Message ID | 20240725214049.2439-1-aha310510@gmail.com (mailing list archive) |
---|---|
State | Accepted |
Commit | 9da49aa80d686582bc3a027112a30484c9be6b6e |
Delegated to: | Netdev Maintainers |
Headers | show |
Series | [net] tun: Add missing bpf_net_ctx_clear() in do_xdp_generic() | expand |
On Fri, Jul 26, 2024 at 5:41 AM Jeongjun Park <aha310510@gmail.com> wrote: > > There are cases where do_xdp_generic returns bpf_net_context without > clearing it. This causes various memory corruptions, so the missing > bpf_net_ctx_clear must be added. > > Reported-by: syzbot+44623300f057a28baf1e@syzkaller.appspotmail.com > Fixes: fecef4cd42c6 ("tun: Assign missing bpf_net_context.") > Signed-off-by: Jeongjun Park <aha310510@gmail.com> Acked-by: Jason Wang <jasowang@redhat.com> (Looks like the do_xdp_generic() needs some tweak for example we can merge the two paths for XDP_DROP at least). Thanks > --- > net/core/dev.c | 1 + > 1 file changed, 1 insertion(+) > > diff --git a/net/core/dev.c b/net/core/dev.c > index 6ea1d20676fb..751d9b70e6ad 100644 > --- a/net/core/dev.c > +++ b/net/core/dev.c > @@ -5150,6 +5150,7 @@ int do_xdp_generic(struct bpf_prog *xdp_prog, struct sk_buff **pskb) > bpf_net_ctx_clear(bpf_net_ctx); > return XDP_DROP; > } > + bpf_net_ctx_clear(bpf_net_ctx); > } > return XDP_PASS; > out_redir: > -- >
On Thu, Jul 25, 2024 at 10:21 PM Jason Wang <jasowang@redhat.com> wrote: > > On Fri, Jul 26, 2024 at 5:41 AM Jeongjun Park <aha310510@gmail.com> wrote: > > > > There are cases where do_xdp_generic returns bpf_net_context without > > clearing it. This causes various memory corruptions, so the missing > > bpf_net_ctx_clear must be added. > > > > Reported-by: syzbot+44623300f057a28baf1e@syzkaller.appspotmail.com > > Fixes: fecef4cd42c6 ("tun: Assign missing bpf_net_context.") > > Signed-off-by: Jeongjun Park <aha310510@gmail.com> > > Acked-by: Jason Wang <jasowang@redhat.com> Reviewed-by: Willem de Bruijn <willemb@google.com>
On Fri, 26 Jul 2024 06:40:49 +0900 Jeongjun Park wrote: > There are cases where do_xdp_generic returns bpf_net_context without > clearing it. This causes various memory corruptions, so the missing > bpf_net_ctx_clear must be added. > > Reported-by: syzbot+44623300f057a28baf1e@syzkaller.appspotmail.com > Fixes: fecef4cd42c6 ("tun: Assign missing bpf_net_context.") > Signed-off-by: Jeongjun Park <aha310510@gmail.com> Also likely: Reported-by: syzbot+3c2b6d5d4bec3b904933@syzkaller.appspotmail.com Reported-by: syzbot+707d98c8649695eaf329@syzkaller.appspotmail.com Right?
Jakub Kicinski wrote: > > On Fri, 26 Jul 2024 06:40:49 +0900 Jeongjun Park wrote: > > There are cases where do_xdp_generic returns bpf_net_context without > > clearing it. This causes various memory corruptions, so the missing > > bpf_net_ctx_clear must be added. > > > > Reported-by: syzbot+44623300f057a28baf1e@syzkaller.appspotmail.com > > Fixes: fecef4cd42c6 ("tun: Assign missing bpf_net_context.") > > Signed-off-by: Jeongjun Park <aha310510@gmail.com> > > Also likely: > > Reported-by: syzbot+3c2b6d5d4bec3b904933@syzkaller.appspotmail.com > Reported-by: syzbot+707d98c8649695eaf329@syzkaller.appspotmail.com > > Right? Yes, both appear to be bugs with the same root cause. Regards, Jeongjun Park
On Fri, 26 Jul 2024 06:40:49 +0900 Jeongjun Park wrote: > There are cases where do_xdp_generic returns bpf_net_context without > clearing it. This causes various memory corruptions, so the missing > bpf_net_ctx_clear must be added. > > Reported-by: syzbot+44623300f057a28baf1e@syzkaller.appspotmail.com > Fixes: fecef4cd42c6 ("tun: Assign missing bpf_net_context.") > Signed-off-by: Jeongjun Park <aha310510@gmail.com> Reported-by: syzbot+c226757eb784a9da3e8b@syzkaller.appspotmail.com Reported-by: syzbot+61a1cfc2b6632363d319@syzkaller.appspotmail.com Reported-by: syzbot+709e4c85c904bcd62735@syzkaller.appspotmail.com After searching, I found reports with the same root cause, so I added them.
Hello: This patch was applied to netdev/net.git (main) by David S. Miller <davem@davemloft.net>: On Fri, 26 Jul 2024 06:40:49 +0900 you wrote: > There are cases where do_xdp_generic returns bpf_net_context without > clearing it. This causes various memory corruptions, so the missing > bpf_net_ctx_clear must be added. > > Reported-by: syzbot+44623300f057a28baf1e@syzkaller.appspotmail.com > Fixes: fecef4cd42c6 ("tun: Assign missing bpf_net_context.") > Signed-off-by: Jeongjun Park <aha310510@gmail.com> > > [...] Here is the summary with links: - [net] tun: Add missing bpf_net_ctx_clear() in do_xdp_generic() https://git.kernel.org/netdev/net/c/9da49aa80d68 You are awesome, thank you!
diff --git a/net/core/dev.c b/net/core/dev.c index 6ea1d20676fb..751d9b70e6ad 100644 --- a/net/core/dev.c +++ b/net/core/dev.c @@ -5150,6 +5150,7 @@ int do_xdp_generic(struct bpf_prog *xdp_prog, struct sk_buff **pskb) bpf_net_ctx_clear(bpf_net_ctx); return XDP_DROP; } + bpf_net_ctx_clear(bpf_net_ctx); } return XDP_PASS; out_redir:
There are cases where do_xdp_generic returns bpf_net_context without clearing it. This causes various memory corruptions, so the missing bpf_net_ctx_clear must be added. Reported-by: syzbot+44623300f057a28baf1e@syzkaller.appspotmail.com Fixes: fecef4cd42c6 ("tun: Assign missing bpf_net_context.") Signed-off-by: Jeongjun Park <aha310510@gmail.com> --- net/core/dev.c | 1 + 1 file changed, 1 insertion(+) --