From: syzbot <syzbot+61a1cfc2b6632363d319@syzkaller.appspotmail.com>
To: linux-kernel@vger.kernel.org
Subject: Re: [syzbot] Re: [syzbot] [bpf?] [net?] general protection fault in __xsk_map_flush
Date: Mon, 22 Jul 2024 07:57:42 -0700 [thread overview]
Message-ID: <0000000000005a4c84061dd744dd@google.com> (raw)
In-Reply-To: <000000000000e8fcab061d53308f@google.com>
For archival purposes, forwarding an incoming command email to
linux-kernel@vger.kernel.org.
***
Subject: Re: [syzbot] [bpf?] [net?] general protection fault in __xsk_map_flush
Author: aha310510@gmail.com
#syz test git://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git master
---
include/linux/filter.h | 6 +++---
kernel/bpf/cpumap.c | 2 +-
kernel/bpf/devmap.c | 2 +-
3 files changed, 5 insertions(+), 5 deletions(-)
diff --git a/include/linux/filter.h b/include/linux/filter.h
index b6672ff61407..22691015d175 100644
--- a/include/linux/filter.h
+++ b/include/linux/filter.h
@@ -842,15 +842,15 @@ static inline void bpf_net_ctx_get_all_used_flush_lists(struct list_head **lh_ma
if (!IS_ENABLED(CONFIG_BPF_SYSCALL))
return;
- lh = &bpf_net_ctx->dev_map_flush_list;
+ lh = this_cpu_ptr(&bpf_net_ctx->dev_map_flush_list);
if (kern_flags & BPF_RI_F_DEV_MAP_INIT && !list_empty(lh))
*lh_dev = lh;
- lh = &bpf_net_ctx->cpu_map_flush_list;
+ lh = this_cpu_ptr(&bpf_net_ctx->cpu_map_flush_list);
if (kern_flags & BPF_RI_F_CPU_MAP_INIT && !list_empty(lh))
*lh_map = lh;
- lh = &bpf_net_ctx->xskmap_map_flush_list;
+ lh = this_cpu_ptr(&bpf_net_ctx->xskmap_map_flush_list);
if (IS_ENABLED(CONFIG_XDP_SOCKETS) &&
kern_flags & BPF_RI_F_XSK_MAP_INIT && !list_empty(lh))
*lh_xsk = lh;
diff --git a/kernel/bpf/cpumap.c b/kernel/bpf/cpumap.c
index fbdf5a1aabfe..8fccc311397c 100644
--- a/kernel/bpf/cpumap.c
+++ b/kernel/bpf/cpumap.c
@@ -676,7 +676,7 @@ static void bq_flush_to_queue(struct xdp_bulk_queue *bq)
struct ptr_ring *q;
int i;
- if (unlikely(!bq->count))
+ if (unlikely(!bq->count) || unlikely(bq->count) > CPU_MAP_BULK_SIZE)
return;
q = rcpu->queue;
diff --git a/kernel/bpf/devmap.c b/kernel/bpf/devmap.c
index 9e0e3b0a18e4..4b9203deb711 100644
--- a/kernel/bpf/devmap.c
+++ b/kernel/bpf/devmap.c
@@ -378,7 +378,7 @@ static void bq_xmit_all(struct xdp_dev_bulk_queue *bq, u32 flags)
int to_send = cnt;
int i;
- if (unlikely(!cnt))
+ if (unlikely(!cnt) || unlikely(cnt) > DEV_MAP_BULK_SIZE)
return;
for (i = 0; i < cnt; i++) {
--
next prev parent reply other threads:[~2024-07-22 14:57 UTC|newest]
Thread overview: 5+ messages / expand[flat|nested] mbox.gz Atom feed top
2024-07-16 1:23 [syzbot] [bpf?] [net?] general protection fault in __xsk_map_flush syzbot
2024-07-22 12:53 ` [syzbot] " syzbot
2024-07-22 14:49 ` syzbot
2024-07-22 14:57 ` syzbot [this message]
2024-07-22 16:12 ` syzbot
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=0000000000005a4c84061dd744dd@google.com \
--to=syzbot+61a1cfc2b6632363d319@syzkaller.appspotmail.com \
--cc=linux-kernel@vger.kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.