Re: [PATCH net] inet_diag: Initialize pad field in struct inet_diag_req_v2
From: Eric Dumazet
Date: Wed Jul 03 2024 - 05:49:01 EST
On Wed, Jul 3, 2024 at 11:17 AM Shigeru Yoshida <syoshida@xxxxxxxxxx> wrote:
>
> KMSAN reported uninit-value access in raw_lookup() [1]. Diag for raw
> sockets uses the pad field in struct inet_diag_req_v2 for the
> underlying protocol. This field corresponds to the sdiag_raw_protocol
> field in struct inet_diag_req_raw.
>
> inet_diag_get_exact_compat() converts inet_diag_req to
> inet_diag_req_v2, but leaves the pad field uninitialized. So the issue
> occurs when raw_lookup() accesses the sdiag_raw_protocol field.
>
> Fix this by initializing the pad field in
> inet_diag_get_exact_compat(). Also, do the same fix in
> inet_diag_dump_compat() to avoid the similar issue in the future.
>
> Fixes: 432490f9d455 ("net: ip, diag -- Add diag interface for raw sockets")
> Reported-by: syzkaller <syzkaller@xxxxxxxxxxxxxxxx>
> Signed-off-by: Shigeru Yoshida <syoshida@xxxxxxxxxx>
Reviewed-by: Eric Dumazet <edumazet@xxxxxxxxxx>
Thanks !