* bpf's usage of sk_user_data
@ 2020-07-07 9:37 James Chapman
2020-07-07 18:32 ` Martin KaFai Lau
0 siblings, 1 reply; 2+ messages in thread
From: James Chapman @ 2020-07-07 9:37 UTC (permalink / raw)
To: bpf, kafai; +Cc: netdev
I'm investigating a crash found by syzbot which turns out to be caused
by bpf_sk_reuseport_detach assuming ownership of sk_user_data in the
UDP socket destroy path and corrupts metadata of a UDP socket user (l2tp).
Here's the syzbot report:
https://syzkaller.appspot.com/bug?extid=9f092552ba9a5efca5df
I submitted a patch to l2tp to workaround this by having l2tp refuse
to use a UDP socket with SO_REUSEPORT set. But this isn't the right
fix. Can BPF be changed to store its metadata elsewhere such that
other socket users which use sk_user_data can co-exist with BPF?
The email thread discussing this is at:
https://lore.kernel.org/netdev/20200706.124536.774178117550894539.davem@davemloft.net/
^ permalink raw reply [flat|nested] 2+ messages in thread
* Re: bpf's usage of sk_user_data
2020-07-07 9:37 bpf's usage of sk_user_data James Chapman
@ 2020-07-07 18:32 ` Martin KaFai Lau
0 siblings, 0 replies; 2+ messages in thread
From: Martin KaFai Lau @ 2020-07-07 18:32 UTC (permalink / raw)
To: James Chapman; +Cc: bpf, netdev
On Tue, Jul 07, 2020 at 10:37:30AM +0100, James Chapman wrote:
> I'm investigating a crash found by syzbot which turns out to be caused
> by bpf_sk_reuseport_detach assuming ownership of sk_user_data in the
> UDP socket destroy path and corrupts metadata of a UDP socket user (l2tp).
>
> Here's the syzbot report:
> https://urldefense.proofpoint.com/v2/url?u=https-3A__syzkaller.appspot.com_bug-3Fextid-3D9f092552ba9a5efca5df&d=DwIBAg&c=5VD0RTtNlTh3ycd41b3MUw&r=VQnoQ7LvghIj0gVEaiQSUw&m=p6aRc9baiGL-RnWqirYKbVXROY5Qc1x4T5-HWjxEp0g&s=mPnfVsw-U-eTV_dezjfYUahIbSiW8wEg4jC44e-mris&e=
>
> I submitted a patch to l2tp to workaround this by having l2tp refuse
> to use a UDP socket with SO_REUSEPORT set. But this isn't the right
> fix. Can BPF be changed to store its metadata elsewhere such that
> other socket users which use sk_user_data can co-exist with BPF?
>
> The email thread discussing this is at:
> https://lore.kernel.org/netdev/20200706.124536.774178117550894539.davem@davemloft.net/
I have replied on the original thread. Thanks.
^ permalink raw reply [flat|nested] 2+ messages in thread
end of thread, other threads:[~2020-07-07 18:32 UTC | newest]
Thread overview: 2+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2020-07-07 9:37 bpf's usage of sk_user_data James Chapman
2020-07-07 18:32 ` Martin KaFai Lau
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.