diff options
author | Mahesh Bandewar <maheshb@google.com> | 2019-10-11 18:14:55 -0700 |
---|---|---|
committer | David S. Miller <davem@davemloft.net> | 2019-10-15 10:35:23 -0700 |
commit | b0818f80c8c1bc215bba276bd61c216014fab23b (patch) | |
tree | 4ca7931e6ae9d3e2d3d115d01b0fda824a9ca97e /Documentation | |
parent | 9cb0aec9ad370163b4cb038d9538baceadb345de (diff) | |
download | linux-stable-b0818f80c8c1bc215bba276bd61c216014fab23b.tar.gz linux-stable-b0818f80c8c1bc215bba276bd61c216014fab23b.tar.bz2 linux-stable-b0818f80c8c1bc215bba276bd61c216014fab23b.zip |
blackhole_netdev: fix syzkaller reported issue
While invalidating the dst, we assign backhole_netdev instead of
loopback device. However, this device does not have idev pointer
and hence no ip6_ptr even if IPv6 is enabled. Possibly this has
triggered the syzbot reported crash.
The syzbot report does not have reproducer, however, this is the
only device that doesn't have matching idev created.
Crash instruction is :
static inline bool ip6_ignore_linkdown(const struct net_device *dev)
{
const struct inet6_dev *idev = __in6_dev_get(dev);
return !!idev->cnf.ignore_routes_with_linkdown; <= crash
}
Also ipv6 always assumes presence of idev and never checks for it
being NULL (as does the above referenced code). So adding a idev
for the blackhole_netdev to avoid this class of crashes in the future.
Signed-off-by: David S. Miller <davem@davemloft.net>
Diffstat (limited to 'Documentation')
0 files changed, 0 insertions, 0 deletions