lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [thread-next>] [day] [month] [year] [list] 
Date:   Tue, 7 Jul 2020 10:37:30 +0100
From:   James Chapman <jchapman@...alix.com>
To:     bpf@...r.kernel.org, kafai@...com
Cc:     netdev@...r.kernel.org
Subject: bpf's usage of sk_user_data

I'm investigating a crash found by syzbot which turns out to be caused
by bpf_sk_reuseport_detach assuming ownership of sk_user_data in the
UDP socket destroy path and corrupts metadata of a UDP socket user (l2tp).

Here's the syzbot report:
https://syzkaller.appspot.com/bug?extid=9f092552ba9a5efca5df

I submitted a patch to l2tp to workaround this by having l2tp refuse
to use a UDP socket with SO_REUSEPORT set. But this isn't the right
fix. Can BPF be changed to store its metadata elsewhere such that
other socket users which use sk_user_data can co-exist with BPF?

The email thread discussing this is at:
https://lore.kernel.org/netdev/20200706.124536.774178117550894539.davem@davemloft.net/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ