Liu RuiTong reported an in-kernel null pointer derefence when processing BPF_CORE_TYPE_ID_LOCAL relocations referencing non-existing BTF types. Fix this by adding proper id checks. Changes v2->v3: - selftest update suggested by Andrii: avoid memset(0) for log buffer and do memset(0) for bpf_attr. Changes v1->v2: - moved check from bpf_core_calc_relo_insn() to bpf_core_apply() now both in kernel and in libbpf relocation type id is guaranteed to exist when bpf_core_calc_relo_insn() is called; - added a test case. v1: https://lore.kernel.org/bpf/20240821164620.1056362-1-eddyz87@xxxxxxxxx/ v2: https://lore.kernel.org/bpf/20240822001837.2715909-1-eddyz87@xxxxxxxxx/ Eduard Zingerman (2): bpf: correctly handle malformed BPF_CORE_TYPE_ID_LOCAL relos selftests/bpf: test for malformed BPF_CORE_TYPE_ID_LOCAL relocation kernel/bpf/btf.c | 8 ++ .../selftests/bpf/prog_tests/core_reloc_raw.c | 125 ++++++++++++++++++ 2 files changed, 133 insertions(+) create mode 100644 tools/testing/selftests/bpf/prog_tests/core_reloc_raw.c -- 2.45.2
