From: patchwork-bot+netdevbpf@kernel.org
To: Cong Wang <xiyou.wangcong@gmail.com>
Cc: netdev@vger.kernel.org, bpf@vger.kernel.org,
cong.wang@bytedance.com,
syzbot+7b6548ae483d6f4c64ae@syzkaller.appspotmail.com,
john.fastabend@gmail.com, daniel@iogearbox.net,
jakub@cloudflare.com, lmb@cloudflare.com
Subject: Re: [Patch bpf-next] sock_map: fix a potential use-after-free in sock_map_close()
Date: Mon, 12 Apr 2021 15:40:09 +0000 [thread overview]
Message-ID: <161824200925.5298.15006225388105379863.git-patchwork-notify@kernel.org> (raw)
In-Reply-To: <20210408030556.45134-1-xiyou.wangcong@gmail.com>
Hello:
This patch was applied to bpf/bpf-next.git (refs/heads/master):
On Wed, 7 Apr 2021 20:05:56 -0700 you wrote:
> From: Cong Wang <cong.wang@bytedance.com>
>
> The last refcnt of the psock can be gone right after
> sock_map_remove_links(), so sk_psock_stop() could trigger a UAF.
> The reason why I placed sk_psock_stop() there is to avoid RCU read
> critical section, and more importantly, some callee of
> sock_map_remove_links() is supposed to be called with RCU read lock,
> we can not simply get rid of RCU read lock here. Therefore, the only
> choice we have is to grab an additional refcnt with sk_psock_get()
> and put it back after sk_psock_stop().
>
> [...]
Here is the summary with links:
- [bpf-next] sock_map: fix a potential use-after-free in sock_map_close()
https://git.kernel.org/bpf/bpf-next/c/aadb2bb83ff7
You are awesome, thank you!
--
Deet-doot-dot, I am a bot.
https://korg.docs.kernel.org/patchwork/pwbot.html
prev parent reply other threads:[~2021-04-12 15:40 UTC|newest]
Thread overview: 6+ messages / expand[flat|nested] mbox.gz Atom feed top
2021-04-08 3:05 [Patch bpf-next] sock_map: fix a potential use-after-free in sock_map_close() Cong Wang
2021-04-09 0:26 ` John Fastabend
2021-04-09 4:08 ` Cong Wang
2021-04-09 19:42 ` John Fastabend
2021-04-12 8:56 ` Jakub Sitnicki
2021-04-12 15:40 ` patchwork-bot+netdevbpf [this message]
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=161824200925.5298.15006225388105379863.git-patchwork-notify@kernel.org \
--to=patchwork-bot+netdevbpf@kernel.org \
--cc=bpf@vger.kernel.org \
--cc=cong.wang@bytedance.com \
--cc=daniel@iogearbox.net \
--cc=jakub@cloudflare.com \
--cc=john.fastabend@gmail.com \
--cc=lmb@cloudflare.com \
--cc=netdev@vger.kernel.org \
--cc=syzbot+7b6548ae483d6f4c64ae@syzkaller.appspotmail.com \
--cc=xiyou.wangcong@gmail.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.