lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [day] [month] [year] [list] 
Message-ID: <f0d16818-1a0a-01ab-d3d2-3c41fc548c7f@iogearbox.net>
Date:   Tue, 23 Jan 2018 17:35:26 +0100
From:   Daniel Borkmann <daniel@...earbox.net>
To:     Eric Dumazet <eric.dumazet@...il.com>, Yonghong Song <yhs@...com>,
        ast@...com, netdev@...r.kernel.org
Cc:     kernel-team@...com
Subject: Re: [PATCH bpf-next] bpf: fix incorrect kmalloc usage in lpm_trie
 MAP_GET_NEXT_KEY rcu region

On 01/23/2018 04:50 PM, Eric Dumazet wrote:
> On Mon, 2018-01-22 at 22:53 -0800, Yonghong Song wrote:
>> In commit b471f2f1de8b ("bpf: implement MAP_GET_NEXT_KEY command for LPM_TRIE map"),
>> the implemented MAP_GET_NEXT_KEY callback function is guarded with rcu read lock.
>> In the function body, "kmalloc(size, GFP_USER | __GFP_NOWARN)" is used which may
>> sleep and violate rcu read lock region requirements. This patch fixed the issue
>> by using GFP_ATOMIC instead to avoid blocking kmalloc. Tested with
>> CONFIG_DEBUG_ATOMIC_SLEEP=y as suggested by Eric Dumazet.
>>
>> Fixes: b471f2f1de8b ("bpf: implement MAP_GET_NEXT_KEY command for LPM_TRIE map")
>> Signed-off-by: Yonghong Song <yhs@...com>
> 
> Reported-by: syzbot <syzkaller@...glegroups.com>
> Reviewed-by: Eric Dumazet <edumazet@...gle.com>

Applied to bpf-next, thanks everyone!

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ