On Tue, Oct 29, 2024 at 9:41 AM Alexander Lobakin
<aleksander.lobakin@xxxxxxxxx> wrote:
> > + if (unlikely(skb->len < dev->min_header_len ||
> > + skb_mac_header_len(skb) < dev->min_header_len ||
> > + skb_mac_header_len(skb) > dev->hard_header_len)) {
> > + kfree_skb(skb);
> > + return -ERANGE;
> > + }
>
> I believe this should go under IS_ENABLED(CONFIG_KMSAN) or
> CONFIG_DEBUG_NET or so to not affect the regular configurations.
> Or does this fix some real bug?
Well in my opinion, an infoleak is still an infoleak. But, this would
likely not get triggered as long as an skb with a properly initialized
eth header is passed into the bpf_clone_redirect function. We could
initialize the memory to 0 but the performance hit would be too much.
If the bpf_clone_redirect() function cannot be called from user space
with user-crafted skbs as input, I don't think this is really an issue
and we can just put it under the macros to get rid of the syzbot
error.
- Daniel
