github-mirror/linux
1
0
Fork 0
mirror of https://github.com/torvalds/linux.git synced 2026-06-08 14:42:37 +02:00
Code Issues Actions Packages Projects Releases Wiki Activity Graph
Linux kernel source tree
1,050,072 Commits 1 Branch 934 Tags 20 GiB
C 97%
Assembly 1%
Shell 0.6%
Rust 0.5%
Python 0.4%
Other 0.3%
7409ff6393
Go to file
Petr Machata 7409ff6393 af_netlink: Fix shift out of bounds in group mask calculation 
[ Upstream commit 0caf6d9922 ]

When a netlink message is received, netlink_recvmsg() fills in the address
of the sender. One of the fields is the 32-bit bitfield nl_groups, which
carries the multicast group on which the message was received. The least
significant bit corresponds to group 1, and therefore the highest group
that the field can represent is 32. Above that, the UB sanitizer flags the
out-of-bounds shift attempts.

Which bits end up being set in such case is implementation defined, but
it's either going to be a wrong non-zero value, or zero, which is at least
not misleading. Make the latter choice deterministic by always setting to 0
for higher-numbered multicast groups.

To get information about membership in groups >= 32, userspace is expected
to use nl_pktinfo control messages[0], which are enabled by NETLINK_PKTINFO
socket option.
[0] https://lwn.net/Articles/147608/

The way to trigger this issue is e.g. through monitoring the BRVLAN group:

	# bridge monitor vlan &
	# ip link add name br type bridge

Which produces the following citation:

	UBSAN: shift-out-of-bounds in net/netlink/af_netlink.c:162:19
	shift exponent 32 is too large for 32-bit type 'int'

Fixes: f7fa9b10ed ("[NETLINK]: Support dynamic number of multicast groups per netlink family")
Signed-off-by: Petr Machata <petrm@nvidia.com>
Reviewed-by: Ido Schimmel <idosch@nvidia.com>
Link: https://lore.kernel.org/r/2bef6aabf201d1fc16cca139a744700cff9dcb04.1647527635.git.petrm@nvidia.com
Signed-off-by: Jakub Kicinski <kuba@kernel.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
2022-04-08 14:23:42 +02:00
arch MIPS: pgalloc: fix memory leak caused by pgd_free() 2022-04-08 14:23:39 +02:00
block block: don't delete queue kobject before its children 2022-04-08 14:23:07 +02:00
certs certs: Add support for using elliptic curve keys for signing modules 2021-08-23 19:55:42 +03:00
crypto crypto: authenc - Fix sleep in atomic context in decrypt_tail 2022-04-08 14:23:05 +02:00
Documentation vsprintf: Fix %pK with kptr_restrict == 0 2022-04-08 14:23:18 +02:00
drivers Bluetooth: btmtksdio: Fix kernel oops in btmtksdio_interrupt 2022-04-08 14:23:41 +02:00
fs ext2: correct max file size computing 2022-04-08 14:23:35 +02:00
include netfilter: flowtable: Fix QinQ and pppoe support for inet table 2022-04-08 14:23:40 +02:00
init init: make unknown command line param message clearer 2021-11-18 19:17:11 +01:00
ipc ipc/sem: do not sleep with a spin lock held 2022-02-08 18:34:03 +01:00
kernel livepatch: Fix build failure on 32 bits processors 2022-04-08 14:23:29 +02:00
lib vsprintf: Fix %pK with kptr_restrict == 0 2022-04-08 14:23:18 +02:00
LICENSES LICENSES/dual/CC-BY-4.0: Git rid of "smart quotes" 2021-07-15 06:31:24 -06:00
mm mm/kmemleak: reset tag when compare object pointer 2022-04-08 14:22:56 +02:00
net af_netlink: Fix shift out of bounds in group mask calculation 2022-04-08 14:23:42 +02:00
samples samples/bpf, xdpsock: Fix race when running for fix duration of time 2022-04-08 14:23:40 +02:00
scripts scripts/dtc: Call pkg-config POSIXly correct 2022-04-08 14:23:29 +02:00
security TOMOYO: fix __setup handlers return values 2022-04-08 14:23:35 +02:00
sound ASoC: amd: Fix reference to PCM buffer address 2022-04-08 14:23:22 +02:00
tools selftests/bpf: Fix error reporting from sock_fields programs 2022-04-08 14:23:41 +02:00
usr usr/include/Makefile: add linux/nfc.h to the compile-test coverage 2022-02-01 17:27:15 +01:00
virt KVM: Fix lockdep false negative during host resume 2022-03-16 14:23:40 +01:00
.clang-format clang-format: Update with the latest for_each macro list 2021-05-12 23:32:39 +02:00
.cocciconfig
.get_maintainer.ignore Opt out of scripts/get_maintainer.pl 2019-05-16 10:53:40 -07:00
.gitattributes .gitattributes: use 'dts' diff driver for dts files 2019-12-04 19:44:11 -08:00
.gitignore .gitignore: ignore only top-level modules.builtin 2021-05-02 00:43:35 +09:00
.mailmap mailmap: add Andrej Shadura 2021-10-18 20:22:03 -10:00
COPYING COPYING: state that all contributions really are covered by this file 2020-02-10 13:32:20 -08:00
CREDITS MAINTAINERS: Move Daniel Drake to credits 2021-09-21 08:34:58 +03:00
Kbuild kbuild: rename hostprogs-y/always to hostprogs/always-y 2020-02-04 01:53:07 +09:00
Kconfig kbuild: ensure full rebuild when the compiler is updated 2020-05-12 13:28:33 +09:00
MAINTAINERS MAINTAINERS: adjust file entry for of_net.c after movement 2022-03-08 19:12:53 +01:00
Makefile Linux 5.15.32 2022-03-28 09:58:46 +02:00
README Drop all 00-INDEX files from Documentation/ 2018-09-09 15:08:58 -06:00

README 

Linux kernel
============

There are several guides for kernel developers and users. These guides can
be rendered in a number of formats, like HTML and PDF. Please read
Documentation/admin-guide/README.rst first.

In order to build the documentation, use ``make htmldocs`` or
``make pdfdocs``.  The formatted documentation can also be read online at:

    https://www.kernel.org/doc/html/latest/

There are various text files in the Documentation/ subdirectory,
several of them using the Restructured Text markup notation.

Please read the Documentation/process/changes.rst file, as it contains the
requirements for building and running the kernel, and information about
the problems which may result by upgrading your kernel.