openkylin
/
linux
mirror of https://gitee.com/openkylin/linux.git
9
0
Fork 0
Code Issues Projects Releases Wiki Activity
linux/drivers
History
Taehee Yoo 022e9d6090 net: macsec: fix using wrong structure in macsec_changelink() 
In the macsec_changelink(), "struct macsec_tx_sa tx_sc" is used to
store "macsec_secy.tx_sc".
But, the struct type of tx_sc is macsec_tx_sc, not macsec_tx_sa.
So, the macsec_tx_sc should be used instead.

Test commands:
    ip link add dummy0 type dummy
    ip link add macsec0 link dummy0 type macsec
    ip link set macsec0 type macsec encrypt off

Splat looks like:
[61119.963483][ T9335] ==================================================================
[61119.964709][ T9335] BUG: KASAN: slab-out-of-bounds in macsec_changelink.part.34+0xb6/0x200 [macsec]
[61119.965787][ T9335] Read of size 160 at addr ffff888020d69c68 by task ip/9335
[61119.966699][ T9335]
[61119.966979][ T9335] CPU: 0 PID: 9335 Comm: ip Not tainted 5.6.0+ #503
[61119.967791][ T9335] Hardware name: innotek GmbH VirtualBox/VirtualBox, BIOS VirtualBox 12/01/2006
[61119.968914][ T9335] Call Trace:
[61119.969324][ T9335]  dump_stack+0x96/0xdb
[61119.969809][ T9335]  ? macsec_changelink.part.34+0xb6/0x200 [macsec]
[61119.970554][ T9335]  print_address_description.constprop.5+0x1be/0x360
[61119.971294][ T9335]  ? macsec_changelink.part.34+0xb6/0x200 [macsec]
[61119.971973][ T9335]  ? macsec_changelink.part.34+0xb6/0x200 [macsec]
[61119.972703][ T9335]  __kasan_report+0x12a/0x170
[61119.973323][ T9335]  ? macsec_changelink.part.34+0xb6/0x200 [macsec]
[61119.973942][ T9335]  kasan_report+0xe/0x20
[61119.974397][ T9335]  check_memory_region+0x149/0x1a0
[61119.974866][ T9335]  memcpy+0x1f/0x50
[61119.975209][ T9335]  macsec_changelink.part.34+0xb6/0x200 [macsec]
[61119.975825][ T9335]  ? macsec_get_stats64+0x3e0/0x3e0 [macsec]
[61119.976451][ T9335]  ? kernel_text_address+0x111/0x120
[61119.976990][ T9335]  ? pskb_expand_head+0x25f/0xe10
[61119.977503][ T9335]  ? stack_trace_save+0x82/0xb0
[61119.977986][ T9335]  ? memset+0x1f/0x40
[61119.978397][ T9335]  ? __nla_validate_parse+0x98/0x1ab0
[61119.978936][ T9335]  ? macsec_alloc_tfm+0x90/0x90 [macsec]
[61119.979511][ T9335]  ? __kasan_slab_free+0x111/0x150
[61119.980021][ T9335]  ? kfree+0xce/0x2f0
[61119.980700][ T9335]  ? netlink_trim+0x196/0x1f0
[61119.981420][ T9335]  ? nla_memcpy+0x90/0x90
[61119.982036][ T9335]  ? register_lock_class+0x19e0/0x19e0
[61119.982776][ T9335]  ? memcpy+0x34/0x50
[61119.983327][ T9335]  __rtnl_newlink+0x922/0x1270
[ ... ]

Fixes: 3cf3227a21 ("net: macsec: hardware offloading infrastructure")
Signed-off-by: Taehee Yoo <ap420073@gmail.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
 		2020-04-09 10:16:00 -07:00
..
accessibility
acpi Additional ACPI updates for 5.7-rc1 2020-04-06 10:35:06 -07:00
amba Revert "amba: Initialize dma_parms for amba devices" 2020-04-01 08:03:28 +02:00
android Merge 5.6-rc7 into char-misc-next 2020-03-23 07:59:38 +01:00
ata ata: make "libata.force" kernel parameter optional 2020-03-26 10:28:20 -06:00
atm .gitignore: add SPDX License Identifier 2020-03-25 11:50:48 +01:00
auxdisplay Merge 5.6-rc7 into char-misc-next 2020-03-23 07:59:38 +01:00
base mm/memory_hotplug: allow to specify a default online_type 2020-04-07 10:43:41 -07:00
bcma
block for-5.7/drivers-2020-03-29 2020-03-30 11:43:51 -07:00
bluetooth
bus ARM: driver updates 2020-04-03 15:05:35 -07:00
cdrom
char sysfs: remove redundant __compat_only_sysfs_link_entry_to_kobj fn 2020-04-05 11:34:35 -07:00
clk There's not much to see in the core framework this time around. Instead the 2020-04-05 10:43:32 -07:00
clocksource clocksource/drivers/timer-vf-pit: Add missing parenthesis 2020-04-05 09:24:58 +02:00
connector
counter
cpufreq Additional power management updates for 5.7-rc1 2020-04-06 10:14:39 -07:00
cpuidle ARM: SoC updates 2020-04-03 15:02:35 -07:00
crypto Merge git://git.kernel.org/pub/scm/linux/kernel/git/netdev/net 2020-04-07 12:03:32 -07:00
dax
dca
devfreq PM / devfreq: Fix handling dev_pm_qos_remove_request result 2020-03-25 08:35:03 +09:00
dio
dma dmaengine updates for v5.7-rc1 2020-04-02 16:04:42 -07:00
dma-buf
edac Merge branch 'perf-core-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip 2020-03-30 16:40:08 -07:00
eisa .gitignore: add SPDX License Identifier 2020-03-25 11:50:48 +01:00
extcon Char/Misc driver patches for 5.7-rc1 2020-04-03 13:22:40 -07:00
firewire
firmware ARM: driver updates 2020-04-03 15:05:35 -07:00
fpga
fsi
gnss
gpio This is the bulk of GPIO development for the v5.7 kernel cycle. 2020-04-04 10:27:00 -07:00
gpu New tracing features: 2020-04-05 10:36:18 -07:00
greybus
hid Merge branch 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/hid/hid 2020-04-01 15:18:42 -07:00
hsi
hv hv_balloon: don't check for memhp_auto_online manually 2020-04-07 10:43:40 -07:00
hwmon Merge branch 'perf-core-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip 2020-03-30 16:40:08 -07:00
hwspinlock hwspinlock: hwspinlock_internal.h: Replace zero-length array with flexible-array member 2020-03-25 22:30:46 -07:00
hwtracing intel_th: msu: Make stopping the trace optional 2020-03-24 13:45:24 +01:00
i2c Merge branch 'i2c/for-5.7' of git://git.kernel.org/pub/scm/linux/kernel/git/wsa/linux 2020-04-02 15:54:13 -07:00
i3c i3c: convert to use i2c_new_client_device() 2020-03-29 10:35:50 +02:00
ide drivers/ide: Fix build regression. 2020-04-04 18:07:59 -07:00
idle Merge branch 'perf-core-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip 2020-03-30 16:40:08 -07:00
iio staging: iio: adc: ad7192: Re-indent enum labels 2020-03-23 11:43:42 +01:00
infiniband RDMA 5.7 pull request 2020-04-01 18:18:18 -07:00
input Driver core patches for 5.7-rc1 2020-03-30 13:59:52 -07:00
interconnect
iommu
ipack
irqchip Two reverts addressing regressions of the Xilinx interrupt controller 2020-04-05 11:57:12 -07:00
isdn
leds
lightnvm for-5.7/drivers-2020-03-29 2020-03-30 11:43:51 -07:00
macintosh Char/Misc driver patches for 5.7-rc1 2020-04-03 13:22:40 -07:00
mailbox
mcb
md - Fix excessive bio splitting that caused performance regressions. 2020-04-03 14:44:48 -07:00
media Power management updates for 5.7-rc1 2020-03-30 15:05:01 -07:00
memory ARM: driver updates 2020-04-03 15:05:35 -07:00
memstick
message scsi: message: fusion: Replace zero-length array with flexible-array member 2020-03-26 22:40:47 -04:00
mfd
misc drivers/misc/lkdtm/bugs.c: add arithmetic overflow and array bounds checks 2020-04-07 10:43:44 -07:00
mmc MMC core: 2020-03-31 16:13:09 -07:00
most staging: most: move core files out of the staging area 2020-03-24 13:42:44 +01:00
mtd This pull request contains fixes for UBI and UBIFS: 2020-04-07 12:40:56 -07:00
mux
net net: macsec: fix using wrong structure in macsec_changelink() 2020-04-09 10:16:00 -07:00
nfc Merge git://git.kernel.org/pub/scm/linux/kernel/git/netdev/net 2020-03-25 18:58:11 -07:00
ntb pci-v5.7-changes 2020-04-03 14:25:02 -07:00
nubus
nvdimm block: simplify queue allocation 2020-03-27 10:23:43 -06:00
nvme SCSI misc on 20200402 2020-04-02 17:03:53 -07:00
nvmem nvmem: core: remove nvmem_sysfs_get_groups() 2020-03-25 19:23:49 +01:00
of Devicetree updates for v5.7: 2020-04-02 17:32:52 -07:00
opp
oprofile
parisc parisc: Replace setup_irq() by request_irq() 2020-04-05 22:05:23 +02:00
parport
pci powerpc updates for 5.7 2020-04-05 11:12:59 -07:00
pcmcia pcmcia: remove some unused space characters 2020-03-31 18:48:22 +02:00
perf arm64 updates for 5.7: 2020-03-31 10:05:01 -07:00
phy pci-v5.7-changes 2020-04-03 14:25:02 -07:00
pinctrl This is the bulk of GPIO development for the v5.7 kernel cycle. 2020-04-04 10:27:00 -07:00
platform Additional ACPI updates for 5.7-rc1 2020-04-06 10:35:06 -07:00
pnp
power power supply and reset changes for the v5.7 series 2020-04-05 13:47:57 -07:00
powercap Merge branch 'perf-core-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip 2020-03-30 16:40:08 -07:00
pps
ps3
ptp ptp: Avoid deadlocks in the programmable pin code. 2020-03-30 11:16:38 -07:00
pwm
rapidio
ras
regulator spi/regulator: Updates for v5.7 2020-03-30 14:58:26 -07:00
remoteproc remoteproc/omap: Fix set_load call in omap_rproc_request_timer 2020-04-03 10:47:21 -07:00
reset
rpmsg
rtc RTC for 5.7 2020-04-04 10:38:01 -07:00
s390 s390 updates for the 5.7 merge window 2020-04-04 09:45:50 -07:00
sbus
scsi pci-v5.7-changes 2020-04-03 14:25:02 -07:00
sfi
sh
siox
slimbus
soc ARM: driver updates 2020-04-03 15:05:35 -07:00
soundwire Char/Misc driver patches for 5.7-rc1 2020-04-03 13:22:40 -07:00
spi sound updates for 5.7-rc1 2020-04-02 15:50:04 -07:00
spmi
ssb
staging Char/Misc driver patches for 5.7-rc1 2020-04-03 13:22:40 -07:00
target SCSI misc on 20200402 2020-04-02 17:03:53 -07:00
tc
tee ARM: driver updates 2020-04-03 15:05:35 -07:00
thermal Additional ACPI updates for 5.7-rc1 2020-04-06 10:35:06 -07:00
thunderbolt Merge 5.6-rc7 into usb-next 2020-03-23 08:04:08 +01:00
tty powerpc updates for 5.7 2020-04-05 11:12:59 -07:00
uio
usb SCSI misc on 20200402 2020-04-02 17:03:53 -07:00
vfio vfio: Ignore -ENODEV when getting MSI cookie 2020-04-01 13:51:51 -06:00
vhost
video Char/Misc driver patches for 5.7-rc1 2020-04-03 13:22:40 -07:00
virt
virtio virtio-balloon: switch back to OOM handler for VIRTIO_BALLOON_F_DEFLATE_ON_OOM 2020-04-07 10:43:39 -07:00
visorbus
vlynq
vme
w1
watchdog
xen xen: branch for v5.7-rc1 2020-04-03 12:51:46 -07:00
zorro SPDX patches for 5.7-rc1. 2020-04-03 13:12:26 -07:00
Kconfig New tracing features: 2020-04-05 10:36:18 -07:00
Makefile staging: most: move core files out of the staging area 2020-03-24 13:42:44 +01:00