* [PATCH bpf] bpf: Fix a crash when btf_parse_base() returns an error pointer
@ 2024-08-30 1:22 Martin KaFai Lau
2024-08-30 1:46 ` Eduard Zingerman
` (2 more replies)
0 siblings, 3 replies; 4+ messages in thread
From: Martin KaFai Lau @ 2024-08-30 1:22 UTC (permalink / raw)
To: bpf
Cc: Alexei Starovoitov, Andrii Nakryiko, Daniel Borkmann, kernel-team,
Alan Maguire
From: Martin KaFai Lau <martin.lau@kernel.org>
The pointer returned by btf_parse_base could be an error pointer.
IS_ERR() check is needed before calling btf_free(base_btf).
Cc: Alan Maguire <alan.maguire@oracle.com>
Fixes: 8646db238997 ("libbpf,bpf: Share BTF relocate-related code with kernel")
Signed-off-by: Martin KaFai Lau <martin.lau@kernel.org>
---
It was discovered in a bpf CI run that crashed in s390 due to
the wrong endian in the btf header. It caused the btf_parse_base()
to fail and triggered this crash.
This patch is tested in the bpf CI. It fails to load the bpf_testmod
but does not crash the kernel:
https://github.com/kernel-patches/bpf/actions/runs/10623574366/job/29450422150?pr=7630
kernel/bpf/btf.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/kernel/bpf/btf.c b/kernel/bpf/btf.c
index 520f49f422fe..e3377dd61f7e 100644
--- a/kernel/bpf/btf.c
+++ b/kernel/bpf/btf.c
@@ -6283,7 +6283,7 @@ static struct btf *btf_parse_module(const char *module_name, const void *data,
errout:
btf_verifier_env_free(env);
- if (base_btf != vmlinux_btf)
+ if (!IS_ERR(base_btf) && base_btf != vmlinux_btf)
btf_free(base_btf);
if (btf) {
kvfree(btf->data);
--
2.43.5
^ permalink raw reply related [flat|nested] 4+ messages in thread* Re: [PATCH bpf] bpf: Fix a crash when btf_parse_base() returns an error pointer
2024-08-30 1:22 [PATCH bpf] bpf: Fix a crash when btf_parse_base() returns an error pointer Martin KaFai Lau
@ 2024-08-30 1:46 ` Eduard Zingerman
2024-08-30 17:20 ` Alan Maguire
2024-08-30 17:40 ` patchwork-bot+netdevbpf
2 siblings, 0 replies; 4+ messages in thread
From: Eduard Zingerman @ 2024-08-30 1:46 UTC (permalink / raw)
To: Martin KaFai Lau, bpf
Cc: Alexei Starovoitov, Andrii Nakryiko, Daniel Borkmann, kernel-team,
Alan Maguire
On Thu, 2024-08-29 at 18:22 -0700, Martin KaFai Lau wrote:
> From: Martin KaFai Lau <martin.lau@kernel.org>
>
> The pointer returned by btf_parse_base could be an error pointer.
> IS_ERR() check is needed before calling btf_free(base_btf).
>
> Cc: Alan Maguire <alan.maguire@oracle.com>
> Fixes: 8646db238997 ("libbpf,bpf: Share BTF relocate-related code with kernel")
> Signed-off-by: Martin KaFai Lau <martin.lau@kernel.org>
> ---
Acked-by: Eduard Zingerman <eddyz87@gmail.com>
[...]
^ permalink raw reply [flat|nested] 4+ messages in thread* Re: [PATCH bpf] bpf: Fix a crash when btf_parse_base() returns an error pointer
2024-08-30 1:22 [PATCH bpf] bpf: Fix a crash when btf_parse_base() returns an error pointer Martin KaFai Lau
2024-08-30 1:46 ` Eduard Zingerman
@ 2024-08-30 17:20 ` Alan Maguire
2024-08-30 17:40 ` patchwork-bot+netdevbpf
2 siblings, 0 replies; 4+ messages in thread
From: Alan Maguire @ 2024-08-30 17:20 UTC (permalink / raw)
To: Martin KaFai Lau, bpf
Cc: Alexei Starovoitov, Andrii Nakryiko, Daniel Borkmann, kernel-team
On 30/08/2024 02:22, Martin KaFai Lau wrote:
> From: Martin KaFai Lau <martin.lau@kernel.org>
>
> The pointer returned by btf_parse_base could be an error pointer.
> IS_ERR() check is needed before calling btf_free(base_btf).
>
> Cc: Alan Maguire <alan.maguire@oracle.com>
> Fixes: 8646db238997 ("libbpf,bpf: Share BTF relocate-related code with kernel")
> Signed-off-by: Martin KaFai Lau <martin.lau@kernel.org>
Reviewed-by: Alan Maguire <alan.maguire@oracle.com>
Thanks!
Alan
^ permalink raw reply [flat|nested] 4+ messages in thread* Re: [PATCH bpf] bpf: Fix a crash when btf_parse_base() returns an error pointer
2024-08-30 1:22 [PATCH bpf] bpf: Fix a crash when btf_parse_base() returns an error pointer Martin KaFai Lau
2024-08-30 1:46 ` Eduard Zingerman
2024-08-30 17:20 ` Alan Maguire
@ 2024-08-30 17:40 ` patchwork-bot+netdevbpf
2 siblings, 0 replies; 4+ messages in thread
From: patchwork-bot+netdevbpf @ 2024-08-30 17:40 UTC (permalink / raw)
To: Martin KaFai Lau; +Cc: bpf, ast, andrii, daniel, kernel-team, alan.maguire
Hello:
This patch was applied to bpf/bpf.git (master)
by Andrii Nakryiko <andrii@kernel.org>:
On Thu, 29 Aug 2024 18:22:14 -0700 you wrote:
> From: Martin KaFai Lau <martin.lau@kernel.org>
>
> The pointer returned by btf_parse_base could be an error pointer.
> IS_ERR() check is needed before calling btf_free(base_btf).
>
> Cc: Alan Maguire <alan.maguire@oracle.com>
> Fixes: 8646db238997 ("libbpf,bpf: Share BTF relocate-related code with kernel")
> Signed-off-by: Martin KaFai Lau <martin.lau@kernel.org>
>
> [...]
Here is the summary with links:
- [bpf] bpf: Fix a crash when btf_parse_base() returns an error pointer
https://git.kernel.org/bpf/bpf/c/b408473ea01b
You are awesome, thank you!
--
Deet-doot-dot, I am a bot.
https://korg.docs.kernel.org/patchwork/pwbot.html
^ permalink raw reply [flat|nested] 4+ messages in thread
end of thread, other threads:[~2024-08-30 17:40 UTC | newest]
Thread overview: 4+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2024-08-30 1:22 [PATCH bpf] bpf: Fix a crash when btf_parse_base() returns an error pointer Martin KaFai Lau
2024-08-30 1:46 ` Eduard Zingerman
2024-08-30 17:20 ` Alan Maguire
2024-08-30 17:40 ` patchwork-bot+netdevbpf
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox