On Tue, Jan 4, 2022 at 1:21 AM Daniel Borkmann <daniel@xxxxxxxxxxxxx> wrote:
>
> Hi Eric, [ +Joanne, ]
>
> On 1/4/22 10:01 AM, Eric Dumazet wrote:
> > From: Eric Dumazet <edumazet@xxxxxxxxxx>
> >
> > It appears map_get_next_key() method is mandatory,
> > as syzbot is able to trigger a NULL deref in map_get_next_key().
> >
> > Fixes: 9330986c0300 ("bpf: Add bloom filter map implementation")
> > Reported-by: syzbot <syzkaller@xxxxxxxxxxxxxxxx>
> > Signed-off-by: Eric Dumazet <edumazet@xxxxxxxxxx>
> > Cc: Alexei Starovoitov <ast@xxxxxxxxxx>
> > Cc: Yonghong Song <yhs@xxxxxx>
>
> Thanks for your patch, this has recently been fixed:
>
> https://git.kernel.org/pub/scm/linux/kernel/git/netdev/net-next.git/commit/?id=3ccdcee28415c4226de05438b4d89eb5514edf73
>
> I'm not quite sure why it was applied to bpf-next instead of bpf (maybe assumption was
> that there would be no rc8 anymore), but I'd expect it to land in Linus' tree once merge
> window opens up on 9th Jan. In that case stable team would have to pick it up for 5.16.
>
Ah, this is why I could not find the fix in bpf or net tree, thanks.
> Thanks,
> Daniel
