bpf, test_run: fix alignment problem in bpf_prog_test_run_skb() #3935
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
|
Upstream branch: d9095f9 |
kernel-patches-bot
force-pushed
the
series/690727=>bpf-next
branch
from
641d5be
to
e2395c4
Compare
kernel-patches-bot
force-pushed
the
bpf-next_base
branch
from
3c5e08b
to
1f272dc
Compare
|
Upstream branch: d9095f9 |
kernel-patches-bot
force-pushed
the
series/690727=>bpf-next
branch
from
e2395c4
to
e584523
Compare
kernel-patches-bot
force-pushed
the
bpf-next_base
branch
from
1f272dc
to
b2050d3
Compare
|
Upstream branch: d9095f9 |
kernel-patches-bot
force-pushed
the
series/690727=>bpf-next
branch
from
e584523
to
d8f0bf2
Compare
kernel-patches-bot
force-pushed
the
bpf-next_base
branch
from
b2050d3
to
078e6cc
Compare
|
Upstream branch: d9095f9 |
kernel-patches-bot
force-pushed
the
series/690727=>bpf-next
branch
from
d8f0bf2
to
dd0a884
Compare
kernel-patches-bot
force-pushed
the
bpf-next_base
branch
from
078e6cc
to
45b4929
Compare
|
Upstream branch: 0ed041b |
kernel-patches-bot
force-pushed
the
series/690727=>bpf-next
branch
from
dd0a884
to
670b5b8
Compare
kernel-patches-bot
force-pushed
the
bpf-next_base
branch
from
45b4929
to
d2d4fa2
Compare
|
Upstream branch: 07ec7b5 |
kernel-patches-bot
force-pushed
the
series/690727=>bpf-next
branch
from
670b5b8
to
a58ebcd
Compare
kernel-patches-bot
force-pushed
the
bpf-next_base
branch
from
d2d4fa2
to
9588f70
Compare
|
Upstream branch: aa3496a |
kernel-patches-bot
force-pushed
the
series/690727=>bpf-next
branch
from
a58ebcd
to
7eda972
Compare
kernel-patches-bot
force-pushed
the
bpf-next_base
branch
from
9588f70
to
816772e
Compare
|
Upstream branch: af085f5 |
kernel-patches-bot
force-pushed
the
series/690727=>bpf-next
branch
from
7eda972
to
106c946
Compare
kernel-patches-bot
force-pushed
the
bpf-next_base
branch
from
816772e
to
5d1b61c
Compare
|
Upstream branch: db55911 |
kernel-patches-bot
force-pushed
the
series/690727=>bpf-next
branch
from
106c946
to
a8cf2ed
Compare
kernel-patches-bot
force-pushed
the
bpf-next_base
branch
from
5d1b61c
to
e869fb9
Compare
we got a syzkaller problem because of aarch64 alignment fault if KFENCE enabled. When the size from user bpf program is an odd number, like 399, 407, etc, it will cause the struct skb_shared_info's unaligned access. As seen below: BUG: KFENCE: use-after-free read in __skb_clone+0x23c/0x2a0 net/core/skbuff.c:1032 Use-after-free read at 0xffff6254fffac077 (in kfence-#213): __lse_atomic_add arch/arm64/include/asm/atomic_lse.h:26 [inline] arch_atomic_add arch/arm64/include/asm/atomic.h:28 [inline] arch_atomic_inc include/linux/atomic-arch-fallback.h:270 [inline] atomic_inc include/asm-generic/atomic-instrumented.h:241 [inline] __skb_clone+0x23c/0x2a0 net/core/skbuff.c:1032 skb_clone+0xf4/0x214 net/core/skbuff.c:1481 ____bpf_clone_redirect net/core/filter.c:2433 [inline] bpf_clone_redirect+0x78/0x1c0 net/core/filter.c:2420 bpf_prog_d3839dd9068ceb51+0x80/0x330 bpf_dispatcher_nop_func include/linux/bpf.h:728 [inline] bpf_test_run+0x3c0/0x6c0 net/bpf/test_run.c:53 bpf_prog_test_run_skb+0x638/0xa7c net/bpf/test_run.c:594 bpf_prog_test_run kernel/bpf/syscall.c:3148 [inline] __do_sys_bpf kernel/bpf/syscall.c:4441 [inline] __se_sys_bpf+0xad0/0x1634 kernel/bpf/syscall.c:4381 kfence-#213: 0xffff6254fffac000-0xffff6254fffac196, size=407, cache=kmalloc-512 allocated by task 15074 on cpu 0 at 1342.585390s: kmalloc include/linux/slab.h:568 [inline] kzalloc include/linux/slab.h:675 [inline] bpf_test_init.isra.0+0xac/0x290 net/bpf/test_run.c:191 bpf_prog_test_run_skb+0x11c/0xa7c net/bpf/test_run.c:512 bpf_prog_test_run kernel/bpf/syscall.c:3148 [inline] __do_sys_bpf kernel/bpf/syscall.c:4441 [inline] __se_sys_bpf+0xad0/0x1634 kernel/bpf/syscall.c:4381 __arm64_sys_bpf+0x50/0x60 kernel/bpf/syscall.c:4381 To fix the problem, we adjust @SiZe so that (@SiZe + @hearoom) is a multiple of SMP_CACHE_BYTES. So we make sure the struct skb_shared_info is aligned to a cache line. Fixes: 1cf1cae ("bpf: introduce BPF_PROG_TEST_RUN command") Signed-off-by: Baisong Zhong <zhongbaisong@huawei.com>
|
Upstream branch: f71b2f6 |
kernel-patches-bot
force-pushed
the
series/690727=>bpf-next
branch
from
a8cf2ed
to
cfd2017
Compare
|
At least one diff in series https://patchwork.kernel.org/project/netdevbpf/list/?series=691099 irrelevant now. Closing PR. |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Pull request for series with
subject: bpf, test_run: fix alignment problem in bpf_prog_test_run_skb()
version: 2
url: https://patchwork.kernel.org/project/netdevbpf/list/?series=691099