Hi Martin, On 2023-09-15 at 09:02:18 -0700, Martin KaFai Lau wrote: > On 9/14/23 8:46 PM, Pengfei Xu wrote: > > Hi Stanislav, > > > > Greeting! > > > > There is general protection fault in bpf_prog_offload_verifier_prep in > > v6.6-rc1 kernel. > > > > All detailed info: https://github.com/xupengfe/syzkaller_logs/tree/main/230914_154711_bpf_prog_offload_verifier_prep > > Syzkaller reproduced code: https://github.com/xupengfe/syzkaller_logs/blob/main/230914_154711_bpf_prog_offload_verifier_prep/repro.c > > Syzkaller reproduced steps: https://github.com/xupengfe/syzkaller_logs/blob/main/230914_154711_bpf_prog_offload_verifier_prep/repro.prog > > Bisect info: https://github.com/xupengfe/syzkaller_logs/blob/main/230914_154711_bpf_prog_offload_verifier_prep/bisect_info.log > > Issue dmesg: https://github.com/xupengfe/syzkaller_logs/blob/main/230914_154711_bpf_prog_offload_verifier_prep/0bb80ecc33a8fb5a682236443c1e740d5c917d1d_dmesg.log > > bzImage: https://github.com/xupengfe/syzkaller_logs/raw/main/230914_154711_bpf_prog_offload_verifier_prep/bzImage_0bb80ecc33a8fb5a682236443c1e740d5c917d1d.tar.gz > > Kconfig: https://github.com/xupengfe/syzkaller_logs/blob/main/230914_154711_bpf_prog_offload_verifier_prep/kconfig_origin > > > > Bisected and found suspected commit is: > > 2b3486bc2d23 bpf: Introduce device-bound XDP programs > > Thanks for the report. > > It has just been fixed in the following commit in the bpf tree: Thanks for hints! I will check Linux kernel community email carefully for the same issue report next time. I have tested the below fixed patch on top of v6.6-rc1 by kernel: 6.6.0-rc1-kvm-bpf-dirty, this issue in this email was gone, it's fixed by below patch. Best Regards, Thanks! > > commit 1a49f4195d3498fe458a7f5ff7ec5385da70d92e > Author: Eduard Zingerman <eddyz87@xxxxxxxxx> > Date: Mon Sep 11 17:55:37 2023 > > bpf: Avoid dummy bpf_offload_netdev in __bpf_prog_dev_bound_init > > Fix for a bug observable under the following sequence of events: > 1. Create a network device that does not support XDP offload. > 2. Load a device bound XDP program with BPF_F_XDP_DEV_BOUND_ONLY flag > (such programs are not offloaded). > 3. Load a device bound XDP program with zero flags > (such programs are offloaded). > > At step (2) __bpf_prog_dev_bound_init() associates with device (1) > a dummy bpf_offload_netdev struct with .offdev field set to NULL. > At step (3) __bpf_prog_dev_bound_init() would reuse dummy struct > allocated at step (2). > However, downstream usage of the bpf_offload_netdev assumes that > .offdev field can't be NULL, e.g. in bpf_prog_offload_verifier_prep(). > > Adjust __bpf_prog_dev_bound_init() to require bpf_offload_netdev > with non-NULL .offdev for offloaded BPF programs. > > Fixes: 2b3486bc2d23 ("bpf: Introduce device-bound XDP programs") > Reported-by: syzbot+291100dcb32190ec02a8@xxxxxxxxxxxxxxxxxxxxxxxxx > Closes: https://lore.kernel.org/bpf/000000000000d97f3c060479c4f8@xxxxxxxxxx/ > Signed-off-by: Eduard Zingerman <eddyz87@xxxxxxxxx> > Link: https://lore.kernel.org/r/20230912005539.2248244-2-eddyz87@xxxxxxxxx > Signed-off-by: Martin KaFai Lau <martin.lau@xxxxxxxxxx> >
