From: Kui-Feng Lee <thinker.li@xxxxxxxxx>
Recently, cfi_stubs were introduced. However, existing struct_ops types
that are not in the upstream may not be aware of this, resulting in kernel
crashes. By rejecting struct_ops types that do not provide cfi_stubs during
registration, these crashes can be avoided.
Signed-off-by: Kui-Feng Lee <thinker.li@xxxxxxxxx>
---
kernel/bpf/bpf_struct_ops.c | 14 ++++++++++++++
1 file changed, 14 insertions(+)
diff --git a/kernel/bpf/bpf_struct_ops.c b/kernel/bpf/bpf_struct_ops.c
index 0d7be97a2411..9febd450d224 100644
--- a/kernel/bpf/bpf_struct_ops.c
+++ b/kernel/bpf/bpf_struct_ops.c
@@ -302,6 +302,11 @@ int bpf_struct_ops_desc_init(struct bpf_struct_ops_desc *st_ops_desc,
}
sprintf(value_name, "%s%s", VALUE_PREFIX, st_ops->name);
+ if (!st_ops->cfi_stubs) {
+ pr_warn("struct %s has no cfi_stubs\n", st_ops->name);
+ return -EINVAL;
+ }
+
type_id = btf_find_by_name_kind(btf, st_ops->name,
BTF_KIND_STRUCT);
if (type_id < 0) {
@@ -339,6 +344,7 @@ int bpf_struct_ops_desc_init(struct bpf_struct_ops_desc *st_ops_desc,
for_each_member(i, t, member) {
const struct btf_type *func_proto;
+ u32 moff;
mname = btf_name_by_offset(btf, member->name_off);
if (!*mname) {
@@ -361,6 +367,14 @@ int bpf_struct_ops_desc_init(struct bpf_struct_ops_desc *st_ops_desc,
if (!func_proto)
continue;
+ moff = __btf_member_bit_offset(t, member) / 8;
+ if (!*(void **)(st_ops->cfi_stubs + moff)) {
+ pr_warn("member %s in struct %s has no cfi stub function\n",
+ mname, st_ops->name);
+ err = -EINVAL;
+ goto errout;
+ }
+
if (btf_distill_func_proto(log, btf,
func_proto, mname,
&st_ops->func_models[i])) {
--
2.34.1
