Hello:
This patch was applied to bpf/bpf-next.git (master)
by Alexei Starovoitov <ast@xxxxxxxxxx>:
On Fri, 20 Dec 2024 12:18:18 -0800 you wrote:
> From: Martin KaFai Lau <martin.lau@xxxxxxxxxx>
>
> There is a UAF report in the bpf_struct_ops when CONFIG_MODULES=n.
> In particular, the report is on tcp_congestion_ops that has
> a "struct module *owner" member.
>
> For struct_ops that has a "struct module *owner" member,
> it can be extended either by the regular kernel module or
> by the bpf_struct_ops. bpf_try_module_get() will be used
> to do the refcounting and different refcount is done
> based on the owner pointer. When CONFIG_MODULES=n,
> the btf_id of the "struct module" is missing:
>
> [...]
Here is the summary with links:
- [bpf-next] bpf: Reject struct_ops registration that uses module ptr and the module btf_id is missing
https://git.kernel.org/bpf/bpf-next/c/96ea081ed52b
You are awesome, thank you!
--
Deet-doot-dot, I am a bot.
https://korg.docs.kernel.org/patchwork/pwbot.html
