Re: CVE-2024-42082: xdp: Remove WARN() from __xdp_reg_mem_model()
From: Shung-Hsi Yu
Date: Tue Aug 06 2024 - 04:49:19 EST
On Mon, Jul 29, 2024 at 05:53:11PM GMT, Greg Kroah-Hartman wrote:
> Description
> ===========
>
> In the Linux kernel, the following vulnerability has been resolved:
>
> xdp: Remove WARN() from __xdp_reg_mem_model()
>
> syzkaller reports a warning in __xdp_reg_mem_model().
>
> The warning occurs only if __mem_id_init_hash_table() returns an error. It
> returns the error in two cases:
>
> 1. memory allocation fails;
> 2. rhashtable_init() fails when some fields of rhashtable_params
> struct are not initialized properly.
>
> The second case cannot happen since there is a static const rhashtable_params
> struct with valid fields. So, warning is only triggered when there is a
> problem with memory allocation.
>
> Thus, there is no sense in using WARN() to handle this error and it can be
> safely removed.
[...]
The mention fix (below) simply removed a WARN_ON(1) call, so I believe
there's no security implication here.
--- a/net/core/xdp.c
+++ b/net/core/xdp.c
@@ -295,10 +295,8 @@ static struct xdp_mem_allocator *__xdp_reg_mem_model(struct xdp_mem_info *mem,
mutex_lock(&mem_id_lock);
ret = __mem_id_init_hash_table();
mutex_unlock(&mem_id_lock);
- if (ret < 0) {
- WARN_ON(1);
+ if (ret < 0)
return ERR_PTR(ret);
- }
}
xdp_alloc = kzalloc(sizeof(*xdp_alloc), gfp);