1
linux/include
Toke Høiland-Jørgensen 09d88791c7 bpf: Make sure internal and UAPI bpf_redirect flags don't overlap
The bpf_redirect_info is shared between the SKB and XDP redirect paths,
and the two paths use the same numeric flag values in the ri->flags
field (specifically, BPF_F_BROADCAST == BPF_F_NEXTHOP). This means that
if skb bpf_redirect_neigh() is used with a non-NULL params argument and,
subsequently, an XDP redirect is performed using the same
bpf_redirect_info struct, the XDP path will get confused and end up
crashing, which syzbot managed to trigger.

With the stack-allocated bpf_redirect_info, the structure is no longer
shared between the SKB and XDP paths, so the crash doesn't happen
anymore. However, different code paths using identically-numbered flag
values in the same struct field still seems like a bit of a mess, so
this patch cleans that up by moving the flag definitions together and
redefining the three flags in BPF_F_REDIRECT_INTERNAL to not overlap
with the flags used for XDP. It also adds a BUILD_BUG_ON() check to make
sure the overlap is not re-introduced by mistake.

Fixes: e624d4ed4a ("xdp: Extend xdp_redirect_map with broadcast support")
Reported-by: syzbot+cca39e6e84a367a7e6f6@syzkaller.appspotmail.com
Signed-off-by: Toke Høiland-Jørgensen <toke@redhat.com>
Signed-off-by: Daniel Borkmann <daniel@iogearbox.net>
Acked-by: Daniel Borkmann <daniel@iogearbox.net>
Closes: https://syzkaller.appspot.com/bug?extid=cca39e6e84a367a7e6f6
Link: https://lore.kernel.org/bpf/20240920125625.59465-1-toke@redhat.com
2024-10-01 21:40:12 +02:00
..
acpi Power management updates for 6.12-rc1 2024-09-16 07:47:50 +02:00
asm-generic sched_ext: Initial pull request for v6.12 2024-09-21 09:44:57 -07:00
clocksource
crypto
drm drm next for 6.12-rc1 2024-09-19 10:18:15 +02:00
dt-bindings The core clk framework is left largely untouched this time around except for 2024-09-23 15:01:48 -07:00
keys KEYS: Remove unused declarations 2024-09-20 18:28:26 +03:00
kunit The core clk framework is left largely untouched this time around except for 2024-09-23 15:01:48 -07:00
kvm
linux NFS Client Updates for Linux 6.12 2024-09-24 15:44:18 -07:00
math-emu
media
memory
misc
net bluetooth-next pull request for net-next: 2024-09-13 19:50:25 -07:00
pcmcia
ras
rdma RDMA/nldev: Add support for RDMA monitoring 2024-09-13 08:29:14 +03:00
rv
scsi SCSI misc on 20240919 2024-09-19 11:28:51 +02:00
soc soc: driver updates for 6.12 2024-09-17 10:48:09 +02:00
sound ASoC: Updates for v6.12 2024-09-14 09:09:59 +02:00
target
trace f2fs-6.12-rc1 2024-09-24 15:12:38 -07:00
uapi bpf: Make sure internal and UAPI bpf_redirect flags don't overlap 2024-10-01 21:40:12 +02:00
ufs Many singleton patches - please see the various changelogs for details. 2024-09-21 08:20:50 -07:00
vdso random: vDSO: add a __vdso_getrandom prototype for all architectures 2024-09-13 17:28:35 +02:00
video
xen