Re: [syzbot] [bpf?] [net?] general protection fault in dev_map_enqueue

From: Edward Adam Davis
Date: Wed Mar 27 2024 - 18:55:46 EST

Next message: Djalal Harouni: "[RFC PATCH bpf-next 2/3] bpf: add bpf_task_freeze_cgroup() to freeze the cgroup of a task"
Previous message: Djalal Harouni: "[RFC PATCH bpf-next 1/3] cgroup: add cgroup_freeze_no_kn() to freeze a cgroup from bpf"
In reply to: Toke Høiland-Jørgensen: "Re: [syzbot] [bpf?] [net?] general protection fault in dev_map_enqueue"
Next in thread: syzbot: "Re: [syzbot] [bpf?] [net?] general protection fault in dev_map_enqueue"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

please test null ptr deref in dev_map_enqueue

#syz test https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git 66a27abac311

diff --git a/net/core/filter.c b/net/core/filter.c
index 8adf95765cdd..721b85aebf58 100644
--- a/net/core/filter.c
+++ b/net/core/filter.c
@@ -4381,6 +4381,10 @@ static __always_inline int __xdp_do_redirect_frame(struct bpf_redirect_info *ri,
err = dev_map_enqueue_multi(xdpf, dev, map,
ri->flags & BPF_F_EXCLUDE_INGRESS);
} else {
+ if (unlikely(!fwd)) {
+ err = -EINVAL;
+ break;
+ }
err = dev_map_enqueue(fwd, xdpf, dev);
}
break;

Next message: Djalal Harouni: "[RFC PATCH bpf-next 2/3] bpf: add bpf_task_freeze_cgroup() to freeze the cgroup of a task"
Previous message: Djalal Harouni: "[RFC PATCH bpf-next 1/3] cgroup: add cgroup_freeze_no_kn() to freeze a cgroup from bpf"
In reply to: Toke Høiland-Jørgensen: "Re: [syzbot] [bpf?] [net?] general protection fault in dev_map_enqueue"
Next in thread: syzbot: "Re: [syzbot] [bpf?] [net?] general protection fault in dev_map_enqueue"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]