Re: pull-request: bpf 2023-11-30

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



Eric Dumazet wrote:
> On Thu, Nov 30, 2023 at 5:04 PM Eric Dumazet <edumazet@xxxxxxxxxx> wrote:
> >
> 
> > Here is the repro:
> >
> > # See https://goo.gl/kgGztJ for information about syzkaller reproducers.
> > #{"procs":1,"slowdown":1,"sandbox":"","sandbox_arg":0,"close_fds":false}
> > r0 = socket(0x1, 0x1, 0x0)
> > r1 = bpf$MAP_CREATE(0x0, &(0x7f0000000200)=@base={0xf, 0x4, 0x4, 0x12}, 0x48)
> > bpf$MAP_UPDATE_ELEM(0x2, &(0x7f0000000140)={r1, &(0x7f0000000000),
> > &(0x7f0000000100)=@tcp6=r0}, 0x20)
> >
> > I will release the syzbot report, and send the patch, thanks.
> 
> Actually I will release the syzbot report, and let you work on a fix,
> perhaps as you pointed out we could be more restrictive.

Thanks, I think just fixing the null ptr deref is probably not enough because
that socket could be connected() after that and then we get back to the original
issue where we don't hold a ref on the peer sock. I'll just block adding non
established af_unix socks to the map and if someone wants to support unconnected
sockets they can add support for it then.




[Index of Archives]     [Linux Samsung SoC]     [Linux Rockchip SoC]     [Linux Actions SoC]     [Linux for Synopsys ARC Processors]     [Linux NFS]     [Linux NILFS]     [Linux USB Devel]     [Video for Linux]     [Linux Audio Users]     [Yosemite News]     [Linux Kernel]     [Linux SCSI]


  Powered by Linux