Re: [PATCH] bpf: Fix KASAN use-after-free Read in compute_effective_progs

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



On 4/13/22 12:07, Andrii Nakryiko wrote:
it would be ideal if detach would never fail, but it would require some kind of
prealloc, on attach maybe? Another option would be to minimize the probability
We allocate new arrays in update_effective_progs() under assumption
that we might need to grow the array because we use
update_effective_progs() for attachment. But for detachment we know
that we definitely don't need to increase the size, we need to remove
existing element only, thus shrinking the size.

Normally we'd reallocate the array to shrink it (and that's why we use
update_effective_progs() and allocate memory), but we can also have a
fallback path for detachment only to reuse existing effective arrays
and just shift all the elements to the right from the element that's
being removed. We'll leave NULL at the end, but that's much better
than error out. Subsequent attachment or detachment will attempt to
properly size and reallocate everything.

So I think that should be the fix, if you'd be willing to work on it.

That makes it much easier then. I will change it so that there is no
alloc needed on the detach path. Thanks for the clarification.

--
Thanks,
Tadeusz



[Index of Archives]     [Linux Kernel]     [Kernel Development Newbies]     [Linux USB Devel]     [Video for Linux]     [Linux Audio Users]     [Yosemite Hiking]     [Linux Kernel]     [Linux SCSI]

  Powered by Linux