Re: [PATCH AUTOSEL 5.3 12/33] blackhole_netdev: fix syzkaller reported issue

From: Sasha Levin
Date: Fri Oct 25 2019 - 11:49:10 EST


On Fri, Oct 25, 2019 at 09:54:44AM -0400, Sasha Levin wrote:
From: Mahesh Bandewar <maheshb@xxxxxxxxxx>

[ Upstream commit b0818f80c8c1bc215bba276bd61c216014fab23b ]

While invalidating the dst, we assign backhole_netdev instead of
loopback device. However, this device does not have idev pointer
and hence no ip6_ptr even if IPv6 is enabled. Possibly this has
triggered the syzbot reported crash.

The syzbot report does not have reproducer, however, this is the
only device that doesn't have matching idev created.

Crash instruction is :

static inline bool ip6_ignore_linkdown(const struct net_device *dev)
{
const struct inet6_dev *idev = __in6_dev_get(dev);

return !!idev->cnf.ignore_routes_with_linkdown; <= crash
}

Also ipv6 always assumes presence of idev and never checks for it
being NULL (as does the above referenced code). So adding a idev
for the blackhole_netdev to avoid this class of crashes in the future.

Signed-off-by: David S. Miller <davem@xxxxxxxxxxxxx>
Signed-off-by: Sasha Levin <sashal@xxxxxxxxxx>

I've dropped this patch.

--
Thanks,
Sasha