > Fixes: 690e36e726d0 ("net: Allow raw buffers to be passed into the flow dissector.") > > Signed-off-by: Anastasia Belova > > --- > > net/core/flow_dissector.c | 2 ++ > > 1 file changed, 2 insertions(+) > > > > diff --git a/net/core/flow_dissector.c b/net/core/flow_dissector.c > > index 272f09251343..68a8228ffae3 100644 > > --- a/net/core/flow_dissector.c > > +++ b/net/core/flow_dissector.c > > @@ -1139,6 +1139,8 @@ bool __skb_flow_dissect(const struct net *net, > > > > if (dissector_uses_key(flow_dissector, > > FLOW_DISSECTOR_KEY_ETH_ADDRS)) { > > + if (!skb) > > + goto out_bad; > > struct ethhdr *eth = eth_hdr(skb); > > struct flow_dissector_key_eth_addrs *key_eth_addrs; > > > > > I think you ignored my prior feedback. > > In which case can we go to this point with skb == NULL ? > How come nobody complained of crashes here ? > > I think we need to know if adding code here is useful or not. > > You have to understand that a patch like this might need days of work > from various teams in the world, > flooded by questionable CVE. Hi Eric and Anastasia, I have conducted a review of the callers of __skb_flow_dissect() that I could find in net-next and my conclusion is that, given current usage, the code path above will not be hit with a NULL skb. A summary of the analysis is as follows. bond_flow_dissect: - Analysis: skb parameter may be NULL but FLOW_DISSECTOR_KEY_ETH_ADDRS is not included in flow_keys_bonding_keys - Conclusion: Code path in question is not hit for this user skb_flow_dissect: skb_flow_dissect_flow_keys: fib6_rules_early_flow_dissect: fib4_rules_early_flow_dissect: __skb_get_hash_symmetric: - Analysis: data parameter is NULL, which means that skb must be non-NULL else a crash would occur in the following code near the top of __skb_flow_dissect(). if (!data) { data = skb->data; - Conclusion: Calling eth_hdr(skb) is safe for these users Assuming my analysis is correct (please check!) then as this code is in the fast path for many users I think it is best not to add this unnecessary check (which I assume is Eric's concern too).