lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [day] [month] [year] [list]
Date: Thu, 5 Oct 2023 10:35:56 +0300
From: Andrew Kanner <andrew.kanner@...il.com>
To: Daniel Borkmann <daniel@...earbox.net>
Cc: bjorn@...nel.org, magnus.karlsson@...el.com,
	maciej.fijalkowski@...el.com, jonathan.lemon@...il.com,
	davem@...emloft.net, edumazet@...gle.com, kuba@...nel.org,
	pabeni@...hat.com, aleksander.lobakin@...el.com,
	xuanzhuo@...ux.alibaba.com, ast@...nel.org, hawk@...nel.org,
	john.fastabend@...il.com,
	linux-kernel-mentees@...ts.linuxfoundation.org,
	netdev@...r.kernel.org, bpf@...r.kernel.org,
	linux-kernel@...r.kernel.org,
	syzbot+fae676d3cf469331fc89@...kaller.appspotmail.com
Subject: Re: [PATCH net-next v2] net/xdp: fix zero-size allocation warning in
 xskq_create()

On Thu, Oct 05, 2023 at 12:49:23AM +0200, Daniel Borkmann wrote:
[...]
> > 
> > Reported-and-tested-by: syzbot+fae676d3cf469331fc89@...kaller.appspotmail.com
> > Closes: https://lore.kernel.org/all/000000000000c84b4705fb31741e@google.com/T/
> > Link: https://syzkaller.appspot.com/bug?extid=fae676d3cf469331fc89
> > Fixes: 9f78bf330a66 ("xsk: support use vaddr as ring")
> > Signed-off-by: Andrew Kanner <andrew.kanner@...il.com>
> 
> I guess also:
> 
> Reported-by: syzbot+b132693e925cbbd89e26@...kaller.appspotmail.com
> 
> Moreover, this fix is needed in bpf/net tree (as opposed to *-next tree), right?
>

Seems, so - I will check.

> >   net/xdp/xsk_queue.c | 3 +++
> >   1 file changed, 3 insertions(+)
> > 
> > diff --git a/net/xdp/xsk_queue.c b/net/xdp/xsk_queue.c
> > index f8905400ee07..b03d1bfb6978 100644
> > --- a/net/xdp/xsk_queue.c
> > +++ b/net/xdp/xsk_queue.c
> > @@ -34,6 +34,9 @@ struct xsk_queue *xskq_create(u32 nentries, bool umem_queue)
> >   	q->ring_mask = nentries - 1;
> >   	size = xskq_get_ring_size(q, umem_queue);
> > +	if (unlikely(size == SIZE_MAX))
> > +		return NULL;
> 
> Doesn't this leak q here ?
> 
> >   	size = PAGE_ALIGN(size);
> >   	q->ring = vmalloc_user(size);
> > 
> 

It is.
Thanks, Daniel, I will fix it in v3. 

pw-bot: cr

--
Andrew Kanner

Powered by blists - more mailing lists