[PATCH bpf-next v3 0/2] bpf: fix null pointer access for malformed BPF_CORE_TYPE_ID_LOCAL relos

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



Liu RuiTong reported an in-kernel null pointer derefence when
processing BPF_CORE_TYPE_ID_LOCAL relocations referencing non-existing
BTF types. Fix this by adding proper id checks.

Changes v2->v3:
- selftest update suggested by Andrii:
  avoid memset(0) for log buffer and do memset(0) for bpf_attr.

Changes v1->v2:
- moved check from bpf_core_calc_relo_insn() to bpf_core_apply()
  now both in kernel and in libbpf relocation type id is guaranteed
  to exist when bpf_core_calc_relo_insn() is called;
- added a test case.

v1: https://lore.kernel.org/bpf/20240821164620.1056362-1-eddyz87@xxxxxxxxx/
v2: https://lore.kernel.org/bpf/20240822001837.2715909-1-eddyz87@xxxxxxxxx/

Eduard Zingerman (2):
  bpf: correctly handle malformed BPF_CORE_TYPE_ID_LOCAL relos
  selftests/bpf: test for malformed BPF_CORE_TYPE_ID_LOCAL relocation

 kernel/bpf/btf.c                              |   8 ++
 .../selftests/bpf/prog_tests/core_reloc_raw.c | 125 ++++++++++++++++++
 2 files changed, 133 insertions(+)
 create mode 100644 tools/testing/selftests/bpf/prog_tests/core_reloc_raw.c

-- 
2.45.2





[Index of Archives]     [Linux Samsung SoC]     [Linux Rockchip SoC]     [Linux Actions SoC]     [Linux for Synopsys ARC Processors]     [Linux NFS]     [Linux NILFS]     [Linux USB Devel]     [Video for Linux]     [Linux Audio Users]     [Yosemite News]     [Linux Kernel]     [Linux SCSI]


  Powered by Linux