On Thu, Nov 12, 2020 at 1:19 AM Martin KaFai Lau <kafai@xxxxxx> wrote:
>
> In bpf_pid_task_storage_update_elem(), it missed to
> test the !task_storage_ptr(task) which then could trigger a NULL
> pointer exception in bpf_local_storage_update().
>
> Fixes: 4cf1bc1f1045 ("bpf: Implement task local storage")
> Tested-by: Roman Gushchin <guro@xxxxxx>
> Cc: KP Singh <kpsingh@xxxxxxxxxxxx>
> Signed-off-by: Martin KaFai Lau <kafai@xxxxxx>
Acked-by: KP Singh <kpsingh@xxxxxxxxxx>
Thanks for fixing this! I had it in v1 and while actioning:
https://lore.kernel.org/bpf/20201028011321.4yu62347lfzisxwy@kafai-mbp
I inadvertently removed it from bpf_pid_task_storage_update_elem too.
> ---
> kernel/bpf/bpf_task_storage.c | 2 +-
> 1 file changed, 1 insertion(+), 1 deletion(-)
>
> diff --git a/kernel/bpf/bpf_task_storage.c b/kernel/bpf/bpf_task_storage.c
> index 39a45fba4fb0..4ef1959a78f2 100644
> --- a/kernel/bpf/bpf_task_storage.c
> +++ b/kernel/bpf/bpf_task_storage.c
> @@ -150,7 +150,7 @@ static int bpf_pid_task_storage_update_elem(struct bpf_map *map, void *key,
> */
> WARN_ON_ONCE(!rcu_read_lock_held());
> task = pid_task(pid, PIDTYPE_PID);
> - if (!task) {
> + if (!task || !task_storage_ptr(task)) {
> err = -ENOENT;
> goto out;
> }
> --
> 2.24.1
>
