Re: [syzbot] [bpf?] [net?] general protection fault in dev_map_enqueue

From: Edward Adam Davis
Date: Sat Mar 30 2024 - 21:31:53 EST

Next message: Dmitry Baryshkov: "Re: [PATCH 5/7] clk: qcom: Add CAMCC driver support for SM4450"
Previous message: Dmitry Baryshkov: "Re: [PATCH 3/7] clk: qcom: Add DISPCC driver support for SM4450"
In reply to: syzbot: "Re: [syzbot] [bpf?] [net?] general protection fault in dev_map_enqueue"
Next in thread: syzbot: "Re: [syzbot] [bpf?] [net?] general protection fault in dev_map_enqueue"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

please test null ptr deref in dev_map_enqueue

#syz test https://git.kernel.org/pub/scm/linux/kernel/git/bpf/bpf.git 443574b03387

diff --git a/kernel/bpf/devmap.c b/kernel/bpf/devmap.c
index 4e2cdbb5629f..ef20de14154a 100644
--- a/kernel/bpf/devmap.c
+++ b/kernel/bpf/devmap.c
@@ -86,6 +86,7 @@ struct bpf_dtab {
static DEFINE_PER_CPU(struct list_head, dev_flush_list);
static DEFINE_SPINLOCK(dev_map_lock);
static LIST_HEAD(dev_map_list);
+static bool is_valid_dst(struct bpf_dtab_netdev *obj, struct xdp_frame *xdpf);

static struct hlist_head *dev_map_create_hash(unsigned int entries,
int numa_node)
@@ -536,7 +537,10 @@ int dev_xdp_enqueue(struct net_device *dev, struct xdp_frame *xdpf,
int dev_map_enqueue(struct bpf_dtab_netdev *dst, struct xdp_frame *xdpf,
struct net_device *dev_rx)
{
- struct net_device *dev = dst->dev;
+ struct net_device *dev;
+ if (!is_valid_dst(dst, xdpf))
+ return -EINVAL;
+ dev = dst->dev;

return __xdp_enqueue(dev, xdpf, dev_rx, dst->xdp_prog);
}

Next message: Dmitry Baryshkov: "Re: [PATCH 5/7] clk: qcom: Add CAMCC driver support for SM4450"
Previous message: Dmitry Baryshkov: "Re: [PATCH 3/7] clk: qcom: Add DISPCC driver support for SM4450"
In reply to: syzbot: "Re: [syzbot] [bpf?] [net?] general protection fault in dev_map_enqueue"
Next in thread: syzbot: "Re: [syzbot] [bpf?] [net?] general protection fault in dev_map_enqueue"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]