From: Eric Dumazet <edumazet@xxxxxxxxxx>
It appears map_get_next_key() method is mandatory,
as syzbot is able to trigger a NULL deref in map_get_next_key().
Fixes: 9330986c0300 ("bpf: Add bloom filter map implementation")
Reported-by: syzbot <syzkaller@xxxxxxxxxxxxxxxx>
Signed-off-by: Eric Dumazet <edumazet@xxxxxxxxxx>
Cc: Alexei Starovoitov <ast@xxxxxxxxxx>
Cc: Yonghong Song <yhs@xxxxxx>
---
kernel/bpf/bloom_filter.c | 7 +++++++
1 file changed, 7 insertions(+)
diff --git a/kernel/bpf/bloom_filter.c b/kernel/bpf/bloom_filter.c
index 277a05e9c9849324a277d77eeec12963cc7519b7..34f48058515cfd3f8ea6816ccad1f4a26eba0ebf 100644
--- a/kernel/bpf/bloom_filter.c
+++ b/kernel/bpf/bloom_filter.c
@@ -82,6 +82,12 @@ static int bloom_map_delete_elem(struct bpf_map *map, void *value)
return -EOPNOTSUPP;
}
+static int bloom_get_next_key(struct bpf_map *map, void *key,
+ void *next_key)
+{
+ return -ENOTSUPP;
+}
+
static struct bpf_map *bloom_map_alloc(union bpf_attr *attr)
{
u32 bitset_bytes, bitset_mask, nr_hash_funcs, nr_bits;
@@ -201,4 +207,5 @@ const struct bpf_map_ops bloom_filter_map_ops = {
.map_check_btf = bloom_map_check_btf,
.map_btf_name = "bpf_bloom_filter",
.map_btf_id = &bpf_bloom_map_btf_id,
+ .map_get_next_key = bloom_get_next_key,
};
--
2.34.1.448.ga2b2bfdf31-goog
