Re: [PATCH 1/2] bpf: cgroup: Fix optlen WARN_ON_ONCE toctou

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

Hello:

This series was applied to bpf/bpf.git (refs/heads/master):

On Fri, 22 Jan 2021 17:42:31 +0100 you wrote:
> A toctou issue in `__cgroup_bpf_run_filter_getsockopt` can trigger a
> WARN_ON_ONCE in a check of `copy_from_user`.
> `*optlen` is checked to be non-negative in the individual getsockopt
> functions beforehand. Changing `*optlen` in a race to a negative value
> will result in a `copy_from_user(ctx.optval, optval, ctx.optlen)` with
> `ctx.optlen` being a negative integer.
> 
> [...]

Here is the summary with links:
  - [1/2] bpf: cgroup: Fix optlen WARN_ON_ONCE toctou
    https://git.kernel.org/bpf/bpf/c/bb8b81e396f7
  - [2/2] bpf: cgroup: Fix problematic bounds check
    https://git.kernel.org/bpf/bpf/c/f4a2da755a7e

You are awesome, thank you!
--
Deet-doot-dot, I am a bot.
https://korg.docs.kernel.org/patchwork/pwbot.html
[Index of Archives]     [Linux Samsung SoC]     [Linux Rockchip SoC]     [Linux Actions SoC]     [Linux for Synopsys ARC Processors]     [Linux NFS]     [Linux NILFS]     [Linux USB Devel]     [Video for Linux]     [Linux Audio Users]     [Yosemite News]     [Linux Kernel]     [Linux SCSI]

  Powered by Linux