Page MenuHomeFreeBSD
Differential D33192

if_stf: KASAN fix
ClosedPublic
Actions

Authored by kp on Nov 30 2021, 4:46 PM.
Tags
None
Referenced Files
Unknown Object (File)
Tue, Nov 26, 11:06 AM
Unknown Object (File)
Tue, Nov 26, 11:05 AM
Unknown Object (File)
Tue, Nov 26, 11:05 AM
Unknown Object (File)
Tue, Nov 26, 11:05 AM
Unknown Object (File)
Tue, Nov 26, 10:34 AM
Unknown Object (File)
Nov 11 2024, 10:30 AM
Unknown Object (File)
Nov 11 2024, 9:49 AM
Unknown Object (File)
Oct 24 2024, 12:34 PM
View All 57 Files
Subscribers
ae
glebius
imp
markj
melifaro

Details

Reviewers
markj
Group Reviewers
network
pfsense
Commits
rG439da7f06dce: if_stf: KASAN fix
Summary

In in_stf_input() we grabbed a pointer to the IPv4 header and later did
an m_pullup() before we look at the IPv6 header. However, m_pullup()
could rearrange the mbuf chain and potentially invalidate the pointer to
the IPv4 header.

Avoid this issue by copying the IP header rather than getting a pointer
to it.

While here also ensure we've done an m_pullup() for the IPv4 header.

Reported by: markj, Jenkins (KASAN job)
MFC after: 1 week
Sponsored by: Rubicon Communications, LLC ("Netgate")

Diff Detail

Repository
rG FreeBSD src repository
Lint
Lint Not Applicable
Unit
Tests Not Applicable

Event Timeline

kp created this revision.Nov 30 2021, 4:46 PM
Herald added subscribers: glebius, melifaro, ae, imp. · View Herald TranscriptNov 30 2021, 4:46 PM
kp requested review of this revision.Nov 30 2021, 4:46 PM
Harbormaster completed remote builds in B43055: Diff 99244.Nov 30 2021, 4:46 PM
markj added a subscriber: markj.Nov 30 2021, 4:52 PM
markj added inline comments.
sys/net/if_stf.c
755

This could be m_copydata(m, 0, sizeof(*ip), &ip).

Also the check below implies that we could have sc == NULL, so it's not safe to dereference ifp yet. Using m_copydata() would fix that problem too.

markj added inline comments.Nov 30 2021, 4:56 PM
sys/net/if_stf.c
755

... that assumes though that the packet is at least 20 bytes long. I'm not sure if there's something guaranteeing that.

kp updated this revision to Diff 99245.Nov 30 2021, 5:04 PM

Remarks

Harbormaster completed remote builds in B43056: Diff 99245.Nov 30 2021, 5:04 PM
markj accepted this revision.Nov 30 2021, 5:21 PM

The stf tests pass for me with KASAN+this change. Thanks!

This revision is now accepted and ready to land.Nov 30 2021, 5:21 PM
Closed by commit rG439da7f06dce: if_stf: KASAN fix (authored by kp). · Explain WhyNov 30 2021, 5:36 PM
This revision was automatically updated to reflect the committed changes.
kp added a commit: rG439da7f06dce: if_stf: KASAN fix.

Revision Contents
Changeset List

PathSize
sys/
net/
14 lines

Diff 99252

View Options

sys/net/if_stf.c

Loading...