| Message ID | 20231201180139.328529-1-john.fastabend@gmail.com (mailing list archive) |
|---|---|
| Headers | show |
| Series | bpf fix for unconnect af_unix socket | expand |
On Fri, Dec 01, 2023 at 10:01 AM -08, John Fastabend wrote: > Eric reported a syzbot splat from a null ptr deref from recent fix to > resolve a use-after-free with af-unix stream sockets and BPF sockmap > usage. > > The issue is I missed is we allow unconnected af_unix STREAM sockets to > be added to the sockmap. Fix this by blocking unconnected sockets. > > v2: change sk_is_unix to sk_is_stream_unix (Eric) and remove duplicate > ASSERTS in selftests the xsocket helper already marks FAIL (Jakub) > > John Fastabend (2): > bpf: syzkaller found null ptr deref in unix_bpf proto add > bpf: sockmap, test for unconnected af_unix sock > > include/net/sock.h | 5 +++ > net/core/sock_map.c | 2 ++ > .../selftests/bpf/prog_tests/sockmap_basic.c | 34 +++++++++++++++++++ > 3 files changed, 41 insertions(+) For the series: Acked-by: Jakub Sitnicki <jakub@cloudflare.com>
Hello: This series was applied to bpf/bpf.git (master) by Martin KaFai Lau <martin.lau@kernel.org>: On Fri, 1 Dec 2023 10:01:37 -0800 you wrote: > Eric reported a syzbot splat from a null ptr deref from recent fix to > resolve a use-after-free with af-unix stream sockets and BPF sockmap > usage. > > The issue is I missed is we allow unconnected af_unix STREAM sockets to > be added to the sockmap. Fix this by blocking unconnected sockets. > > [...] Here is the summary with links: - [bpf,v2,1/2] bpf: syzkaller found null ptr deref in unix_bpf proto add https://git.kernel.org/bpf/bpf/c/8d6650646ce4 - [bpf,v2,2/2] bpf: sockmap, test for unconnected af_unix sock https://git.kernel.org/bpf/bpf/c/50d96f05af67 You are awesome, thank you!
Eric reported a syzbot splat from a null ptr deref from recent fix to resolve a use-after-free with af-unix stream sockets and BPF sockmap usage. The issue is I missed is we allow unconnected af_unix STREAM sockets to be added to the sockmap. Fix this by blocking unconnected sockets. v2: change sk_is_unix to sk_is_stream_unix (Eric) and remove duplicate ASSERTS in selftests the xsocket helper already marks FAIL (Jakub) John Fastabend (2): bpf: syzkaller found null ptr deref in unix_bpf proto add bpf: sockmap, test for unconnected af_unix sock include/net/sock.h | 5 +++ net/core/sock_map.c | 2 ++ .../selftests/bpf/prog_tests/sockmap_basic.c | 34 +++++++++++++++++++ 3 files changed, 41 insertions(+)