Hello,
在 2024/2/8 17:09, Yafang Shao 写道:
Failure to initialize it->pos, coupled with the presence of an invalid
value in the flags variable, can lead to it->pos referencing an invalid
task, potentially resulting in a kernel panic. To mitigate this risk, it's
crucial to ensure proper initialization of it->pos to 0.
Fixes: c68a78ffe2cb ("bpf: Introduce task open coded iterator kfuncs")
Signed-off-by: Yafang Shao <laoar.shao@xxxxxxxxx>
Cc: Chuyi Zhou <zhouchuyi@xxxxxxxxxxxxx>
---
kernel/bpf/task_iter.c | 2 ++
1 file changed, 2 insertions(+)
diff --git a/kernel/bpf/task_iter.c b/kernel/bpf/task_iter.c
index e5c3500443c6..ec4e97c61eef 100644
--- a/kernel/bpf/task_iter.c
+++ b/kernel/bpf/task_iter.c
@@ -978,6 +978,8 @@ __bpf_kfunc int bpf_iter_task_new(struct bpf_iter_task *it,
BUILD_BUG_ON(__alignof__(struct bpf_iter_task_kern) !=
__alignof__(struct bpf_iter_task));
+ kit->pos = NULL;
+
switch (flags) {
case BPF_TASK_ITER_ALL_THREADS:
case BPF_TASK_ITER_ALL_PROCS:
LGTM.
Actually commit c68a78ffe2c ("bpf: Introduce task open coded iterator
kfuncs") initialize it->pos to NULL. But it seems the following commit
ac8148d957f5043 ("bpf: bpf_iter_task_next: use next_task(kit->task)
rather than next_task(kit->pos)") drops this initialization.
Thanks.
