On Wed, Nov 10, 2021 at 9:45 AM Song Liu <songliubraving@xxxxxx> wrote:
>
> syzbot reported the following BUG w/o CONFIG_DEBUG_INFO_BTF
>
> BUG: KASAN: global-out-of-bounds in task_iter_init+0x212/0x2e7 kernel/bpf/task_iter.c:661
> Read of size 4 at addr ffffffff90297404 by task swapper/0/1
>
...
>
> This is caused by hard-coded name[1] in BTF_ID_LIST_GLOBAL (w/o
> CONFIG_DEBUG_INFO_BTF). Fix this by adding a parameter n to
> BTF_ID_LIST_GLOBAL. This avoids ifdef CONFIG_DEBUG_INFO_BTF in btf.c and
> filter.c.
>
> Fixes: 7c7e3d31e785 ("bpf: Introduce helper bpf_find_vma")
> Reported-by: syzbot+e0d81ec552a21d9071aa@xxxxxxxxxxxxxxxxxxxxxxxxx
> Suggested-by: Eric Dumazet <edumazet@xxxxxxxxxx>
> Reported-by: Eric Dumazet <edumazet@xxxxxxxxxx>
> Signed-off-by: Song Liu <songliubraving@xxxxxx>
> ---
> include/linux/btf_ids.h | 6 +++---
> kernel/bpf/btf.c | 2 +-
> net/core/filter.c | 6 +-----
> 3 files changed, 5 insertions(+), 9 deletions(-)
SGTM, thanks !
Reviewed-by: Eric Dumazet <edumazet@xxxxxxxxxx>
