lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [day] [month] [year] [list] 
Date:   Tue, 7 Jul 2020 11:32:31 -0700
From:   Martin KaFai Lau <kafai@...com>
To:     James Chapman <jchapman@...alix.com>
CC:     <bpf@...r.kernel.org>, <netdev@...r.kernel.org>
Subject: Re: bpf's usage of sk_user_data

On Tue, Jul 07, 2020 at 10:37:30AM +0100, James Chapman wrote:
> I'm investigating a crash found by syzbot which turns out to be caused
> by bpf_sk_reuseport_detach assuming ownership of sk_user_data in the
> UDP socket destroy path and corrupts metadata of a UDP socket user (l2tp).
> 
> Here's the syzbot report:
> https://urldefense.proofpoint.com/v2/url?u=https-3A__syzkaller.appspot.com_bug-3Fextid-3D9f092552ba9a5efca5df&d=DwIBAg&c=5VD0RTtNlTh3ycd41b3MUw&r=VQnoQ7LvghIj0gVEaiQSUw&m=p6aRc9baiGL-RnWqirYKbVXROY5Qc1x4T5-HWjxEp0g&s=mPnfVsw-U-eTV_dezjfYUahIbSiW8wEg4jC44e-mris&e= 
> 
> I submitted a patch to l2tp to workaround this by having l2tp refuse
> to use a UDP socket with SO_REUSEPORT set. But this isn't the right
> fix. Can BPF be changed to store its metadata elsewhere such that
> other socket users which use sk_user_data can co-exist with BPF?
> 
> The email thread discussing this is at:
> https://lore.kernel.org/netdev/20200706.124536.774178117550894539.davem@davemloft.net/
I have replied on the original thread.  Thanks.

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ