WSL2-Linux-Kernel

История

Yue Haibing 30e0191b16 ip6mr: Fix skb_under_panic in ip6mr_cache_report() skbuff: skb_under_panic: text:ffffffff88771f69 len:56 put:-4 head:ffff88805f86a800 data:ffff887f5f86a850 tail:0x88 end:0x2c0 dev:pim6reg ------------[ cut here ]------------ kernel BUG at net/core/skbuff.c:192! invalid opcode: 0000 [#1] PREEMPT SMP KASAN CPU: 2 PID: 22968 Comm: kworker/2:11 Not tainted 6.5.0-rc3-00044-g0a8db05b571a #236 Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.15.0-1 04/01/2014 Workqueue: ipv6_addrconf addrconf_dad_work RIP: 0010:skb_panic+0x152/0x1d0 Call Trace: <TASK> skb_push+0xc4/0xe0 ip6mr_cache_report+0xd69/0x19b0 reg_vif_xmit+0x406/0x690 dev_hard_start_xmit+0x17e/0x6e0 __dev_queue_xmit+0x2d6a/0x3d20 vlan_dev_hard_start_xmit+0x3ab/0x5c0 dev_hard_start_xmit+0x17e/0x6e0 __dev_queue_xmit+0x2d6a/0x3d20 neigh_connected_output+0x3ed/0x570 ip6_finish_output2+0x5b5/0x1950 ip6_finish_output+0x693/0x11c0 ip6_output+0x24b/0x880 NF_HOOK.constprop.0+0xfd/0x530 ndisc_send_skb+0x9db/0x1400 ndisc_send_rs+0x12a/0x6c0 addrconf_dad_completed+0x3c9/0xea0 addrconf_dad_work+0x849/0x1420 process_one_work+0xa22/0x16e0 worker_thread+0x679/0x10c0 ret_from_fork+0x28/0x60 ret_from_fork_asm+0x11/0x20 When setup a vlan device on dev pim6reg, DAD ns packet may sent on reg_vif_xmit(). reg_vif_xmit() ip6mr_cache_report() skb_push(skb, -skb_network_offset(pkt));//skb_network_offset(pkt) is 4 And skb_push declared as: void skb_push(struct sk_buff skb, unsigned int len); skb->data -= len; //0xffff88805f86a84c - 0xfffffffc = 0xffff887f5f86a850 skb->data is set to 0xffff887f5f86a850, which is invalid mem addr, lead to skb_push() fails. Fixes: `14fb64e1f4` ("[IPV6] MROUTE: Support PIM-SM (SSM).") Signed-off-by: Yue Haibing <yuehaibing@huawei.com> Reviewed-by: Eric Dumazet <edumazet@google.com> Signed-off-by: David S. Miller <davem@davemloft.net>		2023-08-02 10:35:21 +01:00
..
ila	ila: do not generate empty messages in ila_xlat_nl_cmd_get_mapping()	2023-03-01 08:48:46 +00:00
netfilter	Revert "net: Remove low_thresh in ip defrag"	2023-05-16 20:46:30 -07:00
Kconfig	…
Makefile	…
addrconf.c	ipv6 addrconf: fix bug where deleting a mngtmpaddr can create a new temporary address	2023-07-24 15:51:21 -07:00
addrconf_core.c	…
addrlabel.c	…
af_inet6.c	sock: Remove ->sendpage*() in favour of sendmsg(MSG_SPLICE_PAGES)	2023-06-24 15:50:13 -07:00
ah6.c	…
anycast.c	…
calipso.c	…
datagram.c	…
esp6.c	…
esp6_offload.c	Merge git://git.kernel.org/pub/scm/linux/kernel/git/netdev/net	2023-06-22 18:40:38 -07:00
exthdrs.c	ipv6: exthdrs: Remove redundant skb_headlen() check in ip6_parse_tlv().	2023-06-19 11:32:58 -07:00
exthdrs_core.c	ipv6: Fix out-of-bounds access in ipv6_find_tlv()	2023-05-24 08:43:39 +01:00
exthdrs_offload.c	…
fib6_notifier.c	…
fib6_rules.c	…
fou6.c	…
icmp.c	icmp6: Fix null-ptr-deref of ip6_null_entry->rt6i_idev in icmp6_dev().	2023-07-08 10:08:54 +01:00
inet6_connection_sock.c	net: annotate lockless accesses to sk->sk_err_soft	2023-03-17 08:25:05 +00:00
inet6_hashtables.c	…
ioam6.c	…
ioam6_iptunnel.c	…
ip6_checksum.c	…
ip6_fib.c	ipv6: remove nexthop_fib6_nh_bh()	2023-05-11 18:07:05 -07:00
ip6_flowlabel.c	ipv6: flowlabel: do not disable BH where not needed	2023-03-21 21:32:18 -07:00
ip6_gre.c	net:ipv6: check return value of pskb_trim()	2023-07-19 12:25:58 +01:00
ip6_icmp.c	…
ip6_input.c	netfilter: keep conntrack reference until IPsecv6 policy checks are done	2023-03-22 21:50:23 +01:00
ip6_offload.c	net: move gso declarations and functions to their own files	2023-06-10 00:11:41 -07:00
ip6_offload.h	…
ip6_output.c	ip, ip6: Fix splice to raw and ping sockets	2023-06-16 11:45:16 -07:00
ip6_tunnel.c	net: tunnels: annotate lockless accesses to dev->needed_headroom	2023-03-15 00:04:04 -07:00
ip6_udp_tunnel.c	…
ip6_vti.c	…
ip6mr.c	ip6mr: Fix skb_under_panic in ip6mr_cache_report()	2023-08-02 10:35:21 +01:00
ipcomp6.c	…
ipv6_sockglue.c	net/ipv6: Initialise msg_control_is_user	2023-04-14 11:09:27 +01:00
mcast.c	ipv6: constify inet6_mc_check()	2023-03-17 08:56:37 +00:00
mcast_snoop.c	…
mip6.c	…
ndisc.c	neighbour: annotate lockless accesses to n->nud_state	2023-03-15 00:37:32 -07:00
netfilter.c	…
output_core.c	…
ping.c	net: annotate data-races around sk->sk_mark	2023-07-29 18:13:41 +01:00
proc.c	…
protocol.c	…
raw.c	net: annotate data-races around sk->sk_priority	2023-07-29 18:13:41 +01:00
reassembly.c	Revert "net: Remove low_thresh in ip defrag"	2023-05-16 20:46:30 -07:00
route.c	net: annotate data-races around sk->sk_mark	2023-07-29 18:13:41 +01:00
rpl.c	ipv6: rpl: Remove pskb(_may)?_pull() in ipv6_rpl_srh_rcv().	2023-06-19 11:32:58 -07:00
rpl_iptunnel.c	…
seg6.c	…
seg6_hmac.c	…
seg6_iptunnel.c	seg6: Cleanup duplicates of skb_dst_drop calls	2023-05-17 09:05:47 +01:00
seg6_local.c	…
sit.c	sit: update dev->needed_headroom in ipip6_tunnel_bind_dev()	2023-04-28 09:48:14 +01:00
syncookies.c	…
sysctl_net_ipv6.c	…
tcp_ipv6.c	net: annotate data-races around sk->sk_priority	2023-07-29 18:13:41 +01:00
tcpv6_offload.c	net: Make gro complete function to return void	2023-05-31 09:50:17 +01:00
tunnel6.c	…
udp.c	net: annotate data-races around sk->sk_mark	2023-07-29 18:13:41 +01:00
udp_impl.h	…
udp_offload.c	net: gro: fix misuse of CB in udp socket lookup	2023-07-29 17:10:27 +01:00
udplite.c	udplite: Print deprecation notice.	2023-06-15 15:08:58 -07:00
xfrm6_input.c	xfrm: fix inbound ipv4/udp/esp packets to UDPv6 dualstack sockets	2023-06-09 08:16:34 +02:00
xfrm6_output.c	…
xfrm6_policy.c	net: dst: fix missing initialization of rt_uncached	2023-04-21 20:26:56 -07:00
xfrm6_protocol.c	…
xfrm6_state.c	…
xfrm6_tunnel.c	…