Re: [syzbot] WARNING in u32_change

From: Jamal Hadi Salim
Date: Sun Sep 25 2022 - 12:15:06 EST

Next message: Regzbot (on behalf of Thorsten Leemhuis): "Linux regressions report for mainline [2022-09-25]"
Previous message: Luca Weiss: "[PATCH 2/2] ARM: dts: qcom: apq8084: add tsens interrupt"
In reply to: Jamal Hadi Salim: "Re: [syzbot] WARNING in u32_change"
Next in thread: Eric Dumazet: "Re: [syzbot] WARNING in u32_change"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On Sun, Sep 25, 2022 at 11:38 AM Jamal Hadi Salim <jhs@xxxxxxxxxxxx> wrote:
>
> Is there a way to tell the boat "looking into it?"

I guess I have to swim across to it to get the message;->

I couldnt see the warning message but it is obvious by inspection that
the memcpy is broken. We should add more test coverage.
This should fix it. Will send a formal patch later:

diff --git a/net/sched/cls_u32.c b/net/sched/cls_u32.c
index 4d27300c2..591cbbf27 100644
--- a/net/sched/cls_u32.c
+++ b/net/sched/cls_u32.c
@@ -1019,7 +1019,7 @@ static int u32_change(struct net *net, struct
sk_buff *in_skb,
}

s = nla_data(tb[TCA_U32_SEL]);
- sel_size = struct_size(s, keys, s->nkeys);
+ sel_size = struct_size(s, keys, s->nkeys) + sizeof(n->sel);
if (nla_len(tb[TCA_U32_SEL]) < sel_size) {
err = -EINVAL;
goto erridr;

Next message: Regzbot (on behalf of Thorsten Leemhuis): "Linux regressions report for mainline [2022-09-25]"
Previous message: Luca Weiss: "[PATCH 2/2] ARM: dts: qcom: apq8084: add tsens interrupt"
In reply to: Jamal Hadi Salim: "Re: [syzbot] WARNING in u32_change"
Next in thread: Eric Dumazet: "Re: [syzbot] WARNING in u32_change"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]