On Sun, Jul 28, 2024 at 4:47 AM Leon Hwang <leon.hwang@xxxxxxxxx> wrote:
>
> Fixes: f7866c358733 ("bpf: Fix null pointer dereference in resolve_prog_type() for BPF_PROG_TYPE_EXT")
> Cc: Toke Høiland-Jørgensen <toke@xxxxxxxxxx>
> Cc: Martin KaFai Lau <martin.lau@xxxxxxxxxx>
> Acked-by: Yonghong Song <yonghong.song@xxxxxxxxx>
> Signed-off-by: Leon Hwang <leon.hwang@xxxxxxxxx>
> ---
> include/linux/bpf_verifier.h | 4 ++--
> 1 file changed, 2 insertions(+), 2 deletions(-)
>
> diff --git a/include/linux/bpf_verifier.h b/include/linux/bpf_verifier.h
> index 5cea15c81b8a8..bfd093ac333f2 100644
> --- a/include/linux/bpf_verifier.h
> +++ b/include/linux/bpf_verifier.h
> @@ -874,8 +874,8 @@ static inline u32 type_flag(u32 type)
> /* only use after check_attach_btf_id() */
> static inline enum bpf_prog_type resolve_prog_type(const struct bpf_prog *prog)
> {
> - return (prog->type == BPF_PROG_TYPE_EXT && prog->aux->dst_prog) ?
> - prog->aux->dst_prog->type : prog->type;
> + return (prog->type == BPF_PROG_TYPE_EXT && prog->aux->saved_dst_prog_type) ?
> + prog->aux->saved_dst_prog_type : prog->type;
Sorry for the delay.
The fix lgtm.
I reworded the commit log, since it's too verbose and applied to bpf tree.
I will apply selftest to bpf-next when the fix makes it all the way there.
Otherwise there will be non-trivial conflicts.
