lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Date: Thu, 30 Nov 2023 15:53:29 +0100
From: Eric Dumazet <edumazet@...gle.com>
To: Daniel Borkmann <daniel@...earbox.net>
Cc: davem@...emloft.net, kuba@...nel.org, pabeni@...hat.com, ast@...nel.org, 
	andrii@...nel.org, martin.lau@...ux.dev, netdev@...r.kernel.org, 
	bpf@...r.kernel.org
Subject: Re: pull-request: bpf 2023-11-30

On Thu, Nov 30, 2023 at 12:49 AM Daniel Borkmann <daniel@...earbox.net> wrote:
>
> Hi David, hi Jakub, hi Paolo, hi Eric,
>
> The following pull-request contains BPF updates for your *net* tree.
>
> We've added 5 non-merge commits during the last 7 day(s) which contain
> a total of 10 files changed, 66 insertions(+), 15 deletions(-).
>
> The main changes are:
>
> 1) Fix AF_UNIX splat from use after free in BPF sockmap, from John Fastabend.


syzbot is not happy with this patch.

Would the following fix make sense?

diff --git a/net/unix/unix_bpf.c b/net/unix/unix_bpf.c
index 7ea7c3a0d0d06224f49ad5f073bf772b9528a30a..58e89361059fbf9d5942c6dd268dd80ac4b57098
100644
--- a/net/unix/unix_bpf.c
+++ b/net/unix/unix_bpf.c
@@ -168,7 +168,8 @@ int unix_stream_bpf_update_proto(struct sock *sk,
struct sk_psock *psock, bool r
        }

        sk_pair = unix_peer(sk);
-       sock_hold(sk_pair);
+       if (sk_pair)
+               sock_hold(sk_pair);
        psock->sk_pair = sk_pair;
        unix_stream_bpf_check_needs_rebuild(psock->sk_proto);
        sock_replace_proto(sk, &unix_stream_bpf_prot);


>
> 2) Fix a syzkaller splat in netdevsim by properly handling offloaded programs (and
>    not device-bound ones), from Stanislav Fomichev.
>
> 3) Fix bpf_mem_cache_alloc_flags() to initialize the allocation hint, from Hou Tao.
>
> 4) Fix netkit by rejecting IFLA_NETKIT_PEER_INFO in changelink, from Daniel Borkmann.
>
> Please consider pulling these changes from:
>
>   git://git.kernel.org/pub/scm/linux/kernel/git/bpf/bpf.git tags/for-netdev
>
> Thanks a lot!
>
> Also thanks to reporters, reviewers and testers of commits in this pull-request:
>
> Jakub Kicinski, Jakub Sitnicki, Nikolay Aleksandrov, Yonghong Song
>
> ----------------------------------------------------------------
>
> The following changes since commit d3fa86b1a7b4cdc4367acacea16b72e0a200b3d7:
>
>   Merge tag 'net-6.7-rc3' of git://git.kernel.org/pub/scm/linux/kernel/git/netdev/net (2023-11-23 10:40:13 -0800)
>
> are available in the Git repository at:
>
>   https://git.kernel.org/pub/scm/linux/kernel/git/bpf/bpf.git tags/for-netdev
>
> for you to fetch changes up to 51354f700d400e55b329361e1386b04695e6e5c1:
>
>   bpf, sockmap: Add af_unix test with both sockets in map (2023-11-30 00:25:25 +0100)
>
> ----------------------------------------------------------------
> bpf-for-netdev
>
> ----------------------------------------------------------------
> Daniel Borkmann (1):
>       netkit: Reject IFLA_NETKIT_PEER_INFO in netkit_change_link
>
> Hou Tao (1):
>       bpf: Add missed allocation hint for bpf_mem_cache_alloc_flags()
>
> John Fastabend (2):
>       bpf, sockmap: af_unix stream sockets need to hold ref for pair sock
>       bpf, sockmap: Add af_unix test with both sockets in map
>
> Stanislav Fomichev (1):
>       netdevsim: Don't accept device bound programs
>
>  drivers/net/netdevsim/bpf.c                        |  4 +-
>  drivers/net/netkit.c                               |  6 +++
>  include/linux/skmsg.h                              |  1 +
>  include/net/af_unix.h                              |  1 +
>  kernel/bpf/memalloc.c                              |  2 +
>  net/core/skmsg.c                                   |  2 +
>  net/unix/af_unix.c                                 |  2 -
>  net/unix/unix_bpf.c                                |  5 +++
>  .../selftests/bpf/prog_tests/sockmap_listen.c      | 51 +++++++++++++++++-----
>  .../selftests/bpf/progs/test_sockmap_listen.c      |  7 +++
>  10 files changed, 66 insertions(+), 15 deletions(-)

Powered by blists - more mailing lists