mbox series

[bpf-next,0/2] Avoid dummy bpf_offload_netdev in __bpf_prog_dev_bound_init

Message ID 20230912005539.2248244-1-eddyz87@gmail.com (mailing list archive)
Headers show
Series Avoid dummy bpf_offload_netdev in __bpf_prog_dev_bound_init | expand

Message

Eduard Zingerman Sept. 12, 2023, 12:55 a.m. UTC 
For a device bound BPF program with flag BPF_F_XDP_DEV_BOUND_ONLY,
in case if device does not support offload, __bpf_prog_dev_bound_init()
creates a dummy bpf_offload_netdev struct with .offdev field set to NULL.

This dummy struct might be reused for programs without this flag
bound to the same device. However, bpf_prog_offload_verifier_prep()
that uses bpf_offload_netdev assumes that .offdev field cannot be NULL.

This bug was reported by syzbot in [1].

[1] https://lore.kernel.org/bpf/000000000000d97f3c060479c4f8@google.com/

Eduard Zingerman (2):
  bpf: Avoid dummy bpf_offload_netdev in __bpf_prog_dev_bound_init
  selftests/bpf: Offloaded prog after non-offloaded should not cause BUG

 kernel/bpf/offload.c                          | 12 ++--
 .../bpf/prog_tests/xdp_dev_bound_only.c       | 58 +++++++++++++++++++
 2 files changed, 65 insertions(+), 5 deletions(-)
 create mode 100644 tools/testing/selftests/bpf/prog_tests/xdp_dev_bound_only.c

Comments

patchwork-bot+netdevbpf@kernel.org Sept. 12, 2023, 6:30 a.m. UTC | #1 
Hello:

This series was applied to bpf/bpf.git (master)
by Martin KaFai Lau <martin.lau@kernel.org>:

On Tue, 12 Sep 2023 03:55:36 +0300 you wrote:
> For a device bound BPF program with flag BPF_F_XDP_DEV_BOUND_ONLY,
> in case if device does not support offload, __bpf_prog_dev_bound_init()
> creates a dummy bpf_offload_netdev struct with .offdev field set to NULL.
> 
> This dummy struct might be reused for programs without this flag
> bound to the same device. However, bpf_prog_offload_verifier_prep()
> that uses bpf_offload_netdev assumes that .offdev field cannot be NULL.
> 
> [...]

Here is the summary with links:
  - [bpf-next,1/2] bpf: Avoid dummy bpf_offload_netdev in __bpf_prog_dev_bound_init
    https://git.kernel.org/bpf/bpf/c/1a49f4195d34
  - [bpf-next,2/2] selftests/bpf: Offloaded prog after non-offloaded should not cause BUG
    https://git.kernel.org/bpf/bpf/c/e4c31164737e

You are awesome, thank you!