bpf: Don't redirect packets with invalid pkt_len
Syzbot found an issue [1]: fq_codel_drop() try to drop a flow whitout any skbs, that is, the flow->head is null. The root cause, as the [2] says, is because that bpf_prog_test_run_skb() run a bpf prog which redirects empty skbs. So we should determine whether the length of the packet modified by bpf prog or others like bpf_prog_test is valid before forwarding it directly. LINK: [1] https://syzkaller.appspot.com/bug?id=0b84da80c2917757915afa89f7738a9d16ec96c5 LINK: [2] https://www.spinics.net/lists/netdev/msg777503.html Reported-by: <syzbot+7a12909485b94426aceb@syzkaller.appspotmail.com> Signed-off-by: Zhengchao Shao <shaozhengchao@huawei.com> Reviewed-by: Stanislav Fomichev <sdf@google.com> Link: https://lore.kernel.org/r/20220715115559.139691-1-shaozhengchao@huawei.com Signed-off-by: Alexei Starovoitov <ast@kernel.org>
parent
92f61973
-
mentioned in commit 6204bf78
-
mentioned in commit 4931af31
-
mentioned in commit a7598771
-
mentioned in commit facf99bc
-
mentioned in commit 72f2dc89
-
mentioned in commit ec274d8f
-
mentioned in commit 8b68e53d
-
mentioned in commit 25a80e72
-
mentioned in commit 3a4d061c
-
mentioned in commit 9974d220
-
mentioned in commit df0da3fc
-
mentioned in commit 74914b8f
-
mentioned in commit 63a35f42
-
mentioned in commit b22801fe
-
mentioned in commit 791489a5
-
mentioned in commit 34f31a2b
-
mentioned in commit 4a36de89
Please register or sign in to comment