On Sun, 11 Oct 2020 02:39:29 +0530 Anmol Karn wrote:
> Flag ``ETHTOOL_A_STRSET_COUNTS_ONLY`` tells the kernel to only return the
> string
> counts of the sets, but, when req_info->counts_only tries to read the
> tb[ETHTOOL_A_STRSET_COUNTS_ONLY] it gets out of bound.
>
> - net/ethtool/strset.c
> The bug seems to trigger in this line:
>
> req_info->counts_only = tb[ETHTOOL_A_STRSET_COUNTS_ONLY];
>
> Fix it by NULL checking for req_info->counts_only while
> reading from tb[ETHTOOL_A_STRSET_COUNTS_ONLY].
>
> Reported-by: syzbot+9d1389df89299fa36...@syzkaller.appspotmail.com
> Link:
> https://syzkaller.appspot.com/bug?id=730deff8fe9954a5e317924d9acff98d9c64a770
> Signed-off-by: Anmol Karn <anmol.karan...@gmail.com>
I think the correct fix for this was already applied to net-next as:
commit db972e532518 ("ethtool: strset: allow ETHTOOL_A_STRSET_COUNTS_ONLY
attr")
