lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Message-ID: <edef4d8b-8682-c23f-31c4-57546be97299@iogearbox.net>
Date: Thu, 30 Nov 2023 16:04:22 +0100
From: Daniel Borkmann <daniel@...earbox.net>
To: Eric Dumazet <edumazet@...gle.com>
Cc: davem@...emloft.net, kuba@...nel.org, pabeni@...hat.com, ast@...nel.org,
 andrii@...nel.org, martin.lau@...ux.dev, netdev@...r.kernel.org,
 bpf@...r.kernel.org, john.fastabend@...il.com, jakub@...udflare.com
Subject: Re: pull-request: bpf 2023-11-30

On 11/30/23 3:53 PM, Eric Dumazet wrote:
> On Thu, Nov 30, 2023 at 12:49 AM Daniel Borkmann <daniel@...earbox.net> wrote:
>>
>> Hi David, hi Jakub, hi Paolo, hi Eric,
>>
>> The following pull-request contains BPF updates for your *net* tree.
>>
>> We've added 5 non-merge commits during the last 7 day(s) which contain
>> a total of 10 files changed, 66 insertions(+), 15 deletions(-).
>>
>> The main changes are:
>>
>> 1) Fix AF_UNIX splat from use after free in BPF sockmap, from John Fastabend.
> 
> syzbot is not happy with this patch.
> 
> Would the following fix make sense?
> 
> diff --git a/net/unix/unix_bpf.c b/net/unix/unix_bpf.c
> index 7ea7c3a0d0d06224f49ad5f073bf772b9528a30a..58e89361059fbf9d5942c6dd268dd80ac4b57098
> 100644
> --- a/net/unix/unix_bpf.c
> +++ b/net/unix/unix_bpf.c
> @@ -168,7 +168,8 @@ int unix_stream_bpf_update_proto(struct sock *sk,
> struct sk_psock *psock, bool r
>          }
> 
>          sk_pair = unix_peer(sk);
> -       sock_hold(sk_pair);
> +       if (sk_pair)
> +               sock_hold(sk_pair);
>          psock->sk_pair = sk_pair;
>          unix_stream_bpf_check_needs_rebuild(psock->sk_proto);
>          sock_replace_proto(sk, &unix_stream_bpf_prot);
> 

Oh well :/ Above looks reasonable to me, thanks, but I'll defer to John & Jakub (both Cc'ed)
for a final look.

Thanks,
Daniel

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ