On Thu, Oct 05, 2023 at 12:49:23AM +0200, Daniel Borkmann wrote: [...] > > > > Reported-and-tested-by: syzbot+fae676d3cf469331fc89@xxxxxxxxxxxxxxxxxxxxxxxxx > > Closes: https://lore.kernel.org/all/000000000000c84b4705fb31741e@xxxxxxxxxx/T/ > > Link: https://syzkaller.appspot.com/bug?extid=fae676d3cf469331fc89 > > Fixes: 9f78bf330a66 ("xsk: support use vaddr as ring") > > Signed-off-by: Andrew Kanner <andrew.kanner@xxxxxxxxx> > > I guess also: > > Reported-by: syzbot+b132693e925cbbd89e26@xxxxxxxxxxxxxxxxxxxxxxxxx > > Moreover, this fix is needed in bpf/net tree (as opposed to *-next tree), right? > Seems, so - I will check. > > net/xdp/xsk_queue.c | 3 +++ > > 1 file changed, 3 insertions(+) > > > > diff --git a/net/xdp/xsk_queue.c b/net/xdp/xsk_queue.c > > index f8905400ee07..b03d1bfb6978 100644 > > --- a/net/xdp/xsk_queue.c > > +++ b/net/xdp/xsk_queue.c > > @@ -34,6 +34,9 @@ struct xsk_queue *xskq_create(u32 nentries, bool umem_queue) > > q->ring_mask = nentries - 1; > > size = xskq_get_ring_size(q, umem_queue); > > + if (unlikely(size == SIZE_MAX)) > > + return NULL; > > Doesn't this leak q here ? > > > size = PAGE_ALIGN(size); > > q->ring = vmalloc_user(size); > > > It is. Thanks, Daniel, I will fix it in v3. pw-bot: cr -- Andrew Kanner
