Re: [PATCH] ipv6: ensure message length for raw socket is at least sizeof(ipv6hdr)

From: David Miller
Date: Tue Apr 25 2017 - 13:55:57 EST

Next message: Dmitry Safonov: "Re: [PATCH] ARM/shmem: Drop page coloring align for non-VIPT CPUs"
Previous message: Samuel Sieb: "Re: AMD IOMMU causing filesystem corruption"
In reply to: Alexander Potapenko: "[PATCH] ipv6: ensure message length for raw socket is at least sizeof(ipv6hdr)"
Next in thread: Eric Dumazet: "Re: [PATCH] ipv6: ensure message length for raw socket is at least sizeof(ipv6hdr)"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

From: Alexander Potapenko <glider@xxxxxxxxxx>
Date: Tue, 25 Apr 2017 15:18:27 +0200

> rawv6_send_hdrinc() expects that the buffer copied from the userspace
> contains the IPv6 header, so if too few bytes are copied parts of the
> header may remain uninitialized.
>
> This bug has been detected with KMSAN.
>
> Signed-off-by: Alexander Potapenko <glider@xxxxxxxxxx>

Hmmm, ipv4 seems to lack this check as well.

I think we need to be careful here and fully understand why KMSAN doesn't
seem to be triggering in the ipv4 case but for ipv6 it is before I apply
this.

Thanks.

Next message: Dmitry Safonov: "Re: [PATCH] ARM/shmem: Drop page coloring align for non-VIPT CPUs"
Previous message: Samuel Sieb: "Re: AMD IOMMU causing filesystem corruption"
In reply to: Alexander Potapenko: "[PATCH] ipv6: ensure message length for raw socket is at least sizeof(ipv6hdr)"
Next in thread: Eric Dumazet: "Re: [PATCH] ipv6: ensure message length for raw socket is at least sizeof(ipv6hdr)"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]