On Tue, Apr 25, 2017 at 10:55 AM, David Miller <da...@davemloft.net> wrote: > From: Alexander Potapenko <gli...@google.com> > Date: Tue, 25 Apr 2017 15:18:27 +0200 > >> rawv6_send_hdrinc() expects that the buffer copied from the userspace >> contains the IPv6 header, so if too few bytes are copied parts of the >> header may remain uninitialized. >> >> This bug has been detected with KMSAN. >> >> Signed-off-by: Alexander Potapenko <gli...@google.com> > > Hmmm, ipv4 seems to lack this check as well. > > I think we need to be careful here and fully understand why KMSAN doesn't > seem to be triggering in the ipv4 case but for ipv6 it is before I apply > this.
This could be a bug in nf_ct_frag6_gather() missing one pskb_may_pull()