Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

net: sockmap: Don't call bpf_prog_put() on NULL pointer #236

Closed
wants to merge 1 commit into from
Closed

net: sockmap: Don't call bpf_prog_put() on NULL pointer #236

wants to merge 1 commit into from

Conversation

kernel-patches-bot
Copy link

Pull request for series with
subject: net: sockmap: Don't call bpf_prog_put() on NULL pointer
version: 1
url: https://patchwork.kernel.org/project/netdevbpf/list/?series=363425

@kernel-patches-bot
Copy link
Author

Master branch: 28802e7
series: https://patchwork.kernel.org/project/netdevbpf/list/?series=363425
version: 1

Pull request is NOT updated. Failed to apply https://patchwork.kernel.org/project/netdevbpf/list/?series=363425
error message:

Cmd('git') failed due to: exit code(128)
  cmdline: git am -3
  stdout: 'Applying: net: sockmap: Don't call bpf_prog_put() on NULL pointer
Using index info to reconstruct a base tree...
M	net/core/sock_map.c
Falling back to patching base and 3-way merge...
Auto-merging net/core/sock_map.c
CONFLICT (content): Merge conflict in net/core/sock_map.c
Patch failed at 0001 net: sockmap: Don't call bpf_prog_put() on NULL pointer
When you have resolved this problem, run "git am --continue".
If you prefer to skip this patch, run "git am --skip" instead.
To restore the original branch and stop patching, run "git am --abort".'
  stderr: 'error: Failed to merge in the changes.
hint: Use 'git am --show-current-patch' to see the failed patch'

conflict:

diff --cc net/core/sock_map.c
index 119f52a99dc1,a73ccce54423..000000000000
--- a/net/core/sock_map.c
+++ b/net/core/sock_map.c
@@@ -235,16 -238,18 +235,27 @@@ static int sock_map_link(struct bpf_ma
  	int ret;
  
  	skb_verdict = READ_ONCE(progs->skb_verdict);
++<<<<<<< HEAD
 +	skb_parser = READ_ONCE(progs->skb_parser);
 +	skb_progs = skb_parser && skb_verdict;
 +	if (skb_progs) {
 +		skb_verdict = bpf_prog_inc_not_zero(skb_verdict);
 +		if (IS_ERR(skb_verdict))
 +			return PTR_ERR(skb_verdict);
++=======
+ 	if (skb_verdict) {
+ 		skb_verdict = bpf_prog_inc_not_zero(skb_verdict);
+ 		if (IS_ERR(skb_verdict))
+ 			return PTR_ERR(skb_verdict);
+ 	}
+ 
+ 	skb_parser = READ_ONCE(progs->skb_parser);
+ 	if (skb_parser) {
++>>>>>>> net: sockmap: Don't call bpf_prog_put() on NULL pointer
  		skb_parser = bpf_prog_inc_not_zero(skb_parser);
  		if (IS_ERR(skb_parser)) {
- 			bpf_prog_put(skb_verdict);
- 			return PTR_ERR(skb_parser);
+ 			ret = PTR_ERR(skb_parser);
+ 			goto out_put_skb_verdict;
  		}
  	}
  
@@@ -303,11 -312,12 +314,20 @@@ out_drop
  out_progs:
  	if (msg_parser)
  		bpf_prog_put(msg_parser);
++<<<<<<< HEAD
 +out:
 +	if (skb_progs) {
 +		bpf_prog_put(skb_verdict);
 +		bpf_prog_put(skb_parser);
 +	}
++=======
+ out_put_skb_parser:
+ 	if (skb_parser)
+ 		bpf_prog_put(skb_parser);
+ out_put_skb_verdict:
+ 	if (skb_verdict)
+ 		bpf_prog_put(skb_verdict);
++>>>>>>> net: sockmap: Don't call bpf_prog_put() on NULL pointer
  	return ret;
  }

@kernel-patches-bot
Copy link
Author

At least one diff in series https://patchwork.kernel.org/project/netdevbpf/list/?series=363425 irrelevant now. Closing PR.

@kernel-patches-bot kernel-patches-bot deleted the series/363425=>bpf branch October 18, 2020 02:17
borkmann added a commit to cilium/kernel-bpf-ci that referenced this pull request Jun 7, 2023
@borkmann
selftests/bpf: Add mprog API tests for BPF tcx links
9804648 
Add a big batch of test coverage to assert all aspects of the tcx link API:

  # ./vmtest.sh -- ./test_progs -t tc_links
  [...]
  kernel-patches#224     tc_links_after:OK
  kernel-patches#225     tc_links_append:OK
  kernel-patches#226     tc_links_basic:OK
  kernel-patches#227     tc_links_before:OK
  kernel-patches#228     tc_links_both:OK
  kernel-patches#229     tc_links_chain_classic:OK
  kernel-patches#230     tc_links_dev_cleanup:OK
  kernel-patches#231     tc_links_first:OK
  kernel-patches#232     tc_links_invalid:OK
  kernel-patches#233     tc_links_last:OK
  kernel-patches#234     tc_links_prepend:OK
  kernel-patches#235     tc_links_replace:OK
  kernel-patches#236     tc_links_revision:OK
  Summary: 13/0 PASSED, 0 SKIPPED, 0 FAILED

Signed-off-by: Daniel Borkmann <daniel@iogearbox.net>
kernel-patches-daemon-bpf bot pushed a commit that referenced this pull request Jun 7, 2023
@borkmann
selftests/bpf: Add mprog API tests for BPF tcx links
04f617c 
Add a big batch of test coverage to assert all aspects of the tcx link API:

  # ./vmtest.sh -- ./test_progs -t tc_links
  [...]
  #224     tc_links_after:OK
  #225     tc_links_append:OK
  #226     tc_links_basic:OK
  #227     tc_links_before:OK
  #228     tc_links_both:OK
  #229     tc_links_chain_classic:OK
  #230     tc_links_dev_cleanup:OK
  #231     tc_links_first:OK
  #232     tc_links_invalid:OK
  #233     tc_links_last:OK
  #234     tc_links_prepend:OK
  #235     tc_links_replace:OK
  #236     tc_links_revision:OK
  Summary: 13/0 PASSED, 0 SKIPPED, 0 FAILED

Signed-off-by: Daniel Borkmann <daniel@iogearbox.net>
yurinnick pushed a commit to yurinnick/kernel-patches-bpf that referenced this pull request Jun 7, 2023
@borkmann @yurinnick
selftests/bpf: Add mprog API tests for BPF tcx links
776aba0 
Add a big batch of test coverage to assert all aspects of the tcx link API:

  # ./vmtest.sh -- ./test_progs -t tc_links
  [...]
  kernel-patches#224     tc_links_after:OK
  kernel-patches#225     tc_links_append:OK
  kernel-patches#226     tc_links_basic:OK
  kernel-patches#227     tc_links_before:OK
  kernel-patches#228     tc_links_both:OK
  kernel-patches#229     tc_links_chain_classic:OK
  kernel-patches#230     tc_links_dev_cleanup:OK
  kernel-patches#231     tc_links_first:OK
  kernel-patches#232     tc_links_invalid:OK
  kernel-patches#233     tc_links_last:OK
  kernel-patches#234     tc_links_prepend:OK
  kernel-patches#235     tc_links_replace:OK
  kernel-patches#236     tc_links_revision:OK
  Summary: 13/0 PASSED, 0 SKIPPED, 0 FAILED

Signed-off-by: Daniel Borkmann <daniel@iogearbox.net>
kernel-patches-daemon-bpf bot pushed a commit that referenced this pull request Jun 8, 2023
@borkmann
selftests/bpf: Add mprog API tests for BPF tcx links
29a876c 
Add a big batch of test coverage to assert all aspects of the tcx link API:

  # ./vmtest.sh -- ./test_progs -t tc_links
  [...]
  #224     tc_links_after:OK
  #225     tc_links_append:OK
  #226     tc_links_basic:OK
  #227     tc_links_before:OK
  #228     tc_links_both:OK
  #229     tc_links_chain_classic:OK
  #230     tc_links_dev_cleanup:OK
  #231     tc_links_first:OK
  #232     tc_links_invalid:OK
  #233     tc_links_last:OK
  #234     tc_links_prepend:OK
  #235     tc_links_replace:OK
  #236     tc_links_revision:OK
  Summary: 13/0 PASSED, 0 SKIPPED, 0 FAILED

Signed-off-by: Daniel Borkmann <daniel@iogearbox.net>
yurinnick pushed a commit to yurinnick/kernel-patches-bpf that referenced this pull request Jun 8, 2023
@borkmann @yurinnick
selftests/bpf: Add mprog API tests for BPF tcx links
af398f3 
Add a big batch of test coverage to assert all aspects of the tcx link API:

  # ./vmtest.sh -- ./test_progs -t tc_links
  [...]
  kernel-patches#224     tc_links_after:OK
  kernel-patches#225     tc_links_append:OK
  kernel-patches#226     tc_links_basic:OK
  kernel-patches#227     tc_links_before:OK
  kernel-patches#228     tc_links_both:OK
  kernel-patches#229     tc_links_chain_classic:OK
  kernel-patches#230     tc_links_dev_cleanup:OK
  kernel-patches#231     tc_links_first:OK
  kernel-patches#232     tc_links_invalid:OK
  kernel-patches#233     tc_links_last:OK
  kernel-patches#234     tc_links_prepend:OK
  kernel-patches#235     tc_links_replace:OK
  kernel-patches#236     tc_links_revision:OK
  Summary: 13/0 PASSED, 0 SKIPPED, 0 FAILED

Signed-off-by: Daniel Borkmann <daniel@iogearbox.net>
kernel-patches-daemon-bpf bot pushed a commit that referenced this pull request Aug 3, 2023
@davem330
ip6mr: Fix skb_under_panic in ip6mr_cache_report()
30e0191 
skbuff: skb_under_panic: text:ffffffff88771f69 len:56 put:-4
 head:ffff88805f86a800 data:ffff887f5f86a850 tail:0x88 end:0x2c0 dev:pim6reg
 ------------[ cut here ]------------
 kernel BUG at net/core/skbuff.c:192!
 invalid opcode: 0000 [#1] PREEMPT SMP KASAN
 CPU: 2 PID: 22968 Comm: kworker/2:11 Not tainted 6.5.0-rc3-00044-g0a8db05b571a #236
 Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.15.0-1 04/01/2014
 Workqueue: ipv6_addrconf addrconf_dad_work
 RIP: 0010:skb_panic+0x152/0x1d0
 Call Trace:
  <TASK>
  skb_push+0xc4/0xe0
  ip6mr_cache_report+0xd69/0x19b0
  reg_vif_xmit+0x406/0x690
  dev_hard_start_xmit+0x17e/0x6e0
  __dev_queue_xmit+0x2d6a/0x3d20
  vlan_dev_hard_start_xmit+0x3ab/0x5c0
  dev_hard_start_xmit+0x17e/0x6e0
  __dev_queue_xmit+0x2d6a/0x3d20
  neigh_connected_output+0x3ed/0x570
  ip6_finish_output2+0x5b5/0x1950
  ip6_finish_output+0x693/0x11c0
  ip6_output+0x24b/0x880
  NF_HOOK.constprop.0+0xfd/0x530
  ndisc_send_skb+0x9db/0x1400
  ndisc_send_rs+0x12a/0x6c0
  addrconf_dad_completed+0x3c9/0xea0
  addrconf_dad_work+0x849/0x1420
  process_one_work+0xa22/0x16e0
  worker_thread+0x679/0x10c0
  ret_from_fork+0x28/0x60
  ret_from_fork_asm+0x11/0x20

When setup a vlan device on dev pim6reg, DAD ns packet may sent on reg_vif_xmit().
reg_vif_xmit()
    ip6mr_cache_report()
        skb_push(skb, -skb_network_offset(pkt));//skb_network_offset(pkt) is 4
And skb_push declared as:
	void *skb_push(struct sk_buff *skb, unsigned int len);
		skb->data -= len;
		//0xffff88805f86a84c - 0xfffffffc = 0xffff887f5f86a850
skb->data is set to 0xffff887f5f86a850, which is invalid mem addr, lead to skb_push() fails.

Fixes: 14fb64e ("[IPV6] MROUTE: Support PIM-SM (SSM).")
Signed-off-by: Yue Haibing <yuehaibing@huawei.com>
Reviewed-by: Eric Dumazet <edumazet@google.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
kernel-patches-daemon-bpf bot pushed a commit that referenced this pull request Aug 14, 2023
@borkmann
selftests/bpf: Add various more tcx test cases
dbd1540 
Add several new tcx test cases to improve test coverage. This also includes
a few new tests with ingress instead of clsact qdisc, to cover the fix from
commit dc644b5 ("tcx: Fix splat in ingress_destroy upon tcx_entry_free").

  # ./test_progs -t tc
  [...]
  #234     tc_links_after:OK
  #235     tc_links_append:OK
  #236     tc_links_basic:OK
  #237     tc_links_before:OK
  #238     tc_links_chain_classic:OK
  #239     tc_links_chain_mixed:OK
  #240     tc_links_dev_cleanup:OK
  #241     tc_links_dev_mixed:OK
  #242     tc_links_ingress:OK
  #243     tc_links_invalid:OK
  #244     tc_links_prepend:OK
  #245     tc_links_replace:OK
  #246     tc_links_revision:OK
  #247     tc_opts_after:OK
  #248     tc_opts_append:OK
  #249     tc_opts_basic:OK
  #250     tc_opts_before:OK
  #251     tc_opts_chain_classic:OK
  #252     tc_opts_chain_mixed:OK
  #253     tc_opts_delete_empty:OK
  #254     tc_opts_demixed:OK
  #255     tc_opts_detach:OK
  #256     tc_opts_detach_after:OK
  #257     tc_opts_detach_before:OK
  #258     tc_opts_dev_cleanup:OK
  #259     tc_opts_invalid:OK
  #260     tc_opts_mixed:OK
  #261     tc_opts_prepend:OK
  #262     tc_opts_replace:OK
  #263     tc_opts_revision:OK
  [...]
  Summary: 44/38 PASSED, 0 SKIPPED, 0 FAILED

Signed-off-by: Daniel Borkmann <daniel@iogearbox.net>
kernel-patches-daemon-bpf bot pushed a commit that referenced this pull request Aug 14, 2023
@borkmann
selftests/bpf: Add various more tcx test cases
4f741af 
Add several new tcx test cases to improve test coverage. This also includes
a few new tests with ingress instead of clsact qdisc, to cover the fix from
commit dc644b5 ("tcx: Fix splat in ingress_destroy upon tcx_entry_free").

  # ./test_progs -t tc
  [...]
  #234     tc_links_after:OK
  #235     tc_links_append:OK
  #236     tc_links_basic:OK
  #237     tc_links_before:OK
  #238     tc_links_chain_classic:OK
  #239     tc_links_chain_mixed:OK
  #240     tc_links_dev_cleanup:OK
  #241     tc_links_dev_mixed:OK
  #242     tc_links_ingress:OK
  #243     tc_links_invalid:OK
  #244     tc_links_prepend:OK
  #245     tc_links_replace:OK
  #246     tc_links_revision:OK
  #247     tc_opts_after:OK
  #248     tc_opts_append:OK
  #249     tc_opts_basic:OK
  #250     tc_opts_before:OK
  #251     tc_opts_chain_classic:OK
  #252     tc_opts_chain_mixed:OK
  #253     tc_opts_delete_empty:OK
  #254     tc_opts_demixed:OK
  #255     tc_opts_detach:OK
  #256     tc_opts_detach_after:OK
  #257     tc_opts_detach_before:OK
  #258     tc_opts_dev_cleanup:OK
  #259     tc_opts_invalid:OK
  #260     tc_opts_mixed:OK
  #261     tc_opts_prepend:OK
  #262     tc_opts_replace:OK
  #263     tc_opts_revision:OK
  [...]
  Summary: 44/38 PASSED, 0 SKIPPED, 0 FAILED

Signed-off-by: Daniel Borkmann <daniel@iogearbox.net>
chantra pushed a commit to chantra/kernel-patches-bpf that referenced this pull request Aug 14, 2023
@borkmann @chantra
selftests/bpf: Add various more tcx test cases
0e1fa14 
Add several new tcx test cases to improve test coverage. This also includes
a few new tests with ingress instead of clsact qdisc, to cover the fix from
commit dc644b5 ("tcx: Fix splat in ingress_destroy upon tcx_entry_free").

  # ./test_progs -t tc
  [...]
  kernel-patches#234     tc_links_after:OK
  kernel-patches#235     tc_links_append:OK
  kernel-patches#236     tc_links_basic:OK
  kernel-patches#237     tc_links_before:OK
  kernel-patches#238     tc_links_chain_classic:OK
  kernel-patches#239     tc_links_chain_mixed:OK
  kernel-patches#240     tc_links_dev_cleanup:OK
  kernel-patches#241     tc_links_dev_mixed:OK
  kernel-patches#242     tc_links_ingress:OK
  kernel-patches#243     tc_links_invalid:OK
  kernel-patches#244     tc_links_prepend:OK
  kernel-patches#245     tc_links_replace:OK
  kernel-patches#246     tc_links_revision:OK
  kernel-patches#247     tc_opts_after:OK
  kernel-patches#248     tc_opts_append:OK
  kernel-patches#249     tc_opts_basic:OK
  kernel-patches#250     tc_opts_before:OK
  kernel-patches#251     tc_opts_chain_classic:OK
  kernel-patches#252     tc_opts_chain_mixed:OK
  kernel-patches#253     tc_opts_delete_empty:OK
  kernel-patches#254     tc_opts_demixed:OK
  kernel-patches#255     tc_opts_detach:OK
  kernel-patches#256     tc_opts_detach_after:OK
  kernel-patches#257     tc_opts_detach_before:OK
  kernel-patches#258     tc_opts_dev_cleanup:OK
  kernel-patches#259     tc_opts_invalid:OK
  kernel-patches#260     tc_opts_mixed:OK
  kernel-patches#261     tc_opts_prepend:OK
  kernel-patches#262     tc_opts_replace:OK
  kernel-patches#263     tc_opts_revision:OK
  [...]
  Summary: 44/38 PASSED, 0 SKIPPED, 0 FAILED

Signed-off-by: Daniel Borkmann <daniel@iogearbox.net>
kernel-patches-daemon-bpf bot pushed a commit that referenced this pull request Aug 15, 2023
@borkmann
selftests/bpf: Add various more tcx test cases
ccd9a8b 
Add several new tcx test cases to improve test coverage. This also includes
a few new tests with ingress instead of clsact qdisc, to cover the fix from
commit dc644b5 ("tcx: Fix splat in ingress_destroy upon tcx_entry_free").

  # ./test_progs -t tc
  [...]
  #234     tc_links_after:OK
  #235     tc_links_append:OK
  #236     tc_links_basic:OK
  #237     tc_links_before:OK
  #238     tc_links_chain_classic:OK
  #239     tc_links_chain_mixed:OK
  #240     tc_links_dev_cleanup:OK
  #241     tc_links_dev_mixed:OK
  #242     tc_links_ingress:OK
  #243     tc_links_invalid:OK
  #244     tc_links_prepend:OK
  #245     tc_links_replace:OK
  #246     tc_links_revision:OK
  #247     tc_opts_after:OK
  #248     tc_opts_append:OK
  #249     tc_opts_basic:OK
  #250     tc_opts_before:OK
  #251     tc_opts_chain_classic:OK
  #252     tc_opts_chain_mixed:OK
  #253     tc_opts_delete_empty:OK
  #254     tc_opts_demixed:OK
  #255     tc_opts_detach:OK
  #256     tc_opts_detach_after:OK
  #257     tc_opts_detach_before:OK
  #258     tc_opts_dev_cleanup:OK
  #259     tc_opts_invalid:OK
  #260     tc_opts_mixed:OK
  #261     tc_opts_prepend:OK
  #262     tc_opts_replace:OK
  #263     tc_opts_revision:OK
  [...]
  Summary: 44/38 PASSED, 0 SKIPPED, 0 FAILED

Signed-off-by: Daniel Borkmann <daniel@iogearbox.net>
Link: https://lore.kernel.org/r/8699efc284b75ccdc51ddf7062fa2370330dc6c0.1692029283.git.daniel@iogearbox.net
Signed-off-by: Martin KaFai Lau <martin.lau@kernel.org>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
accepted bpf V1
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
1 participant
@kernel-patches-bot