From: John Fastabend <john.fastabend@gmail.com>
To: Eric Dumazet <edumazet@google.com>,
John Fastabend <john.fastabend@gmail.com>
Cc: Daniel Borkmann <daniel@iogearbox.net>,
davem@davemloft.net, kuba@kernel.org, pabeni@redhat.com,
ast@kernel.org, andrii@kernel.org, martin.lau@linux.dev,
netdev@vger.kernel.org, bpf@vger.kernel.org,
jakub@cloudflare.com
Subject: Re: pull-request: bpf 2023-11-30
Date: Thu, 30 Nov 2023 15:37:58 -0800 [thread overview]
Message-ID: <65691cd64d044_16b8e208a0@john.notmuch> (raw)
In-Reply-To: <CANn89iJUwnYGKW3mgCX8_9hFwwBeDXrbsk-XwOtsM2u0J7cyMw@mail.gmail.com>
Eric Dumazet wrote:
> On Thu, Nov 30, 2023 at 5:04 PM Eric Dumazet <edumazet@google.com> wrote:
> >
>
> > Here is the repro:
> >
> > # See https://goo.gl/kgGztJ for information about syzkaller reproducers.
> > #{"procs":1,"slowdown":1,"sandbox":"","sandbox_arg":0,"close_fds":false}
> > r0 = socket(0x1, 0x1, 0x0)
> > r1 = bpf$MAP_CREATE(0x0, &(0x7f0000000200)=@base={0xf, 0x4, 0x4, 0x12}, 0x48)
> > bpf$MAP_UPDATE_ELEM(0x2, &(0x7f0000000140)={r1, &(0x7f0000000000),
> > &(0x7f0000000100)=@tcp6=r0}, 0x20)
> >
> > I will release the syzbot report, and send the patch, thanks.
>
> Actually I will release the syzbot report, and let you work on a fix,
> perhaps as you pointed out we could be more restrictive.
Thanks, I think just fixing the null ptr deref is probably not enough because
that socket could be connected() after that and then we get back to the original
issue where we don't hold a ref on the peer sock. I'll just block adding non
established af_unix socks to the map and if someone wants to support unconnected
sockets they can add support for it then.
prev parent reply other threads:[~2023-11-30 23:38 UTC|newest]
Thread overview: 8+ messages / expand[flat|nested] mbox.gz Atom feed top
2023-11-29 23:49 pull-request: bpf 2023-11-30 Daniel Borkmann
2023-11-30 3:50 ` patchwork-bot+netdevbpf
2023-11-30 14:53 ` Eric Dumazet
2023-11-30 15:04 ` Daniel Borkmann
2023-11-30 15:54 ` John Fastabend
2023-11-30 16:04 ` Eric Dumazet
2023-11-30 16:19 ` Eric Dumazet
2023-11-30 23:37 ` John Fastabend [this message]
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=65691cd64d044_16b8e208a0@john.notmuch \
--to=john.fastabend@gmail.com \
--cc=andrii@kernel.org \
--cc=ast@kernel.org \
--cc=bpf@vger.kernel.org \
--cc=daniel@iogearbox.net \
--cc=davem@davemloft.net \
--cc=edumazet@google.com \
--cc=jakub@cloudflare.com \
--cc=kuba@kernel.org \
--cc=martin.lau@linux.dev \
--cc=netdev@vger.kernel.org \
--cc=pabeni@redhat.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox