This is a note to let you know that I've just added the patch titled libbpf: Validate that .BTF and .BTF.ext sections contain data to the 5.10-stable tree which can be found at: http://www.kernel.org/git/?p=linux/kernel/git/stable/stable-queue.git;a=summary The filename of the patch is: libbpf-validate-that-.btf-and-.btf.ext-sections-cont.patch and it can be found in the queue-5.10 subdirectory. If you, or anyone else, feels it should not be added to the stable tree, please let <stable@xxxxxxxxxxxxxxx> know about it. commit 91230f9cc6744934c144a549c16afe63a5c87ff1 Author: Andrii Nakryiko <andrii@xxxxxxxxxx> Date: Wed Nov 3 10:32:11 2021 -0700 libbpf: Validate that .BTF and .BTF.ext sections contain data [ Upstream commit 62554d52e71797eefa3fc15b54008038837bb2d4 ] .BTF and .BTF.ext ELF sections should have SHT_PROGBITS type and contain data. If they are not, ELF is invalid or corrupted, so bail out. Otherwise this can lead to data->d_buf being NULL and SIGSEGV later on. Reported by oss-fuzz project. Signed-off-by: Andrii Nakryiko <andrii@xxxxxxxxxx> Signed-off-by: Alexei Starovoitov <ast@xxxxxxxxxx> Acked-by: Yonghong Song <yhs@xxxxxx> Link: https://lore.kernel.org/bpf/20211103173213.1376990-4-andrii@xxxxxxxxxx Signed-off-by: Sasha Levin <sashal@xxxxxxxxxx> diff --git a/tools/lib/bpf/libbpf.c b/tools/lib/bpf/libbpf.c index b337d6f29098b..e8ad53d31044a 100644 --- a/tools/lib/bpf/libbpf.c +++ b/tools/lib/bpf/libbpf.c @@ -2870,8 +2870,12 @@ static int bpf_object__elf_collect(struct bpf_object *obj) } else if (strcmp(name, MAPS_ELF_SEC) == 0) { obj->efile.btf_maps_shndx = idx; } else if (strcmp(name, BTF_ELF_SEC) == 0) { + if (sh->sh_type != SHT_PROGBITS) + return -LIBBPF_ERRNO__FORMAT; btf_data = data; } else if (strcmp(name, BTF_EXT_ELF_SEC) == 0) { + if (sh->sh_type != SHT_PROGBITS) + return -LIBBPF_ERRNO__FORMAT; btf_ext_data = data; } else if (sh.sh_type == SHT_SYMTAB) { /* already processed during the first pass above */