• Florian Westphal's avatar
    xfrm: policy: avoid warning splat when merging nodes · 769a807d
    Florian Westphal authored
    syzbot reported a splat:
     xfrm_policy_inexact_list_reinsert+0x625/0x6e0 net/xfrm/xfrm_policy.c:877
     CPU: 1 PID: 6756 Comm: syz-executor.1 Not tainted 5.3.0-rc2+ #57
     Call Trace:
      xfrm_policy_inexact_node_reinsert net/xfrm/xfrm_policy.c:922 [inline]
      xfrm_policy_inexact_node_merge net/xfrm/xfrm_policy.c:958 [inline]
      xfrm_policy_inexact_insert_node+0x537/0xb50 net/xfrm/xfrm_policy.c:1023
      xfrm_policy_inexact_alloc_chain+0x62b/0xbd0 net/xfrm/xfrm_policy.c:1139
      xfrm_policy_inexact_insert+0xe8/0x1540 net/xfrm/xfrm_policy.c:1182
      xfrm_policy_insert+0xdf/0xce0 net/xfrm/xfrm_policy.c:1574
      xfrm_add_policy+0x4cf/0x9b0 net/xfrm/xfrm_user.c:1670
      xfrm_user_rcv_msg+0x46b/0x720 net/xfrm/xfrm_user.c:2676
      netlink_rcv_skb+0x1f0/0x460 net/netlink/af_netlink.c:2477
      xfrm_netlink_rcv+0x74/0x90 net/xfrm/xfrm_user.c:2684
      netlink_unicast_kernel net/netlink/af_netlink.c:1302 [inline]
      netlink_unicast+0x809/0x9a0 net/netlink/af_netlink.c:1328
      netlink_sendmsg+0xa70/0xd30 net/netlink/af_netlink.c:1917
      sock_sendmsg_nosec net/socket.c:637 [inline]
      sock_sendmsg net/socket.c:657 [inline]
    
    There is no reproducer, however, the warning can be reproduced
    by adding rules with ever smaller prefixes.
    
    The sanity check ("does the policy match the node") uses the prefix value
    of the node before its updated to the smaller value.
    
    To fix this, update the prefix earlier.  The bug has no impact on tree
    correctness, this is only to prevent a false warning.
    
    Reported-by: syzbot+8cc27ace5f6972910b31@syzkaller.appspotmail.com
    Signed-off-by: default avatarFlorian Westphal <fw@strlen.de>
    Signed-off-by: default avatarSteffen Klassert <steffen.klassert@secunet.com>
    769a807d
xfrm_policy.c 106 KB