From mboxrd@z Thu Jan 1 00:00:00 1970 From: David Miller Subject: Re: [PATCH net-next] udp: fix jump label misuse Date: Fri, 16 Nov 2018 23:02:22 -0800 (PST) Message-ID: <20181116.230222.206906047899209462.davem@davemloft.net> References: Mime-Version: 1.0 Content-Type: Text/Plain; charset=us-ascii Content-Transfer-Encoding: 7bit Cc: netdev@vger.kernel.org, willemb@google.com, eric.dumazet@gmail.com To: pabeni@redhat.com Return-path: Received: from shards.monkeyblade.net ([23.128.96.9]:50912 "EHLO shards.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1725810AbeKQRS2 (ORCPT ); Sat, 17 Nov 2018 12:18:28 -0500 In-Reply-To: Sender: netdev-owner@vger.kernel.org List-ID: From: Paolo Abeni Date: Thu, 15 Nov 2018 02:34:50 +0100 > The commit 60fb9567bf30 ("udp: implement complete book-keeping for > encap_needed") introduced a severe misuse of jump label APIs, which > syzbot, as reported by Eric, was able to exploit. > > When multiple sockets/process can concurrently request (and than > disable) the udp encap, we need to track the activation counter with > *_inc()/*_dec() jump label variants, or we can experience bad things > at disable time. > > Fixes: 60fb9567bf30 ("udp: implement complete book-keeping for encap_needed") > Reported-by: Eric Dumazet > Signed-off-by: Paolo Abeni Applied, thanks Paolo.