git.baikalelectronics.ru Git - kernel.git/commit

author	Toke Høiland-Jørgensen <toke@redhat.com>
	Thu, 10 Mar 2022 22:56:20 +0000 (23:56 +0100)
committer	Daniel Borkmann <daniel@iogearbox.net>
	Fri, 11 Mar 2022 21:01:26 +0000 (22:01 +0100)
commit	f0b2a7cfa40e117582162ce0f391156a6e308d53
tree	85db2d01a348b642474dfb3eaef4682095fcbaf3	tree \| snapshot
parent	8e13fb151d0ae366f21214677725bb36d895f9f4	commit \| diff

bpf, test_run: Fix packet size check for live packet mode

The live packet mode uses some extra space at the start of each page to
cache data structures so they don't have to be rebuilt at every repetition.
This space wasn't correctly accounted for in the size checking of the
arguments supplied to userspace. In addition, the definition of the frame
size should include the size of the skb_shared_info (as there is other
logic that subtracts the size of this).

Together, these mistakes resulted in userspace being able to trip the
XDP_WARN() in xdp_update_frame_from_buff(), which syzbot discovered in
short order. Fix this by changing the frame size define and adding the
extra headroom to the bpf_prog_test_run_xdp() function. Also drop the
max_len parameter to the page_pool init, since this is related to DMA which
is not used for the page pool instance in PROG_TEST_RUN.

Fixes: c23b8c0ec3f7 ("bpf: Add "live packet" mode for XDP in BPF_PROG_RUN")
Reported-by: syzbot+0e91362d99386dc5de99@syzkaller.appspotmail.com
Signed-off-by: Toke Høiland-Jørgensen <toke@redhat.com>
Signed-off-by: Daniel Borkmann <daniel@iogearbox.net>
Acked-by: Martin KaFai Lau <kafai@fb.com>
Link: https://lore.kernel.org/bpf/20220310225621.53374-1-toke@redhat.com