Merge branch 'bpf-fix-null-pointer-access-for-malformed-bpf_core_type_id_local-relos'
Eduard Zingerman says: ==================== bpf: fix null pointer access for malformed BPF_CORE_TYPE_ID_LOCAL relos Liu RuiTong reported an in-kernel null pointer derefence when processing BPF_CORE_TYPE_ID_LOCAL relocations referencing non-existing BTF types. Fix this by adding proper id checks. Changes v2->v3: - selftest update suggested by Andrii: avoid memset(0) for log buffer and do memset(0) for bpf_attr. Changes v1->v2: - moved check from bpf_core_calc_relo_insn() to bpf_core_apply() now both in kernel and in libbpf relocation type id is guaranteed to exist when bpf_core_calc_relo_insn() is called; - added a test case. v1: https://lore.kernel.org/bpf/20240821164620.1056362-1-eddyz87@gmail.com/ v2: https://lore.kernel.org/bpf/20240822001837.2715909-1-eddyz87@gmail.com/ ==================== Link: https://lore.kernel.org/r/20240822080124.2995724-1-eddyz87@gmail.com Signed-off-by:Alexei Starovoitov <ast@kernel.org>
Loading
Please sign in to comment