Hello:
This patch was applied to bpf/bpf.git (master)
by Alexei Starovoitov <ast@xxxxxxxxxx>:
On Thu, 17 Feb 2022 01:49:43 +0530 you wrote:
> When commit e6ac2450d6de ("bpf: Support bpf program calling kernel
> function") added kfunc support, it defined reg2btf_ids as a cheap way to
> translate the verifier reg type to the appropriate btf_vmlinux BTF ID,
> however commit c25b2ae13603 ("bpf: Replace PTR_TO_XXX_OR_NULL with
> PTR_TO_XXX | PTR_MAYBE_NULL") moved the __BPF_REG_TYPE_MAX from the last
> member of bpf_reg_type enum to after the base register types, and
> defined other variants using type flag composition. However, now, the
> direct usage of reg->type to index into reg2btf_ids may no longer fall
> into __BPF_REG_TYPE_MAX range, and hence lead to out of bounds access
> and kernel crash on dereference of bad pointer.
>
> [...]
Here is the summary with links:
- [bpf,v2] Fix crash due to OOB access when reg->type > __BPF_REG_TYPE_MAX
https://git.kernel.org/bpf/bpf/c/45ce4b4f9009
You are awesome, thank you!
--
Deet-doot-dot, I am a bot.
https://korg.docs.kernel.org/patchwork/pwbot.html
