CVE-2023-53660

In the Linux kernel, the following vulnerability has been resolved:

bpf, cpumap: Handle skb as well when clean up ptr_ring

The following warning was reported when running xdpredirectcpu with both skb-mode and stress-mode enabled:

------------[ cut here ]------------ Incorrect XDP memory type (-2128176192) usage WARNING: CPU: 7 PID: 1442 at net/core/xdp.c:405 Modules linked in: CPU: 7 PID: 1442 Comm: kworker/7:0 Tainted: G 6.5.0-rc2+ #1 Hardware name: QEMU Standard PC (i440FX + PIIX, 1996) Workqueue: events __cpumapentry_free RIP: 0010:__xdpreturn+0x1e4/0x4a0 ...... Call Trace: <TASK> ? showregs+0x65/0x70 ? __warn+0xa5/0x240 ? __xdpreturn+0x1e4/0x4a0 ...... xdpreturn_frame+0x4d/0x150 _cpumapentryfree+0xf9/0x230 processonework+0x6b0/0xb80 workerthread+0x96/0x720 kthread+0x1a5/0x1f0 retfromfork+0x3a/0x70 retfromforkasm+0x1b/0x30 </TASK>

The reason for the warning is twofold. One is due to the kthread cpumapkthread_run() is stopped prematurely. Another one is __cpumapringcleanup() doesn't handle skb mode and treats skbs in ptrring as XDP frames.

Prematurely-stopped kthread will be fixed by the preceding patch and ptr_ring will be empty when __cpumapring_cleanup() is called. But as the comments in __cpumapringcleanup() said, handling and freeing skbs in ptrring as well to "catch any broken behaviour gracefully".