diff options
| author | Alexei Starovoitov <ast@kernel.org> | 2024-08-22 08:00:26 -0700 |
|---|---|---|
| committer | Alexei Starovoitov <ast@kernel.org> | 2024-08-22 08:00:27 -0700 |
| commit | 5148f19ac4bdf66b5bf5736e8e9d1df323c0dcb4 (patch) | |
| tree | 726007f282195c6268baae1ef0da63f4535bff47 /tools/testing/selftests/bpf/prog_tests/access_variable_array.c | |
| parent | b6ab50902724a27f1fc7136927c27d29f9ba01c6 (diff) | |
| parent | 110bbd3a2ed71f3cf4d9438d62f22f591952fc3b (diff) | |
Merge branch 'bpf-fix-null-pointer-access-for-malformed-bpf_core_type_id_local-relos'
Eduard Zingerman says:
====================
bpf: fix null pointer access for malformed BPF_CORE_TYPE_ID_LOCAL relos
Liu RuiTong reported an in-kernel null pointer derefence when
processing BPF_CORE_TYPE_ID_LOCAL relocations referencing non-existing
BTF types. Fix this by adding proper id checks.
Changes v2->v3:
- selftest update suggested by Andrii:
avoid memset(0) for log buffer and do memset(0) for bpf_attr.
Changes v1->v2:
- moved check from bpf_core_calc_relo_insn() to bpf_core_apply()
now both in kernel and in libbpf relocation type id is guaranteed
to exist when bpf_core_calc_relo_insn() is called;
- added a test case.
v1: https://lore.kernel.org/bpf/20240821164620.1056362-1-eddyz87@gmail.com/
v2: https://lore.kernel.org/bpf/20240822001837.2715909-1-eddyz87@gmail.com/
====================
Link: https://lore.kernel.org/r/20240822080124.2995724-1-eddyz87@gmail.com
Signed-off-by: Alexei Starovoitov <ast@kernel.org>
Diffstat (limited to 'tools/testing/selftests/bpf/prog_tests/access_variable_array.c')
0 files changed, 0 insertions, 0 deletions