TWxSoftware/twx-linux
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
fb2b0e2901
twx-linux/net/core
History
Paul Chaignon 6fabca2fc9 bpf: Explicitly check accesses to bpf_sock_addr 
Syzkaller found a kernel warning on the following sock_addr program:

    0: r0 = 0
    1: r2 = *(u32 *)(r1 +60)
    2: exit

which triggers:

    verifier bug: error during ctx access conversion (0)

This is happening because offset 60 in bpf_sock_addr corresponds to an
implicit padding of 4 bytes, right after msg_src_ip4. Access to this
padding isn't rejected in sock_addr_is_valid_access and it thus later
fails to convert the access.

This patch fixes it by explicitly checking the various fields of
bpf_sock_addr in sock_addr_is_valid_access.

I checked the other ctx structures and is_valid_access functions and
didn't find any other similar cases. Other cases of (properly handled)
padding are covered in new tests in a subsequent patch.

Fixes: 1cedee13d25a ("bpf: Hooks for sys_sendmsg")
Reported-by: syzbot+136ca59d411f92e821b7@syzkaller.appspotmail.com
Signed-off-by: Paul Chaignon <paul.chaignon@gmail.com>
Signed-off-by: Daniel Borkmann <daniel@iogearbox.net>
Acked-by: Eduard Zingerman <eddyz87@gmail.com>
Acked-by: Daniel Borkmann <daniel@iogearbox.net>
Closes: https://syzkaller.appspot.com/bug?extid=136ca59d411f92e821b7
Link: https://lore.kernel.org/bpf/b58609d9490649e76e584b0361da0abd3c2c1779.1758094761.git.paul.chaignon@gmail.com
2025-09-17 16:15:17 +02:00
..
bpf_sk_storage.c bpf: Remove unnecessary BTF lookups in bpf_sk_storage_tracing_allowed 2025-01-29 08:51:51 -08:00
datagram.c net: Introduce skb_copy_datagram_from_iter_full() 2025-08-21 17:47:57 -07:00
dev_addr_lists_test.c
dev_addr_lists.c net: s/dev_pre_changeaddr_notify/netif_pre_changeaddr_notify/ 2025-07-18 17:27:47 -07:00
dev_api.c net: define an enum for the napi threaded state 2025-07-24 18:34:55 -07:00
dev_ioctl.c net: s/dev_get_flags/netif_get_flags/ 2025-07-18 17:27:47 -07:00
dev.c net: gso: Forbid IPv6 TSO with extensions on devices with only IPV6_CSUM 2025-08-18 17:20:06 -07:00
dev.h net: prevent deadlocks when enabling NAPIs with mixed kthread config 2025-08-12 14:43:05 +02:00
devmem.c net: devmem: fix DMA direction on unmapping 2025-08-04 17:15:38 -07:00
devmem.h net: devmem: fix DMA direction on unmapping 2025-08-04 17:15:38 -07:00
drop_monitor.c treewide, timers: Rename from_timer() to timer_container_of() 2025-06-08 09:07:37 +02:00
dst_cache.c net: dst: annotate data-races around dst->obsolete 2025-07-02 14:32:29 -07:00
dst.c net: dst: add four helpers to annotate data-races around dst->dev 2025-07-02 14:32:30 -07:00
failover.c
fib_notifier.c
fib_rules.c Merge git://git.kernel.org/pub/scm/linux/kernel/git/netdev/net 2025-04-17 12:26:50 -07:00
filter.c bpf: Explicitly check accesses to bpf_sock_addr 2025-09-17 16:15:17 +02:00
flow_dissector.c net: remove '__' from __skb_flow_get_ports() 2025-02-24 14:27:53 -08:00
flow_offload.c
gen_estimator.c net_sched: gen_estimator: fix est_timer() vs CONFIG_PREEMPT_RT=y 2025-08-29 19:04:20 -07:00
gen_stats.c
gro_cells.c
gro.c Merge git://git.kernel.org/pub/scm/linux/kernel/git/netdev/net 2025-02-27 10:20:58 -08:00
gso.c
hotdata.c tcp: move tcp_memory_allocated into net_aligned_data 2025-07-02 14:22:02 -07:00
hwbm.c
ieee8021q_helpers.c net: ieee8021q: fix insufficient table-size assertion 2025-07-01 12:55:49 +02:00
link_watch.c net: hold instance lock during NETDEV_CHANGE 2025-04-07 11:13:39 -07:00
lock_debug.c netdev: fix the locking for netdev notifications 2025-04-17 18:55:14 -07:00
lwt_bpf.c bpf: lwtunnel: Prepare bpf_lwt_xmit_reroute() to future .flowi4_tos conversion. 2024-11-14 19:07:49 -08:00
lwtunnel.c inet: Remove rtnl_is_held arg of lwtunnel_valid_encap_type(_attr)?(). 2025-05-20 19:18:24 -07:00
Makefile net: rename rtnl_net_debug to lock_debug 2025-04-03 15:32:08 -07:00
mp_dmabuf_devmem.h
neighbour.c Merge git://git.kernel.org/pub/scm/linux/kernel/git/netdev/net 2025-07-26 11:49:45 -07:00
net_namespace.c Networking changes for 6.17. 2025-07-30 08:58:55 -07:00
net_test.c
net-procfs.c net: add data-race annotations in softnet_seq_show() 2025-04-08 12:30:55 -07:00
net-sysfs.c net: s/dev_set_threaded/netif_set_threaded/ 2025-07-18 17:27:47 -07:00
net-sysfs.h net: remove RTNL use for /proc/sys/net/core/rps_default_mask 2025-07-07 18:42:12 -07:00
net-traces.c
netclassid_cgroup.c net, bpf: Fix RCU usage in task_cls_state() for BPF programs 2025-06-11 21:30:29 +02:00
netdev_rx_queue.c net: Reoder rxq_idx check in __net_mp_open_rxq() 2025-06-25 16:53:51 -07:00
netdev-genl-gen.c net: define an enum for the napi threaded state 2025-07-24 18:34:55 -07:00
netdev-genl-gen.h net: devmem: TCP tx netlink api 2025-05-13 11:12:48 +02:00
netdev-genl.c net: define an enum for the napi threaded state 2025-07-24 18:34:55 -07:00
netevent.c
netmem_priv.h page_pool: Track DMA-mapped pages and unmap them when destroying the pool 2025-04-14 16:30:29 -07:00
netpoll.c netpoll: prevent hanging NAPI when netcons gets enabled 2025-07-30 18:05:52 -07:00
netprio_cgroup.c
of_net.c
page_pool_priv.h net: page_pool: don't try to stash the napi id 2025-01-27 14:37:41 -08:00
page_pool_user.c net: use napi_id_valid helper 2025-02-17 16:43:04 -08:00
page_pool.c page_pool: fix incorrect mp_ops error handling 2025-08-22 15:52:02 -07:00
pktgen.c net: pktgen: fix code style (WARNING: Prefer strscpy over strcpy) 2025-04-17 13:02:41 +02:00
ptp_classifier.c
request_sock.c
rtnetlink.c net: s/dev_get_flags/netif_get_flags/ 2025-07-18 17:27:47 -07:00
scm.c af_unix: enable handing out pidfds for reaped tasks in SCM_PIDFD 2025-07-04 09:32:35 +02:00
secure_seq.c net: Retire DCCP socket. 2025-04-11 18:58:10 -07:00
selftests.c net: selftests: add PHY-loopback test for bad TCP checksums 2025-07-18 17:19:46 -07:00
skb_fault_injection.c
skbuff.c skbuff: Add MSG_MORE flag to optimize tcp large packet transmission 2025-07-09 19:25:57 -07:00
skmsg.c bpf, sockmap: Fix psock incorrectly pointing to sk 2025-06-10 18:16:15 +02:00
sock_destructor.h
sock_diag.c net: Retire DCCP socket. 2025-04-11 18:58:10 -07:00
sock_map.c bpf: Remove attach_type in sockmap_link 2025-07-11 10:51:55 -07:00
sock_reuseport.c
sock.c net: lockless sock_i_ino() 2025-09-03 16:08:24 -07:00
stream.c net: stream: add description for sk_stream_write_space() 2025-07-18 16:57:21 -07:00
sysctl_net_core.c net: remove RTNL use for /proc/sys/net/core/rps_default_mask 2025-07-07 18:42:12 -07:00
timestamping.c net: Add the possibility to support a selected hwtstamp in netdevice 2024-12-16 12:51:40 +00:00
tso.c
utils.c net: Fix checksum update for ILA adj-transport 2025-05-30 19:53:51 -07:00
xdp.c xsk: add missing virtual address conversion for page 2025-05-27 11:46:47 +02:00