Minki/linux
1
0
Fork 1
mirror of https://github.com/torvalds/linux.git synced 2024-12-01 16:41:39 +00:00
Code Issues Packages Projects Releases Wiki Activity
aef9d4a34a
linux/kernel/bpf
History
Stanislav Fomichev aef9d4a34a bpf: Check attach_func_proto more carefully in check_helper_call 
Syzkaller found a problem similar to d1a6edecc1 ("bpf: Check
attach_func_proto more carefully in check_return_code") where
attach_func_proto might be NULL:

RIP: 0010:check_helper_call+0x3dcb/0x8d50 kernel/bpf/verifier.c:7330
 do_check kernel/bpf/verifier.c:12302 [inline]
 do_check_common+0x6e1e/0xb980 kernel/bpf/verifier.c:14610
 do_check_main kernel/bpf/verifier.c:14673 [inline]
 bpf_check+0x661e/0xc520 kernel/bpf/verifier.c:15243
 bpf_prog_load+0x11ae/0x1f80 kernel/bpf/syscall.c:2620

With the following reproducer:

  bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000780)={0xf, 0x4, &(0x7f0000000040)=@framed={{}, [@call={0x85, 0x0, 0x0, 0xbb}]}, &(0x7f0000000000)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2b, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0}, 0x80)

Let's do the same here, only check attach_func_proto for the prog types
where we are certain that attach_func_proto is defined.

Fixes: 69fd337a97 ("bpf: per-cgroup lsm flavor")
Reported-by: syzbot+0f8d989b1fba1addc5e0@syzkaller.appspotmail.com
Signed-off-by: Stanislav Fomichev <sdf@google.com>
Signed-off-by: Daniel Borkmann <daniel@iogearbox.net>
Acked-by: Martin KaFai Lau <kafai@fb.com>
Link: https://lore.kernel.org/bpf/20220720164729.147544-1-sdf@google.com
2022-07-21 15:02:02 +02:00
..
preload bpf: iterators: Build and use lightweight bootstrap version of bpftool 2022-07-15 12:01:30 -07:00
arraymap.c bpf: remove obsolete KMALLOC_MAX_SIZE restriction on array map value size 2022-07-19 09:45:34 -07:00
bloom_filter.c bpf: Compute map_btf_id during build time 2022-04-26 11:35:21 -07:00
bpf_inode_storage.c bpf: Compute map_btf_id during build time 2022-04-26 11:35:21 -07:00
bpf_iter.c bpf: Inline calls to bpf_loop when callback is known 2022-06-20 17:40:51 -07:00
bpf_local_storage.c bpf: Fix usage of trace RCU in local storage. 2022-04-19 17:55:45 -07:00
bpf_lru_list.c
bpf_lru_list.h printk: stop including cache.h from printk.h 2022-05-13 07:20:07 -07:00
bpf_lsm.c bpf: fix lsm_cgroup build errors on esoteric configs 2022-07-19 09:40:41 -07:00
bpf_struct_ops_types.h bpf: Add dummy BPF STRUCT_OPS for test purpose 2021-11-01 14:10:00 -07:00
bpf_struct_ops.c bpf: Remove is_valid_bpf_tramp_flags() 2022-07-11 21:04:58 +02:00
bpf_task_storage.c bpf: Compute map_btf_id during build time 2022-04-26 11:35:21 -07:00
btf.c bpf: Fix check against plain integer v 'NULL' 2022-07-15 09:55:20 -07:00
cgroup.c bpf: implement BPF_PROG_QUERY for BPF_LSM_CGROUP 2022-06-29 13:21:52 -07:00
core.c bpf, x86: fix freeing of not-finalized bpf_prog_pack 2022-07-12 17:33:22 -07:00
cpumap.c bpf: Compute map_btf_id during build time 2022-04-26 11:35:21 -07:00
devmap.c bpf: Make non-preallocated allocation low priority 2022-07-12 17:44:27 -07:00
disasm.c bpf: Relicense disassembler as GPL-2.0-only OR BSD-2-Clause 2021-09-02 14:49:23 +02:00
disasm.h bpf: Relicense disassembler as GPL-2.0-only OR BSD-2-Clause 2021-09-02 14:49:23 +02:00
dispatcher.c
hashtab.c bpf: Make non-preallocated allocation low priority 2022-07-12 17:44:27 -07:00
helpers.c bpf: Fix non-static bpf_func_proto struct definitions 2022-06-17 16:00:51 +02:00
inode.c bpf: Convert bpf_preload.ko to use light skeleton. 2022-02-10 23:31:51 +01:00
Kconfig rcu: Make the TASKS_RCU Kconfig option be selected 2022-04-20 16:52:58 -07:00
link_iter.c bpf: Add bpf_link iterator 2022-05-10 11:20:45 -07:00
local_storage.c bpf: Make non-preallocated allocation low priority 2022-07-12 17:44:27 -07:00
lpm_trie.c bpf: Make non-preallocated allocation low priority 2022-07-12 17:44:27 -07:00
Makefile bpf: Add bpf_link iterator 2022-05-10 11:20:45 -07:00
map_in_map.c bpf: Allow storing unreferenced kptr in map 2022-04-25 17:31:35 -07:00
map_in_map.h
map_iter.c bpf: Introduce MEM_RDONLY flag 2021-12-18 13:27:41 -08:00
mmap_unlock_work.h bpf: Introduce helper bpf_find_vma 2021-11-07 11:54:51 -08:00
net_namespace.c net: Add includes masked by netdevice.h including uapi/bpf.h 2021-12-29 20:03:05 -08:00
offload.c
percpu_freelist.c bpf: avoid grabbing spin_locks of all cpus when no free elems 2022-06-11 14:25:35 -07:00
percpu_freelist.h
prog_iter.c
queue_stack_maps.c bpf: Compute map_btf_id during build time 2022-04-26 11:35:21 -07:00
reuseport_array.c bpf: Compute map_btf_id during build time 2022-04-26 11:35:21 -07:00
ringbuf.c bpf: Dynptr support for ring buffers 2022-05-23 14:31:28 -07:00
stackmap.c bpf: Compute map_btf_id during build time 2022-04-26 11:35:21 -07:00
syscall.c bpf: reparent bpf maps on memcg offlining 2022-07-12 15:59:12 -07:00
sysfs_btf.c
task_iter.c bpf: Remove redundant assignment to meta.seq in __task_seq_show() 2022-04-11 21:14:34 +02:00
tnum.c
trampoline.c bpf: fix lsm_cgroup build errors on esoteric configs 2022-07-19 09:40:41 -07:00
verifier.c bpf: Check attach_func_proto more carefully in check_helper_call 2022-07-21 15:02:02 +02:00