Re: [syzbot] Re: [syzbot] [bpf?] [net?] KASAN: slab-use-after-free Read in bq_xmit_all
From: syzbot
Date: Sun Jul 21 2024 - 06:45:24 EST
For archival purposes, forwarding an incoming command email to
linux-kernel@xxxxxxxxxxxxxxx.
***
Subject: Re: [syzbot] [bpf?] [net?] KASAN: slab-use-after-free Read in bq_xmit_all
Author: aha310510@xxxxxxxxx
#syz test git://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git master
---
kernel/bpf/devmap.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/kernel/bpf/devmap.c b/kernel/bpf/devmap.c
index 9e0e3b0a18e4..bca00badc0f8 100644
--- a/kernel/bpf/devmap.c
+++ b/kernel/bpf/devmap.c
@@ -465,7 +465,7 @@ static void bq_enqueue(struct net_device *dev, struct xdp_frame *xdpf,
* Do the same with xdp_prog and flush_list since these fields
* are only ever modified together.
*/
- if (!bq->dev_rx) {
+ if (!bq->dev_rx && bq->count <= DEV_MAP_BULK_SIZE) {
struct list_head *flush_list = bpf_net_ctx_get_dev_flush_list();
bq->dev_rx = dev_rx;
--