Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

bpf: Fix use-after-free of sockmap #8563

Open
wants to merge 3 commits into
base: bpf-next_base
Choose a base branch
from
Open

bpf: Fix use-after-free of sockmap #8563

wants to merge 3 commits into from
+84 −6

Conversation

kernel-patches-daemon-bpf[bot]
Copy link

Pull request for series with
subject: bpf: Fix use-after-free of sockmap
version: 1
url: https://patchwork.kernel.org/project/netdevbpf/list/?series=938035

@kernel-patches-daemon-bpf
Copy link
Author

Upstream branch: 4e4136c
series: https://patchwork.kernel.org/project/netdevbpf/list/?series=938035
version: 1

@kernel-patches-daemon-bpf
Copy link
Author

Upstream branch: 9138048
series: https://patchwork.kernel.org/project/netdevbpf/list/?series=938035
version: 1

@kernel-patches-daemon-bpf
Copy link
Author

Upstream branch: b123480
series: https://patchwork.kernel.org/project/netdevbpf/list/?series=938035
version: 1

@kernel-patches-daemon-bpf
Copy link
Author

Upstream branch: 4580f4e
series: https://patchwork.kernel.org/project/netdevbpf/list/?series=938035
version: 1

@kernel-patches-daemon-bpf
Copy link
Author

Upstream branch: 0ba0ef0
series: https://patchwork.kernel.org/project/netdevbpf/list/?series=938035
version: 1

@kernel-patches-daemon-bpf
Copy link
Author

Upstream branch: fc3ab17
series: https://patchwork.kernel.org/project/netdevbpf/list/?series=938035
version: 1

@kernel-patches-daemon-bpf
Copy link
Author

Upstream branch: 43d9d43
series: https://patchwork.kernel.org/project/netdevbpf/list/?series=938035
version: 1

@kernel-patches-daemon-bpf
Copy link
Author

Upstream branch: 42c5e6d
series: https://patchwork.kernel.org/project/netdevbpf/list/?series=938035
version: 1

@kernel-patches-daemon-bpf
Copy link
Author

Upstream branch: 7586e21
series: https://patchwork.kernel.org/project/netdevbpf/list/?series=938820
version: 2

@kernel-patches-daemon-bpf
Copy link
Author

Upstream branch: 7586e21
series: https://patchwork.kernel.org/project/netdevbpf/list/?series=938820
version: 2

@kernel-patches-daemon-bpf
Copy link
Author

Upstream branch: 7586e21
series: https://patchwork.kernel.org/project/netdevbpf/list/?series=938820
version: 2

@kernel-patches-daemon-bpf
Copy link
Author

Upstream branch: ad55432
series: https://patchwork.kernel.org/project/netdevbpf/list/?series=938820
version: 2

@kernel-patches-daemon-bpf
Copy link
Author

Upstream branch: ad55432
series: https://patchwork.kernel.org/project/netdevbpf/list/?series=938820
version: 2

@kernel-patches-daemon-bpf
Copy link
Author

Upstream branch: c6287f1
series: https://patchwork.kernel.org/project/netdevbpf/list/?series=938820
version: 2

@kernel-patches-daemon-bpf
Copy link
Author

Upstream branch: c6287f1
series: https://patchwork.kernel.org/project/netdevbpf/list/?series=938820
version: 2

mrpre added 3 commits March 4, 2025 13:05
@mrpre
bpf, sockmap: avoid using sk_socket after free
a6a563e 
Use RCU lock to protect sk_socket, preventing concurrent close and release
by another thread.

Because TCP/UDP are already within a relatively large critical section:
'''
ip_local_deliver_finish
  rcu_read_lock
  ip_protocol_deliver_rcu
      tcp_rcv/udp_rcv
  rcu_read_unlock
'''

Adding rcu_read_{un}lock() at the entrance and exit of sk_data_ready
will not increase performance overhead.

Fixes: c638291 ("af_unix: Implement ->psock_update_sk_prot()")
Reported-by: [email protected]
Closes: https://lore.kernel.org/bpf/[email protected]/
Reviewed-by: Cong Wang <[email protected]>
Reviewed-by: John Fastabend <[email protected]>
Signed-off-by: Jiayuan Chen <[email protected]>
@mrpre
selftests/bpf: Add socketpair to create_pair to support unix socket
e4ca764 
Current wrapper function create_pair() is used to create a pair of
connected links and returns two fds, but it does not support unix sockets.

Here we introduce socketpair() into create_pair(), which supports creating
a pair of unix sockets, since the semantics of the two are the same.

Signed-off-by: Jiayuan Chen <[email protected]>
@mrpre
selftests/bpf: Add edge case tests for sockmap
f1ccbd8 
Add edge case tests for sockmap.

Acked-by: Cong Wang <[email protected]>
Signed-off-by: Jiayuan Chen <[email protected]>
@kernel-patches-daemon-bpf
Copy link
Author

Upstream branch: 42ba8a4
series: https://patchwork.kernel.org/project/netdevbpf/list/?series=938820
version: 2

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
bpf-next new V2-ci-pass V2
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
1 participant
@mrpre