/* * netsniff-ng - the packet sniffing beast * Copyright 2012 Markus Amend , Deutsche Flugsicherung GmbH * Subject to the GPL, version 2. * * IPv6 Fragmentation Header described in RFC2460 */ #include #include #include /* for ntohs() */ #include "proto.h" #include "dissector_eth.h" #include "built_in.h" #include "pkt_buff.h" struct fragmhdr { uint8_t h_fragm_next_header; uint8_t h_fragm_reserved; uint16_t h_fragm_off_res_M; uint32_t h_fragm_identification; } __packed; static void fragm(struct pkt_buff *pkt) { uint16_t off_res_M; struct fragmhdr *fragm_ops; fragm_ops = (struct fragmhdr *) pkt_pull(pkt, sizeof(*fragm_ops)); if (fragm_ops == NULL) return; off_res_M = ntohs(fragm_ops->h_fragm_off_res_M); tprintf("\t [ Fragment "); tprintf("NextHdr (%u), ", fragm_ops->h_fragm_next_header); tprintf("Reserved (%u), ", fragm_ops->h_fragm_reserved); tprintf("Offset (%u), ", off_res_M >> 3); tprintf("Res (%u), ", (off_res_M >> 1) & 0x3); tprintf("M flag (%u), ", off_res_M & 0x1); tprintf("Identification (%u)", ntohl(fragm_ops->h_fragm_identification)); tprintf(" ]\n"); pkt_set_dissector(pkt, ð_lay3, fragm_ops->h_fragm_next_header); } static void fragm_less(struct pkt_buff *pkt) { uint16_t off_res_M; struct fragmhdr *fragm_ops; fragm_ops = (struct fragmhdr *) pkt_pull(pkt, sizeof(*fragm_ops)); if (fragm_ops == NULL) return; off_res_M = ntohs(fragm_ops->h_fragm_off_res_M); tprintf(" FragmOffs %u", off_res_M >> 3); pkt_set_dissector(pkt, ð_lay3, fragm_ops->h_fragm_next_header); } struct protocol ipv6_fragm_ops = { .key = 0x2C, .print_full = fragm, .print_less = fragm_less, }; href='/cgit.cgi/linux/net-next.git/log/?h=nds-private-remove'>logtreecommitdiff
diff options
context:
space:
mode:
authorDmitry Vyukov <dvyukov@google.com>2016-10-11 14:13:38 +0200
committerIngo Molnar <mingo@kernel.org>2016-10-16 10:58:59 +0200
commit9254139ad083433c50ba62920107ed55fc4ca5e2 (patch)
treee1bd7b4240f0034483ee2397e47b40657ebaf823
parent1001354ca34179f3db924eb66672442a173147dc (diff)
kprobes: Avoid false KASAN reports during stack copy
Kprobes save and restore raw stack chunks with memcpy(). With KASAN these chunks can contain poisoned stack redzones, as the result memcpy() interceptor produces false stack out-of-bounds reports. Use __memcpy() instead of memcpy() for stack copying. __memcpy() is not instrumented by KASAN and does not lead to the false reports. Currently there is a spew of KASAN reports during boot if CONFIG_KPROBES_SANITY_TEST is enabled: [ ] Kprobe smoke test: started [ ] ================================================================== [ ] BUG: KASAN: stack-out-of-bounds in setjmp_pre_handler+0x17c/0x280 at addr ffff88085259fba8 [ ] Read of size 64 by task swapper/0/1 [ ] page:ffffea00214967c0 count:0 mapcount:0 mapping: (null) index:0x0 [ ] flags: 0x2fffff80000000() [ ] page dumped because: kasan: bad access detected [...] Reported-by: CAI Qian <caiqian@redhat.com> Tested-by: CAI Qian <caiqian@redhat.com> Signed-off-by: Dmitry Vyukov <dvyukov@google.com> Acked-by: Masami Hiramatsu <mhiramat@kernel.org> Cc: Alexander Potapenko <glider@google.com> Cc: Alexander Shishkin <alexander.shishkin@linux.intel.com> Cc: Ananth N Mavinakayanahalli <ananth@linux.vnet.ibm.com> Cc: Andrew Morton <akpm@linux-foundation.org> Cc: Andrey Ryabinin <ryabinin.a.a@gmail.com> Cc: Andy Lutomirski <luto@kernel.org> Cc: Anil S Keshavamurthy <anil.s.keshavamurthy@intel.com> Cc: Arnaldo Carvalho de Melo <acme@redhat.com> Cc: Borislav Petkov <bp@alien8.de> Cc: Brian Gerst <brgerst@gmail.com> Cc: David S. Miller <davem@davemloft.net> Cc: Denys Vlasenko <dvlasenk@redhat.com> Cc: H. Peter Anvin <hpa@zytor.com> Cc: Jiri Olsa <jolsa@redhat.com> Cc: Josh Poimboeuf <jpoimboe@redhat.com> Cc: Linus Torvalds <torvalds@linux-foundation.org> Cc: Peter Zijlstra <peterz@infradead.org> Cc: Thomas Gleixner <tglx@linutronix.de> Cc: kasan-dev@googlegroups.com [ Improved various details. ] Signed-off-by: Ingo Molnar <mingo@kernel.org>