Kernel/linux-stable
1
0
Fork 0
mirror of https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git synced 2025-01-04 04:06:26 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity
cdd0b9132d
linux-stable/net/ipv4
History
Kuniyuki Iwashima cdd0b9132d ip: Return drop reason if in_dev is NULL in ip_route_input_rcu(). 
syzkaller reported a warning in __sk_skb_reason_drop().

Commit 61b95c70f3 ("net: ip: make ip_route_input_rcu() return
drop reasons") missed a path where -EINVAL is returned.

Then, the cited commit started to trigger the warning with the
invalid error.

Let's fix it by returning SKB_DROP_REASON_NOT_SPECIFIED.

[0]:
WARNING: CPU: 0 PID: 10 at net/core/skbuff.c:1216 __sk_skb_reason_drop net/core/skbuff.c:1216 [inline]
WARNING: CPU: 0 PID: 10 at net/core/skbuff.c:1216 sk_skb_reason_drop+0x97/0x1b0 net/core/skbuff.c:1241
Modules linked in:
CPU: 0 UID: 0 PID: 10 Comm: kworker/0:1 Not tainted 6.12.0-10686-gbb18265c3aba #10 1c308307628619808b5a4a0495c4aab5637b0551
Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS rel-1.16.3-0-ga6ed6b701f0a-prebuilt.qemu.org 04/01/2014
Workqueue: wg-crypt-wg2 wg_packet_decrypt_worker
RIP: 0010:__sk_skb_reason_drop net/core/skbuff.c:1216 [inline]
RIP: 0010:sk_skb_reason_drop+0x97/0x1b0 net/core/skbuff.c:1241
Code: 5d 41 5c 41 5d 41 5e e9 e7 9e 95 fd e8 e2 9e 95 fd 31 ff 44 89 e6 e8 58 a1 95 fd 45 85 e4 0f 85 a2 00 00 00 e8 ca 9e 95 fd 90 <0f> 0b 90 e8 c1 9e 95 fd 44 89 e6 bf 01 00 00 00 e8 34 a1 95 fd 41
RSP: 0018:ffa0000000007650 EFLAGS: 00010246
RAX: 0000000000000000 RBX: 000000000000ffff RCX: ffffffff83bc3592
RDX: ff110001002a0000 RSI: ffffffff83bc34d6 RDI: 0000000000000007
RBP: ff11000109ee85f0 R08: 0000000000000001 R09: ffe21c00213dd0da
R10: 000000000000ffff R11: 0000000000000000 R12: 00000000ffffffea
R13: 0000000000000000 R14: ff11000109ee86d4 R15: ff11000109ee8648
FS:  0000000000000000(0000) GS:ff1100011a000000(0000) knlGS:0000000000000000
CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 0000000020177000 CR3: 0000000108a3d006 CR4: 0000000000771ef0
DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
DR3: 0000000000000000 DR6: 00000000fffe07f0 DR7: 0000000000000600
PKRU: 55555554
Call Trace:
 <IRQ>
 kfree_skb_reason include/linux/skbuff.h:1263 [inline]
 ip_rcv_finish_core.constprop.0+0x896/0x2320 net/ipv4/ip_input.c:424
 ip_list_rcv_finish.constprop.0+0x1b2/0x710 net/ipv4/ip_input.c:610
 ip_sublist_rcv net/ipv4/ip_input.c:636 [inline]
 ip_list_rcv+0x34a/0x460 net/ipv4/ip_input.c:670
 __netif_receive_skb_list_ptype net/core/dev.c:5715 [inline]
 __netif_receive_skb_list_core+0x536/0x900 net/core/dev.c:5762
 __netif_receive_skb_list net/core/dev.c:5814 [inline]
 netif_receive_skb_list_internal+0x77c/0xdc0 net/core/dev.c:5905
 gro_normal_list include/net/gro.h:515 [inline]
 gro_normal_list include/net/gro.h:511 [inline]
 napi_complete_done+0x219/0x8c0 net/core/dev.c:6256
 wg_packet_rx_poll+0xbff/0x1e40 drivers/net/wireguard/receive.c:488
 __napi_poll.constprop.0+0xb3/0x530 net/core/dev.c:6877
 napi_poll net/core/dev.c:6946 [inline]
 net_rx_action+0x9eb/0xe30 net/core/dev.c:7068
 handle_softirqs+0x1ac/0x740 kernel/softirq.c:554
 do_softirq kernel/softirq.c:455 [inline]
 do_softirq+0x48/0x80 kernel/softirq.c:442
 </IRQ>
 <TASK>
 __local_bh_enable_ip+0xed/0x110 kernel/softirq.c:382
 spin_unlock_bh include/linux/spinlock.h:396 [inline]
 ptr_ring_consume_bh include/linux/ptr_ring.h:367 [inline]
 wg_packet_decrypt_worker+0x3ba/0x580 drivers/net/wireguard/receive.c:499
 process_one_work+0x940/0x1a70 kernel/workqueue.c:3229
 process_scheduled_works kernel/workqueue.c:3310 [inline]
 worker_thread+0x639/0xe30 kernel/workqueue.c:3391
 kthread+0x283/0x350 kernel/kthread.c:389
 ret_from_fork+0x45/0x80 arch/x86/kernel/process.c:147
 ret_from_fork_asm+0x11/0x20 arch/x86/entry/entry_64.S:244
 </TASK>

Fixes: 82d9983ebe ("net: ip: make ip_route_input_noref() return drop reasons")
Reported-by: syzkaller <syzkaller@googlegroups.com>
Signed-off-by: Kuniyuki Iwashima <kuniyu@amazon.com>
Reviewed-by: David Ahern <dsahern@kernel.org>
Link: https://patch.msgid.link/20241206020715.80207-1-kuniyu@amazon.com
Signed-off-by: Jakub Kicinski <kuba@kernel.org>
2024-12-07 17:55:37 -08:00
..
netfilter netfilter: nf_dup4: Convert nf_dup_ipv4_route() to dscp_t. 2024-11-15 11:00:29 +01:00
af_inet.c net: inet: do not leave a dangling sk pointer in inet_create() 2024-10-15 18:43:08 -07:00
ah4.c
arp.c neighbour: Remove bare neighbour::next pointer 2024-11-09 13:22:57 -08:00
bpf_tcp_ca.c bpf: Check unsupported ops from the bpf_struct_ops's cfi_stubs 2024-07-29 12:54:13 -07:00
cipso_ipv4.c move asm/unaligned.h to linux/unaligned.h 2024-10-02 17:23:23 -04:00
datagram.c
devinet.c net: convert to nla_get_*_default() 2024-11-11 10:32:06 -08:00
esp4_offload.c xfrm: Add an inbound percpu state cache. 2024-10-29 11:56:18 +01:00
esp4.c net: support non paged skb frags 2024-09-11 20:44:31 -07:00
fib_frontend.c net: ip: fix unexpected return in fib_validate_source() 2024-11-18 18:57:00 -08:00
fib_lookup.h
fib_notifier.c net: do not acquire rtnl in fib_seq_sum() 2024-10-11 15:35:05 -07:00
fib_rules.c ipv4: use READ_ONCE()/WRITE_ONCE() on net->ipv4.fib_seq 2024-10-11 15:35:05 -07:00
fib_semantics.c ipv4: remove fib_info_devhash[] 2024-10-07 16:46:27 -07:00
fib_trie.c ipv4: replace call_rcu by kfree_rcu for simple kmem_cache_free callback 2024-10-15 10:50:21 -07:00
fou_bpf.c ip_tunnel: convert __be16 tunnel flags to bitmaps 2024-04-01 10:49:28 +01:00
fou_core.c fou: fix initialization of grc 2024-09-09 17:21:47 -07:00
fou_nl.c tools: ynl-gen: use big-endian netlink attribute types 2024-10-22 15:33:24 +02:00
fou_nl.h
gre_demux.c ip_tunnel: convert __be16 tunnel flags to bitmaps 2024-04-01 10:49:28 +01:00
gre_offload.c net: gro: rename skb_gro_header_hard() 2024-03-05 13:30:11 +01:00
icmp.c net: Fix icmp host relookup triggering ip_rt_bug 2024-11-30 14:17:10 -08:00
igmp.c net: ipv4: igmp: optimize ____ip_mc_inc_group() using mc_hash 2024-10-09 12:50:11 +01:00
inet_connection_sock.c tcp: Fix use-after-free of nreq in reqsk_timer_handler(). 2024-11-28 09:48:00 +01:00
inet_diag.c tcp: annotate data-races around icsk->icsk_pending 2024-10-04 15:34:39 -07:00
inet_fragment.c net: Rename mono_delivery_time to tstamp_type for scalabilty 2024-05-23 14:14:23 -07:00
inet_hashtables.c inet: constify 'struct net' parameter of various lookup helpers 2024-08-05 16:22:45 -07:00
inet_timewait_sock.c tcp: move inet_twsk_schedule helper out of header 2024-06-10 11:54:18 +01:00
inetpeer.c inetpeer: replace call_rcu by kfree_rcu for simple kmem_cache_free callback 2024-10-15 10:50:21 -07:00
ip_forward.c
ip_fragment.c net: ip: make ip_route_input_noref() return drop reasons 2024-11-12 11:24:51 +01:00
ip_gre.c ipv4: ip_gre: Fix drops of small packets in ipgre_xmit 2024-10-01 13:04:03 +02:00
ip_input.c net: ip: make ip_route_use_hint() return drop reasons 2024-11-12 11:24:51 +01:00
ip_options.c net: ip: make ip_route_input() return drop reasons 2024-11-12 11:24:51 +01:00
ip_output.c ipv4: tcp: give socket pointer to control skbs 2024-10-14 17:39:37 -07:00
ip_sockglue.c inet: Add getsockopt support for IP_ROUTER_ALERT and IPV6_ROUTER_ALERT 2024-03-06 12:37:06 +00:00
ip_tunnel_core.c ip_tunnel: convert __be16 tunnel flags to bitmaps 2024-04-01 10:49:28 +01:00
ip_tunnel.c ipv4: ip_tunnel: Fix suspicious RCU usage warning in ip_tunnel_find() 2024-10-29 11:12:53 -07:00
ip_vti.c netdev_features: convert NETIF_F_LLTX to dev->lltx 2024-09-03 11:36:43 +02:00
ipcomp.c
ipconfig.c
ipip.c netdev_features: convert NETIF_F_LLTX to dev->lltx 2024-09-03 11:36:43 +02:00
ipmr_base.c ipmr: Fix access to mfc_cache_list without lock held 2024-11-13 19:09:42 -08:00
ipmr.c ipmr: tune the ipmr_can_free_table() checks. 2024-12-04 18:49:16 -08:00
Kconfig net/tcp: Expand goo.gl link 2024-07-30 18:35:12 -07:00
Makefile
metrics.c net: remove NULL-pointer net parameter in ip_metrics_convert 2024-06-05 10:06:00 +01:00
netfilter.c netfilter: ipv4: Convert ip_route_me_harder() to dscp_t. 2024-11-15 11:00:29 +01:00
netlink.c
nexthop.c net: convert to nla_get_*_default() 2024-11-11 10:32:06 -08:00
ping.c ping: use sk_skb_reason_drop to free rx packets 2024-06-19 12:44:22 +01:00
proc.c minmax: add a few more MIN_T/MAX_T users 2024-07-28 13:41:14 -07:00
protocol.c
raw_diag.c
raw.c net_tstamp: add SCM_TS_OPT_ID for RAW sockets 2024-10-04 11:52:19 -07:00
route.c ip: Return drop reason if in_dev is NULL in ip_route_input_rcu(). 2024-12-07 17:55:37 -08:00
syncookies.c tcp: use sk_skb_reason_drop to free rx packets 2024-06-19 12:44:22 +01:00
sysctl_net_ipv4.c icmp: icmp_msgs_per_sec and icmp_msgs_burst sysctls become per netns 2024-08-30 11:14:06 -07:00
tcp_ao.c net/tcp: Add missing lockdep annotations for TCP-AO hlist traversals 2024-11-03 12:10:11 -08:00
tcp_bbr.c tcp: Add new args for cong_control in tcp_congestion_ops 2024-05-02 16:26:56 -07:00
tcp_bic.c
tcp_bpf.c bpf: fix filed access without lock 2024-10-29 10:54:05 -07:00
tcp_cdg.c
tcp_cong.c tcp: only release congestion control if it has been initialized 2024-10-31 18:22:48 -07:00
tcp_cubic.c bpf: Remove CONFIG_X86 and CONFIG_DYNAMIC_FTRACE guard from the tcp-cc kfuncs 2024-03-28 18:31:40 -07:00
tcp_dctcp.c tcp: Fix shift-out-of-bounds in dctcp_update_alpha(). 2024-05-21 13:34:50 +02:00
tcp_dctcp.h
tcp_diag.c
tcp_fastopen.c net: use unrcu_pointer() helper 2024-06-06 11:52:52 +02:00
tcp_highspeed.c
tcp_htcp.c tcp: Use clamp() in htcp_alpha_update() 2024-08-06 12:16:25 -07:00
tcp_hybla.c
tcp_illinois.c
tcp_input.c net: tcp: Add noinline_for_tracing annotation for tcp_drop_reason() 2024-11-03 09:02:32 -08:00
tcp_ipv4.c net/tcp: Add missing lockdep annotations for TCP-AO hlist traversals 2024-11-03 12:10:11 -08:00
tcp_lp.c
tcp_metrics.c tcp_metrics: use netlink policy for IPv6 addr len validation 2024-08-19 17:42:57 -07:00
tcp_minisocks.c tcp: populate XPS related fields of timewait sockets 2024-11-30 13:00:52 -08:00
tcp_nv.c
tcp_offload.c net: gso: fix tcp fraglist segmentation after pull from frag_list 2024-10-02 17:21:47 -07:00
tcp_output.c tcp: add more warn of socket in tcp_send_loss_probe() 2024-10-30 13:26:55 +00:00
tcp_plb.c
tcp_rate.c
tcp_recovery.c
tcp_scalable.c
tcp_sigpool.c net/tcp_sigpool: Use nested-BH locking for sigpool_scratch. 2024-06-24 16:41:22 -07:00
tcp_timer.c net: tcp: refresh tcp_mstamp for compressed ack in timer 2024-10-07 16:01:39 -07:00
tcp_ulp.c
tcp_vegas.c
tcp_vegas.h
tcp_veno.c
tcp_westwood.c
tcp_yeah.c
tcp.c tcp: only release congestion control if it has been initialized 2024-10-31 18:22:48 -07:00
tunnel4.c
udp_bpf.c
udp_diag.c
udp_impl.h
udp_offload.c gso: fix udp gso fraglist segmentation after pull from frag_list 2024-10-02 17:29:31 -07:00
udp_tunnel_core.c ipv4: udp_tunnel: Unmask upper DSCP bits in udp_tunnel_dst_lookup() 2024-09-09 14:14:53 +01:00
udp_tunnel_nic.c
udp_tunnel_stub.c
udp.c Revert "udp: avoid calling sock_def_readable() if possible" 2024-12-03 18:41:10 -08:00
udplite.c
xfrm4_input.c ipv4: Convert ip_route_input_noref() to dscp_t. 2024-10-03 16:21:21 -07:00
xfrm4_output.c
xfrm4_policy.c xfrm: Convert struct xfrm_dst_lookup_params -> tos to dscp_t. 2024-11-06 12:42:51 +01:00
xfrm4_protocol.c ipv4: Convert ip_route_input_noref() to dscp_t. 2024-10-03 16:21:21 -07:00
xfrm4_state.c
xfrm4_tunnel.c