Received: by 2002:ab2:6991:0:b0:1f2:fff1:ace7 with SMTP id v17csp112318lqo; Wed, 27 Mar 2024 08:15:19 -0700 (PDT) X-Forwarded-Encrypted: i=3; AJvYcCW+RX6dHgVfKrvNq0kQhZjWxAYRjXINETBxr/cSec7RUJpKsV43B0H6Jc1xNcQS7EuLvOm9dBDLL4gWs3uC9lBRMO5Y9NYRhiN0wl+nYw== X-Google-Smtp-Source: AGHT+IHl8oM7jU2j5JKrpVJ4ePbWtxiRu5dVYgjgzzQJv3TVkkIwQ8bQ/kAyR/GnD9rVIXp588qf X-Received: by 2002:a05:6a20:8f07:b0:1a3:b020:bcb7 with SMTP id b7-20020a056a208f0700b001a3b020bcb7mr332584pzk.15.1711552519664; Wed, 27 Mar 2024 08:15:19 -0700 (PDT) ARC-Seal: i=2; a=rsa-sha256; t=1711552519; cv=pass; d=google.com; s=arc-20160816; b=UZNTlgooAzfMfyDyCE/lFeRYDlzRRQfhgCgoK6/g0FO8Os3mnj0ofhBNkbOMNAhrqQ UuHTSbZZzQUyPgxsmZ5CYvCO91JCYJF0fJJoNlXhYpGvd/ht5EWIdQgGP6gb2lHEFIdz aWVdY5rAgF2nD0tvwgfwqRSIMi10v/UpE24PlPQIfo/8vxcsIvzj2kbee8G2KqpKtUOk MhzKISuibFGq7gtV7qcLZs3tFs1K38AXBDGncEAcOr3RFEf2ljoZQgfRpWXhhQgPxmhv WSJsO+y4NicnB9U8HSxfi6C3FtEQK3QckTKRYeG1QCu8IhCd22jozFtAInQqVp6TtDSv uYNg== ARC-Message-Signature: i=2; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=content-transfer-encoding:mime-version:list-unsubscribe :list-subscribe:list-id:precedence:references:in-reply-to:date :subject:cc:to:from:message-id:dkim-signature; bh=l1g3KVEUbPfrnpMbSqUvtMmtEzMFFaEtMNlAt4sADcc=; fh=HFVI9dEWVR5xZns7GaDGpyJczhXqg9F0nxP6JeIVjXQ=; b=Y/yyt3cihuryUnhtfI8SLUfkXZEaI6bGzzESSQXTkwkLl6CNxiJ+K3Br02BHutjsZP p8Bj2r+GmknFC2Uk1zB0u10p3xqpFzVOSI3keFGVwzMzsVgCUYIMrsneu4706yd/GkVy 0j+TtJxsUT5lAHb45BVmkA/0a7S8umMxATYz0CrBtp3c0CqP0cfFbIl2qdiK09cR5NnP 8h2YvPizQg2cYw2gQ9dQpIc5hSme6D6U1WOuQnWFe4tsqM1kRML5z633CuDGpVWH5sLn 9/ss93DU5sXL6tnUJE9ou/Y4/m4b1LJiVHnC89X9NE9e4fb/YiNzNFjP+f0Sgq54gL2T fawQ==; dara=google.com ARC-Authentication-Results: i=2; mx.google.com; dkim=pass header.i=@qq.com header.s=s201512 header.b="Qj/uUrN0"; arc=pass (i=1 spf=pass spfdomain=qq.com dkim=pass dkdomain=qq.com dmarc=pass fromdomain=qq.com); spf=pass (google.com: domain of linux-kernel+bounces-121425-linux.lists.archive=gmail.com@vger.kernel.org designates 139.178.88.99 as permitted sender) smtp.mailfrom="linux-kernel+bounces-121425-linux.lists.archive=gmail.com@vger.kernel.org"; dmarc=pass (p=QUARANTINE sp=QUARANTINE dis=NONE) header.from=qq.com Return-Path: Received: from sv.mirrors.kernel.org (sv.mirrors.kernel.org. [139.178.88.99]) by mx.google.com with ESMTPS id bz18-20020a056a02061200b005e4f076f51asi2252711pgb.762.2024.03.27.08.15.19 for (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Wed, 27 Mar 2024 08:15:19 -0700 (PDT) Received-SPF: pass (google.com: domain of linux-kernel+bounces-121425-linux.lists.archive=gmail.com@vger.kernel.org designates 139.178.88.99 as permitted sender) client-ip=139.178.88.99; Authentication-Results: mx.google.com; dkim=pass header.i=@qq.com header.s=s201512 header.b="Qj/uUrN0"; arc=pass (i=1 spf=pass spfdomain=qq.com dkim=pass dkdomain=qq.com dmarc=pass fromdomain=qq.com); spf=pass (google.com: domain of linux-kernel+bounces-121425-linux.lists.archive=gmail.com@vger.kernel.org designates 139.178.88.99 as permitted sender) smtp.mailfrom="linux-kernel+bounces-121425-linux.lists.archive=gmail.com@vger.kernel.org"; dmarc=pass (p=QUARANTINE sp=QUARANTINE dis=NONE) header.from=qq.com Received: from smtp.subspace.kernel.org (wormhole.subspace.kernel.org [52.25.139.140]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by sv.mirrors.kernel.org (Postfix) with ESMTPS id A76F12C5412 for ; Wed, 27 Mar 2024 15:04:29 +0000 (UTC) Received: from localhost.localdomain (localhost.localdomain [127.0.0.1]) by smtp.subspace.kernel.org (Postfix) with ESMTP id 1775C146D42; Wed, 27 Mar 2024 14:23:44 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; dkim=pass (1024-bit key) header.d=qq.com header.i=@qq.com header.b="Qj/uUrN0" Received: from out203-205-221-233.mail.qq.com (out203-205-221-233.mail.qq.com [203.205.221.233]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 3EEEA146A8F for ; Wed, 27 Mar 2024 14:23:40 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=203.205.221.233 ARC-Seal:i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1711549423; cv=none; b=KsPxsCPZapM9x1P6m30r6g+qQufywvEBeGvySxmLyGLPO4WWaDU0fK4OQdat/mOCgav6tN3MhVQuG37DvUy49W+E46X2o5nk4qzEy/zJC+TsHC5B89yvotgdoe/bPVjTdAx3kplkJOJbGOhKIY9Rz/97FzgW+MoSNBaR1jTT4MI= ARC-Message-Signature:i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1711549423; c=relaxed/simple; bh=J7UhRdgWg8g0gvaZs0hX56TeUc4gLGidHY4DvHhM/W8=; h=Message-ID:From:To:Cc:Subject:Date:In-Reply-To:References: MIME-Version; b=n2HNmgdIuWm80pTeYCuBH949+dy6arYaUXj41YH64OJJZBbdjfiIprqy39f+nb7dKWWeacAPUAWpqKyuNMOuuQ9Vlqn5Hdw3l3HaSy+7dXgJsnLKg4bI5AvOxIRY9llzsclG6ma+RpglocvRFR8q1+t2VpM589gPBEE0e3lavY8= ARC-Authentication-Results:i=1; smtp.subspace.kernel.org; dmarc=pass (p=quarantine dis=none) header.from=qq.com; spf=pass smtp.mailfrom=qq.com; dkim=pass (1024-bit key) header.d=qq.com header.i=@qq.com header.b=Qj/uUrN0; arc=none smtp.client-ip=203.205.221.233 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=quarantine dis=none) header.from=qq.com Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=qq.com DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=qq.com; s=s201512; t=1711549111; bh=l1g3KVEUbPfrnpMbSqUvtMmtEzMFFaEtMNlAt4sADcc=; h=From:To:Cc:Subject:Date:In-Reply-To:References; b=Qj/uUrN0gwAnlLYXJhtVshFGNk3wXZ0p7jKn8hmRcoWga419uXk8ELJHu5CosTAUx nbKa4qZSOW7ux6WCcKY9aumvMfEU9gvyAzUvmecijmfnRaLSA96ENeMrSWKhyBCyFE romae2OwWTj1AHs3MnTy0uGE0VzgJVrvcMdcASvE= Received: from pek-lxu-l1.wrs.com ([111.198.228.153]) by newxmesmtplogicsvrszb6-0.qq.com (NewEsmtp) with SMTP id 49DBEC1D; Wed, 27 Mar 2024 22:18:29 +0800 X-QQ-mid: xmsmtpt1711549109teqxmcxs0 Message-ID: X-QQ-XMAILINFO: OCYbvBDBNb9rZde+3q3Z/T+3QxFn6xkpS8ZSBpzfFLhHrXpKmxsWaYXdGCG+RE +sPbI2+bJIsRY80jNApE+RUJA9mv8yrcvidYcBQcorXQqvE5om2xpUpjQctk/Tdmm+zhhKMK0KiK DTjIb+38YsafmFdlbe06/U7gfS2p2IvZLVfCw4D7DmlG5poNekOorsJbYLZVbQ9x5HZB7UZ+PUeS /ipxKDc2tvjukq0aXgNpxnaVSno+VaLOUvvjSpTsFAdtEt0NMoB7ILBFAzg7tK9ENPA3H2y7Yqg5 hMzIVKsb7Hm9kl+gFCA5m0UX/J9/W17yDaMQBvCO4rdtCHhgPdh3i6mfgYpFVA6xoVwvLusbNFvV zBsxpAIJS9SlziIJAapysFA8w8/xcIX2gITVTE2Izz25kj70CM1KddWoV+zvei0dgKzpxKsNrVqM yy9Yuoj3cZyOXTZNDqSVN3JNRvzrtjncTINgX113m1OWtfm8FlHPZ9ocMx1nFILVnxrXVjAOTCjk 7ZoBEkFo8AlTOvh6hQJ22nawG9McV9uYGaZ6YIqO8ctNUmdvqjaOF9YNjXTieOQctMPF9Mv83pW+ ui5CKpkT2Go0ayJUDwgbvRCkzH5xCZzi7Akaycl3zS8eGuVUznUoCjT6BFtUNvTG4YsEvgH6WsEv o4mzlz3kVAvs9OF5dJb8JUIOnQ2Uifb4H29QgBd0jio0BVPg/iLAOjqQGyxXju88EMsv3/7ydkCl maGbyrbY4xTdN3nTuSSMXaNoihlC/Sf3PXQ5B5ERNPbdXaISZNGQlBATUWcpzKuhipZfhr7a9adW SCrf6MOZbH4stoCQYv2dVpgwxs/S4d98OcLt2KsPFIh1cJ9pfSvBme1fqMQ8sOIf0hIGvN68qiZo g3ChNOvB2BJPWwGYKunxFZlYwcn1IhKWIlPNVILP3QMzZLa/fpXD4= X-QQ-XMRINFO: NyFYKkN4Ny6FSmKK/uo/jdU= From: Edward Adam Davis To: syzbot+af9492708df9797198d6@syzkaller.appspotmail.com Cc: linux-kernel@vger.kernel.org, syzkaller-bugs@googlegroups.com Subject: Re: [syzbot] [bpf?] [net?] general protection fault in dev_map_enqueue Date: Wed, 27 Mar 2024 22:18:30 +0800 X-OQ-MSGID: <20240327141829.3279427-2-eadavis@qq.com> X-Mailer: git-send-email 2.43.0 In-Reply-To: <00000000000069ee1a06149ff00c@google.com> References: <00000000000069ee1a06149ff00c@google.com> Precedence: bulk X-Mailing-List: linux-kernel@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 Content-Transfer-Encoding: 8bit please test null ptr deref in dev_map_enqueue #syz test https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git master diff --git a/net/core/filter.c b/net/core/filter.c index 8adf95765cdd..721b85aebf58 100644 --- a/net/core/filter.c +++ b/net/core/filter.c @@ -4381,6 +4381,11 @@ static __always_inline int __xdp_do_redirect_frame(struct bpf_redirect_info *ri, err = dev_map_enqueue_multi(xdpf, dev, map, ri->flags & BPF_F_EXCLUDE_INGRESS); } else { + fwd = dev_get_by_index_rcu(dev_net(dev), ri->tgt_index); + if (unlikely(!fwd)) { + err = -EINVAL; + break; + } err = dev_map_enqueue(fwd, xdpf, dev); } break;