On 8/8/20 1:16 AM, Paul Hollinsky wrote: > xdp->txq was uninitialized and could be used from within a bpf program. The verifier prevents access to txq except by programs of type BPF_XDP_DEVMAP and those can not be run via xdp generic. ie., generic can not access txq. > > https://syzkaller.appspot.com/bug?id=a6e53f8e9044ea456ea1636be970518ae6ba7f62 > > Signed-off-by: Paul Hollinsky <phollinsky@xxxxxxxxxxxxxx> > --- > net/core/dev.c | 2 ++ > 1 file changed, 2 insertions(+) > > diff --git a/net/core/dev.c b/net/core/dev.c > index 7df6c9617321..12be8fef8b7e 100644 > --- a/net/core/dev.c > +++ b/net/core/dev.c > @@ -4649,6 +4649,8 @@ static u32 netif_receive_generic_xdp(struct sk_buff *skb, > rxqueue = netif_get_rxqueue(skb); > xdp->rxq = &rxqueue->xdp_rxq; > > + xdp->txq = NULL; > + > act = bpf_prog_run_xdp(xdp_prog, xdp); > > /* check if bpf_xdp_adjust_head was used */ >
