Received: by 2002:ab2:1149:0:b0:1f3:1f8c:d0c6 with SMTP id z9csp360631lqz; Fri, 29 Mar 2024 22:53:25 -0700 (PDT) X-Forwarded-Encrypted: i=3; AJvYcCWV7Xs7WYUSiHdTOlq3M+HMsC228l04ub8fqkbdlKigvgTm8EpNObLu+v40inFA93UUN9/a3+tkml+L86OsSephhYMyEI5r874Mkh1zWw== X-Google-Smtp-Source: AGHT+IEpos++99bQdJ0Kwk7GTlNrlg6r6Fk42ArpF6R4IYQjk2pWDf9FkGuV0prAMhYnXDw8rbWJ X-Received: by 2002:a05:6512:5c9:b0:515:a733:2e21 with SMTP id o9-20020a05651205c900b00515a7332e21mr2632011lfo.44.1711778004789; Fri, 29 Mar 2024 22:53:24 -0700 (PDT) ARC-Seal: i=2; a=rsa-sha256; t=1711778004; cv=pass; d=google.com; s=arc-20160816; b=ZpdGElJ9kcyUi40N4/M+7GQ/LR7EprGOYq2qkQsQVo1dGt4s2eRCtE4ZxeqHjHHwKA zOaVOB2trYXJ0PJmYovEIkGxVRwlI+yjoSxHE/3jVBQGY6a5nE7YAWuZbz54durc+Lon k+ERRiaAGxQB+Hvg8jEC76gAoCY+wH0fseSEbfYBiQMO1qwWWuxYo5T2RJsvxMKShdmS vs2hrmNC4sLnkniTw/GIUEyL81ibbKrsXBrgPqKXhN66pwF2AJHlqNnQNjXadw1X9zDv n13VWtDL1i28tfLp8WX1HCNC1sjb0PywhfhCMFBAvv90NpdF84qRDhhuumBgCCaUH7Fs Tf/A== ARC-Message-Signature: i=2; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=content-transfer-encoding:mime-version:list-unsubscribe :list-subscribe:list-id:precedence:references:in-reply-to:date :subject:cc:to:from:message-id:dkim-signature; bh=qdTY6Ko7k/74y6NFxMJ3ypox/Ty3LMxTTEkEquK+GJA=; fh=HFVI9dEWVR5xZns7GaDGpyJczhXqg9F0nxP6JeIVjXQ=; b=qWte+1tOj66nTMKh30R2Jw/UWL5jkcYVHGbi/KSGEcN1BW5smUwSqEQfAc5nDejWOf ftZksKow4F+qHpXtZiF7BVjZNbPrHrpZEVnv99asIPKLm9dRSf3MBHl+oX0TVEmWzFyG sqErFMtrQVL34CEmPNwX+TfPKvwhi+G3R1fUEyS3jxwy/m4CLzG8yLS09833EOcv/yI5 S3NgxVUBVz56OX1R8Z65P9RU9RE269ou1F4nf7j5jhFNDOmNBMuZF/ew4IwOTDdiq8Wc US53WmIMk7acynBzT0s1Xel6dU3oehbH86dRSaXUuQvS57uKWNABNiUqtE1oytl72zIF Eadg==; dara=google.com ARC-Authentication-Results: i=2; mx.google.com; dkim=pass header.i=@qq.com header.s=s201512 header.b=v2bsJ3WX; arc=pass (i=1 spf=pass spfdomain=qq.com dkim=pass dkdomain=qq.com dmarc=pass fromdomain=qq.com); spf=pass (google.com: domain of linux-kernel+bounces-125604-linux.lists.archive=gmail.com@vger.kernel.org designates 147.75.80.249 as permitted sender) smtp.mailfrom="linux-kernel+bounces-125604-linux.lists.archive=gmail.com@vger.kernel.org"; dmarc=pass (p=QUARANTINE sp=QUARANTINE dis=NONE) header.from=qq.com Return-Path: Received: from am.mirrors.kernel.org (am.mirrors.kernel.org. [147.75.80.249]) by mx.google.com with ESMTPS id c16-20020a170906341000b00a4a9828f915si2434717ejb.295.2024.03.29.22.53.24 for (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Fri, 29 Mar 2024 22:53:24 -0700 (PDT) Received-SPF: pass (google.com: domain of linux-kernel+bounces-125604-linux.lists.archive=gmail.com@vger.kernel.org designates 147.75.80.249 as permitted sender) client-ip=147.75.80.249; Authentication-Results: mx.google.com; dkim=pass header.i=@qq.com header.s=s201512 header.b=v2bsJ3WX; arc=pass (i=1 spf=pass spfdomain=qq.com dkim=pass dkdomain=qq.com dmarc=pass fromdomain=qq.com); spf=pass (google.com: domain of linux-kernel+bounces-125604-linux.lists.archive=gmail.com@vger.kernel.org designates 147.75.80.249 as permitted sender) smtp.mailfrom="linux-kernel+bounces-125604-linux.lists.archive=gmail.com@vger.kernel.org"; dmarc=pass (p=QUARANTINE sp=QUARANTINE dis=NONE) header.from=qq.com Received: from smtp.subspace.kernel.org (wormhole.subspace.kernel.org [52.25.139.140]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by am.mirrors.kernel.org (Postfix) with ESMTPS id 7415D1F22761 for ; Sat, 30 Mar 2024 05:53:24 +0000 (UTC) Received: from localhost.localdomain (localhost.localdomain [127.0.0.1]) by smtp.subspace.kernel.org (Postfix) with ESMTP id 924D68827; Sat, 30 Mar 2024 05:53:18 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; dkim=pass (1024-bit key) header.d=qq.com header.i=@qq.com header.b="v2bsJ3WX" Received: from out203-205-221-202.mail.qq.com (out203-205-221-202.mail.qq.com [203.205.221.202]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 54A778820 for ; Sat, 30 Mar 2024 05:53:13 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=203.205.221.202 ARC-Seal:i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1711777997; cv=none; b=uXJo6LkA2rDYosi0s9eyoXJC1xO8de6I50PAE/AKEzpbAv3RY/u61bAHIOP+v+DBbd482/BDjy4Ge6xyYKxA/oDF+TyQSH9I/xZzf/dklGQ5sg+yl1kbc3nZ5HXhp6OGjakg0t1ylqJ8Xw11MUUZI1p0nQm0ltSXPxzf3Wh9U2Q= ARC-Message-Signature:i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1711777997; c=relaxed/simple; bh=az+3kN5iGihIcyQyOdKrdi/NjUoZI9GXUniqVpy4vaE=; h=Message-ID:From:To:Cc:Subject:Date:In-Reply-To:References: MIME-Version; b=hVLcvypZkl8LFGgcQ2t2/kbpy+R2nEnp1/A/acSgL9n2MiTVdrhL4ueTWtDrTRC92Rf29nNfceAxgdkreSGFKuhBt6Jv0qn/6Ce72bXgZlpgDv+B2yJ3F5VreF+bYKhVEaRiDOX6mF4kZX86UWcrCuBYHXnQBpidHjdGnHEhDRk= ARC-Authentication-Results:i=1; smtp.subspace.kernel.org; dmarc=pass (p=quarantine dis=none) header.from=qq.com; spf=pass smtp.mailfrom=qq.com; dkim=pass (1024-bit key) header.d=qq.com header.i=@qq.com header.b=v2bsJ3WX; arc=none smtp.client-ip=203.205.221.202 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=quarantine dis=none) header.from=qq.com Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=qq.com DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=qq.com; s=s201512; t=1711777991; bh=qdTY6Ko7k/74y6NFxMJ3ypox/Ty3LMxTTEkEquK+GJA=; h=From:To:Cc:Subject:Date:In-Reply-To:References; b=v2bsJ3WXQ2IAPrpFo8HHn0uqhUup90BDHFEeTbpeNcHoiA4Jz91viNaKnt4HCn+be 4O4hAmtd76nsv90QAlUewsEOpnQUxIJ7EvRU09vvdsuEQg4gDXOadZ4f5gkc19i/Zs b3TsRy6tYWm1JScIqPZS1iRUiGijV/cS/ty10uhE= Received: from pek-lxu-l1.wrs.com ([111.198.228.153]) by newxmesmtplogicsvrsza10-0.qq.com (NewEsmtp) with SMTP id D4A170A8; Sat, 30 Mar 2024 13:53:10 +0800 X-QQ-mid: xmsmtpt1711777990t4r98qeur Message-ID: X-QQ-XMAILINFO: OKKHiI6c9SH3spKhFCNqkmqxaaLSPzKGqqjxM22I5AaloE6ICfERdEhJ0nOZFE XuqiGP1jFtte69VTGR6fDcJ0rFNjGnXviJ2I5T8uuS8BlXMJdk/X13WFrmlnWpOgd9ZnmSxmeMnH kIzp7G2tR23xvN33BpEPhuUciV0RjPB5YFwiPNsJPzyVkHb4LtS9N7srId44VvyFeTz+HcLHIxXE ak0y9mg7q34i/xazddlr34aDYNUAw3K3cFqHG7ISBPUba9ablf0yonYUCuoreonVHtxvGUQUlzIW UT82Rci85b5xXZU/g2ZtKJ7TfBahY1R7aQHPRziyk+MgjHQwhb4ZtE+5HwitiZcEioVxsxecTXiA MDAQlV0A6WORm2s7S4EspYI72FWD0cwE9JqhHkT/FcgHvT2bpBxN+Q3iVdOKOxnuegZhlQl2IL0Y wx+/qAv9e5mms/HUsXpwrBFCUIK1kEam2uFZ5Y6B8TLC7G3seb82vBHrvXzxmBJ56JMZnOngCLrr ri9CW6K7AmaCr+TAy/L82aL5AFXr+ZNMw+D2UdQOJd+pty4euxhC2JFpKH1dqHRH36QVmGL+CHEL fmWoz+VI7+8Ovz8MzizzHYmqe2n5Vl1BQf/LBlKRGc7xJ6Wi607bb5usUNOIvWXvKGS9dWl0n1mN myuiwMEWlSbWY6eQlSytB5KScwdj/O9EfDw1yPmkLUCpDPWSzpqqCu0XlusbRcGUQhsZFS6vBCYF pIBH+Uq8VT+T9/fOQIseZP9R2TNEgQGm6reXEG7/8r0cw3QT3KYauDJoW9/+aiNqRD3PyWofFSDV ZvTgRbX+ykOD4dxZkWz5kCmH+vSjwkUUiejB2JrykiXH3FR0nmVm/yU00+frK5xdyT92Yjxymv63 6wMHTfgg4HJ0n/rKGS+6D9hgOQevFIfxq6dNnx2fYxJe0uzAPiuHGDHl3HW2R5V3o4DQUf/RDr X-QQ-XMRINFO: OD9hHCdaPRBwq3WW+NvGbIU= From: Edward Adam Davis To: syzbot+af9492708df9797198d6@syzkaller.appspotmail.com Cc: linux-kernel@vger.kernel.org, syzkaller-bugs@googlegroups.com Subject: Re: [syzbot] [bpf?] [net?] general protection fault in dev_map_enqueue Date: Sat, 30 Mar 2024 13:53:10 +0800 X-OQ-MSGID: <20240330055309.4158214-2-eadavis@qq.com> X-Mailer: git-send-email 2.43.0 In-Reply-To: <00000000000069ee1a06149ff00c@google.com> References: <00000000000069ee1a06149ff00c@google.com> Precedence: bulk X-Mailing-List: linux-kernel@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 Content-Transfer-Encoding: 8bit please test null ptr deref in dev_map_enqueue #syz test https://git.kernel.org/pub/scm/linux/kernel/git/bpf/bpf.git 443574b03387 diff --git a/net/core/filter.c b/net/core/filter.c index 8adf95765cdd..721b85aebf58 100644 --- a/net/core/filter.c +++ b/net/core/filter.c @@ -4381,6 +4381,10 @@ static __always_inline int __xdp_do_redirect_frame(struct bpf_redirect_info *ri, err = dev_map_enqueue_multi(xdpf, dev, map, ri->flags & BPF_F_EXCLUDE_INGRESS); } else { + if (unlikely(!fwd)) { + err = -EINVAL; + break; + } err = dev_map_enqueue(fwd, xdpf, dev); } break;