[<prev] [next>] [thread-next>] [day] [month] [year] [list]
Date: Tue, 7 Jul 2020 10:37:30 +0100
From: James Chapman <jchapman@...alix.com>
To: bpf@...r.kernel.org, kafai@...com
Cc: netdev@...r.kernel.org
Subject: bpf's usage of sk_user_data
I'm investigating a crash found by syzbot which turns out to be caused
by bpf_sk_reuseport_detach assuming ownership of sk_user_data in the
UDP socket destroy path and corrupts metadata of a UDP socket user (l2tp).
Here's the syzbot report:
https://syzkaller.appspot.com/bug?extid=9f092552ba9a5efca5df
I submitted a patch to l2tp to workaround this by having l2tp refuse
to use a UDP socket with SO_REUSEPORT set. But this isn't the right
fix. Can BPF be changed to store its metadata elsewhere such that
other socket users which use sk_user_data can co-exist with BPF?
The email thread discussing this is at:
https://lore.kernel.org/netdev/20200706.124536.774178117550894539.davem@davemloft.net/
Powered by blists - more mailing lists