From: Oleg Nesterov <oleg@redhat.com>
To: Yafang Shao <laoar.shao@gmail.com>
Cc: ast@kernel.org, daniel@iogearbox.net, john.fastabend@gmail.com,
andrii@kernel.org, martin.lau@linux.dev, eddyz87@gmail.com,
song@kernel.org, yonghong.song@linux.dev, kpsingh@kernel.org,
sdf@google.com, haoluo@google.com, jolsa@kernel.org,
bpf@vger.kernel.org, Chuyi Zhou <zhouchuyi@bytedance.com>
Subject: Re: [PATCH v2 bpf-next 1/2] bpf: Fix an issue due to uninitialized bpf_iter_task
Date: Sat, 17 Feb 2024 13:03:33 +0100 [thread overview]
Message-ID: <20240217120333.GC10393@redhat.com> (raw)
In-Reply-To: <20240217114152.1623-2-laoar.shao@gmail.com>
On 02/17, Yafang Shao wrote:
>
> Failure to initialize it->pos, coupled with the presence of an invalid
> value in the flags variable, can lead to it->pos referencing an invalid
> task, potentially resulting in a kernel panic. To mitigate this risk, it's
> crucial to ensure proper initialization of it->pos to NULL.
>
> Fixes: ac8148d957f5 ("bpf: bpf_iter_task_next: use next_task(kit->task) rather than next_task(kit->pos)")
Confused...
Does this mean that bpf_iter_task_next() (the only user of ->pos) can be
called even if bpf_iter_task_new() returns -EINVAL ?
Oleg.
> Signed-off-by: Yafang Shao <laoar.shao@gmail.com>
> Acked-by: Yonghong Song <yonghong.song@linux.dev>
> Cc: Chuyi Zhou <zhouchuyi@bytedance.com>
> Cc: Oleg Nesterov <oleg@redhat.com>
> ---
> kernel/bpf/task_iter.c | 2 ++
> 1 file changed, 2 insertions(+)
>
> diff --git a/kernel/bpf/task_iter.c b/kernel/bpf/task_iter.c
> index e5c3500443c6..ec4e97c61eef 100644
> --- a/kernel/bpf/task_iter.c
> +++ b/kernel/bpf/task_iter.c
> @@ -978,6 +978,8 @@ __bpf_kfunc int bpf_iter_task_new(struct bpf_iter_task *it,
> BUILD_BUG_ON(__alignof__(struct bpf_iter_task_kern) !=
> __alignof__(struct bpf_iter_task));
>
> + kit->pos = NULL;
> +
> switch (flags) {
> case BPF_TASK_ITER_ALL_THREADS:
> case BPF_TASK_ITER_ALL_PROCS:
> --
> 2.39.1
>
next prev parent reply other threads:[~2024-02-17 12:05 UTC|newest]
Thread overview: 7+ messages / expand[flat|nested] mbox.gz Atom feed top
2024-02-17 11:41 [PATCH v2 bpf-next 0/2] bpf: Fix an issue in bpf_iter_task Yafang Shao
2024-02-17 11:41 ` [PATCH v2 bpf-next 1/2] bpf: Fix an issue due to uninitialized bpf_iter_task Yafang Shao
2024-02-17 12:03 ` Oleg Nesterov [this message]
2024-02-17 13:11 ` Yafang Shao
2024-02-17 16:43 ` Oleg Nesterov
2024-02-17 11:41 ` [PATCH v2 bpf-next 2/2] selftests/bpf: Add negtive test cases for task iter Yafang Shao
2024-02-19 11:40 ` [PATCH v2 bpf-next 0/2] bpf: Fix an issue in bpf_iter_task patchwork-bot+netdevbpf
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20240217120333.GC10393@redhat.com \
--to=oleg@redhat.com \
--cc=andrii@kernel.org \
--cc=ast@kernel.org \
--cc=bpf@vger.kernel.org \
--cc=daniel@iogearbox.net \
--cc=eddyz87@gmail.com \
--cc=haoluo@google.com \
--cc=john.fastabend@gmail.com \
--cc=jolsa@kernel.org \
--cc=kpsingh@kernel.org \
--cc=laoar.shao@gmail.com \
--cc=martin.lau@linux.dev \
--cc=sdf@google.com \
--cc=song@kernel.org \
--cc=yonghong.song@linux.dev \
--cc=zhouchuyi@bytedance.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.