Patch "bpf: Fix potential integer overflow in resolve_btfids" has been added to the 6.1-stable tree

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



This is a note to let you know that I've just added the patch titled

    bpf: Fix potential integer overflow in resolve_btfids

to the 6.1-stable tree which can be found at:
    http://www.kernel.org/git/?p=linux/kernel/git/stable/stable-queue.git;a=summary

The filename of the patch is:
     bpf-fix-potential-integer-overflow-in-resolve_btfids.patch
and it can be found in the queue-6.1 subdirectory.

If you, or anyone else, feels it should not be added to the stable tree,
please let <stable@xxxxxxxxxxxxxxx> know about it.



commit 95379d3ca4746eb0b2df465e2b7ecdb7d5f0aedc
Author: Friedrich Vock <friedrich.vock@xxxxxx>
Date:   Tue May 14 09:09:31 2024 +0200

    bpf: Fix potential integer overflow in resolve_btfids
    
    [ Upstream commit 44382b3ed6b2787710c8ade06c0e97f5970a47c8 ]
    
    err is a 32-bit integer, but elf_update returns an off_t, which is 64-bit
    at least on 64-bit platforms. If symbols_patch is called on a binary between
    2-4GB in size, the result will be negative when cast to a 32-bit integer,
    which the code assumes means an error occurred. This can wrongly trigger
    build failures when building very large kernel images.
    
    Fixes: fbbb68de80a4 ("bpf: Add resolve_btfids tool to resolve BTF IDs in ELF object")
    Signed-off-by: Friedrich Vock <friedrich.vock@xxxxxx>
    Signed-off-by: Daniel Borkmann <daniel@xxxxxxxxxxxxx>
    Acked-by: Daniel Borkmann <daniel@xxxxxxxxxxxxx>
    Link: https://lore.kernel.org/bpf/20240514070931.199694-1-friedrich.vock@xxxxxx
    Signed-off-by: Sasha Levin <sashal@xxxxxxxxxx>

diff --git a/tools/bpf/resolve_btfids/main.c b/tools/bpf/resolve_btfids/main.c
index ef0764d6891e4..82bffa7cf8659 100644
--- a/tools/bpf/resolve_btfids/main.c
+++ b/tools/bpf/resolve_btfids/main.c
@@ -728,7 +728,7 @@ static int sets_patch(struct object *obj)
 
 static int symbols_patch(struct object *obj)
 {
-	int err;
+	off_t err;
 
 	if (__symbols_patch(obj, &obj->structs)  ||
 	    __symbols_patch(obj, &obj->unions)   ||




[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[Index of Archives]     [Linux USB Devel]     [Linux Audio Users]     [Yosemite News]     [Linux Kernel]     [Linux SCSI]

  Powered by Linux