Re: [PATCH net] vxlan: Fix uninit-value in vxlan_vnifilter_dump()
From: Ido Schimmel
Date: Thu Jan 23 2025 - 16:01:32 EST
On Thu, Jan 23, 2025 at 11:57:46PM +0900, Shigeru Yoshida wrote:
> KMSAN reported an uninit-value access in vxlan_vnifilter_dump() [1].
>
> If the length of the netlink message payload is less than
> sizeof(struct tunnel_msg), vxlan_vnifilter_dump() accesses bytes
> beyond the message. This can lead to uninit-value access. Fix this by
> returning an error in such situations.
[...]
> Fixes: f9c4bb0b245c ("vxlan: vni filtering support on collect metadata device")
> Reported-by: syzkaller <syzkaller@xxxxxxxxxxxxxxxx>
> Signed-off-by: Shigeru Yoshida <syoshida@xxxxxxxxxx>
Reviewed-by: Ido Schimmel <idosch@xxxxxxxxxx>