On 10/18/24 6:47 PM, Eduard Zingerman wrote:
On Fri, 2024-10-18 at 13:03 +0200, Daniel Borkmann wrote:
[...]
Impressive that syzbot was able to generate this, and awesome analysis
as well as fix.
Thank you for taking a look. I was a bit surprised by syzbot
generating such program as well, but I guess this is an instance of
infinite monkey theorem...
I guess we should also add :
Reported-by: syzbot+7e46cdef14bf496a3ab4@xxxxxxxxxxxxxxxxxxxxxxxxx
Yes, we can do that. I was hesitant to add it because original report
was about a bug in mm/slub.c.
Ok, but as you mentioned the program was derived from this syzbot report,
so for reference, I think it's ok to mention it.
Can we also add a Fixes tag so that this can eventually be picked up
by stable? bpf tree would be the appropriate target, no?
The fixes tag can be:
Fixes: 2589726d12a1 ("bpf: introduce bounded loops")
Thanks!
But I'm a bit hesitant if this really a bug, maybe just add:
Cc: stable@xxxxxxxxxxxxxxx
If we have a proper Fixes tag, then stable will pick it up anyway, but ...
For an example of problematic program consider the code below,
w/o this patch the example is processed by verifier for ~15 minutes,
before failing to allocate big-enough chunk for jmp_history.
... would qualify for bpf tree imho.
Thanks,
Daniel
