From mboxrd@z Thu Jan  1 00:00:00 1970
Received: from mail-dl1-f46.google.com (mail-dl1-f46.google.com [74.125.82.46])
	(using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits))
	(No client certificate requested)
	by smtp.subspace.kernel.org (Postfix) with ESMTPS id 91DB01F03D9
	for <linux-kernel@vger.kernel.org>; Thu, 14 May 2026 01:10:52 +0000 (UTC)
Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=74.125.82.46
ARC-Seal:i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116;
	t=1778721053; cv=none; b=P60euAChpQ7GIfzfFI3AluFYKXgjD3EBVZYv5D/p83U9pK8eMSuFLx10/8jkYtTJ5N98V9aw9wR0ZhA5I2jfpEebioiv5KEaaeohfqHlyxsunPazMLD0qXDeIxB2rzOyxJwy/vePRpNWfFNdHotyp4d29oI/35jvPvn4IiA0J/U=
ARC-Message-Signature:i=1; a=rsa-sha256; d=subspace.kernel.org;
	s=arc-20240116; t=1778721053; c=relaxed/simple;
	bh=VP3E9xUx8K7Col3Pkwdri9YzaBLNytwsRXbwapHgmg4=;
	h=Date:From:To:Cc:Subject:Message-ID:References:MIME-Version:
	 Content-Type:Content-Disposition:In-Reply-To; b=p//AxKuCMf835a/X2yF18dTN7+2rRE7YR3DRGYwXiPNbAwu3R8xGYadAQ/4zgDXC9AbeavN2fjZjQ9FtmlC8mxLvzxnTpo0SfdxvpROBHfEL0EPbj4Q1Vk/uULy1ZwLDOcg3mScWoZFtl0UQJL7eKCNFYnLQM1HQ2cO+au3dsjk=
ARC-Authentication-Results:i=1; smtp.subspace.kernel.org; dmarc=pass (p=reject dis=none) header.from=google.com; spf=pass smtp.mailfrom=google.com; dkim=pass (2048-bit key) header.d=google.com header.i=@google.com header.b=pgBFpkYi; arc=none smtp.client-ip=74.125.82.46
Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=reject dis=none) header.from=google.com
Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=google.com
Authentication-Results: smtp.subspace.kernel.org;
	dkim=pass (2048-bit key) header.d=google.com header.i=@google.com header.b="pgBFpkYi"
Received: by mail-dl1-f46.google.com with SMTP id a92af1059eb24-132cccd3d77so2833c88.1
        for <linux-kernel@vger.kernel.org>; Wed, 13 May 2026 18:10:52 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=google.com; s=20251104; t=1778721052; x=1779325852; darn=vger.kernel.org;
        h=in-reply-to:content-disposition:mime-version:references:message-id
         :subject:cc:to:from:date:from:to:cc:subject:date:message-id:reply-to;
        bh=R2WKg/pR8Yeus9hdyn0q6rMO9ZX6fRv9ueAaRc41apY=;
        b=pgBFpkYiynp5cO1PYqTer5mJHfSlsHS9DyTS3rpWHx8HenhwWwanQyNHowZJibg56G
         TIpR9TjaX4uk/z47l3DMYX3eaFTqQxYgqlw8lGvckIxtEQOBeoHI0TcwdgGwIt+iC2av
         34SBFIjP0ZLyj76tmt7SI69CJsVE1hmZOtIUiDuX+f7ac2t0YQ7j4cMWSZb/GQae5WgT
         YiQjCRmfgW3iVM9ACWIueB+BmpjoptF1xNaq4BzTeSUr5AhSjZBBjpMB8LS5NCWmvsVM
         SHKp3WXhs8xJ74UAIUwD/XjJY7yXK7hsIYVuVBlTPRlZd8NXEIuse5trPK4MsiQvWjMB
         Is5A==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=1e100.net; s=20251104; t=1778721052; x=1779325852;
        h=in-reply-to:content-disposition:mime-version:references:message-id
         :subject:cc:to:from:date:x-gm-gg:x-gm-message-state:from:to:cc
         :subject:date:message-id:reply-to;
        bh=R2WKg/pR8Yeus9hdyn0q6rMO9ZX6fRv9ueAaRc41apY=;
        b=drR11HOYE1VikonQsOUCHVJKREJs23opsRUT0Ri0JwwoOVIibvR9Sk3kGvw5xBxQoU
         at83wP7aP6P5qXOn68VkS3A6Q/Lw1E0XcbCklQhaHK/k7oyy7kA9CrM5uqXP9zyWeMXd
         rql6oei8jKVffTfsU8/jUkPhmt4j4v2SuRZMwkxDFjKytPLGfVIOB3LVbQr0nFcFUlKd
         lGAOROfwr+Jy9xyXZ9tF/z7mAQ7E00BUrn5WYdUZA3s9TvtYpba4yNmLP1LnNIzdJvHM
         CwJ09cqFEx/RLubFXdLGLYt+E4UlCWGEOJuLAaAhDFhnQ9bAgCFYG9Xwp4qh6WW7rEYT
         QRRg==
X-Forwarded-Encrypted: i=1; AFNElJ/E66v9+ChZEe4LWNgSm2fQyv2ThTIZ/DoeWKntM4PCjpRuyRbfUnT2TYu1HWFAs+4HhY0NaxUIqgpfO38=@vger.kernel.org
X-Gm-Message-State: AOJu0Yz18Oo1xo/4bsrv/ehBrZwdhjJTnhmRi/zeuhQf8ccy2L2bgpAv
	T0MdzrdsyBKI1uqC0EII4jtUxm0NhdhOKUBaO9P0rzQQWBtTytuICxVSY4n3MMG4yw==
X-Gm-Gg: Acq92OHfGcIp+CYV8Brx3n8PXgqyThqKuaXRIIECq6qNIwKLTiuTZyUiHglaIFKJalp
	rNglYOIKnStFXC9OM0RRxEPfssB9rKp7/7AYbweL/GYtcbWGKWGiXrOElKCj9DgZFV+t4Etp+r+
	WhVjZM3y3HzQ16QmHBvpEmq+pP4vd0/9Zl9bH3VIlap8kz6laOS0Pl+v1BX61o9NorUx2yfy+xs
	ZVGvbMAe26B9XDTOADReA6Tj+TOuuS9Pxhws6ysusOrIh9EYZAFkb7aHghEYW7cvgbV4KYdSlaQ
	p4nd7s8noN9umDvJ7n6PrwN5jJCQKrvZhEA+tk1RWIZhwi4Hzqhcxy5G5VGAXM8ikskIqXBdHsp
	c8qtKBuFTmKhl6zuDitbJomCIqrFari0P09LoATduJAry/LJtZeFCjY3Vk/UPBrHAVxdHlJkudz
	Z+i4tDFcEvc0xTRYiPGR9nazFmPIXJd/9wmqqXOyx5lIzli/F2nLOSVFbU3Lgk3V36ArxGSRSiR
	jMMFqE4powFI0/3guazr314s2xsY4qgzsAKqa8lSDO4LBMrFg2d/kKu
X-Received: by 2002:a05:7022:390:b0:130:aa42:16a4 with SMTP id a92af1059eb24-134cb46979amr132599c88.6.1778721051076;
        Wed, 13 May 2026 18:10:51 -0700 (PDT)
Received: from google.com (112.174.16.34.bc.googleusercontent.com. [34.16.174.112])
        by smtp.gmail.com with ESMTPSA id 5a478bee46e88-30296dcc458sm1452388eec.18.2026.05.13.18.10.50
        (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256);
        Wed, 13 May 2026 18:10:50 -0700 (PDT)
Date: Thu, 14 May 2026 01:10:46 +0000
From: Carlos Llamas <cmllamas@google.com>
To: bot+bpf-ci@kernel.org
Cc: andrii@kernel.org, eddyz87@gmail.com, ast@kernel.org,
	daniel@iogearbox.net, martin.lau@linux.dev, memxor@gmail.com,
	song@kernel.org, yonghong.song@linux.dev, jolsa@kernel.org,
	john.fastabend@gmail.com, kernel-team@android.com,
	linux-kernel@vger.kernel.org, andriin@fb.com, bpf@vger.kernel.org,
	martin.lau@kernel.org, clm@meta.com, ihor.solodrai@linux.dev
Subject: Re: [PATCH] libbpf: fix UAF in strset__add_str()
Message-ID: <agUhFgtZlqw6-YTa@google.com>
References: <20260513232055.1681859-1-cmllamas@google.com>
 <a183ee082f0d56ee7664ad0d13cf7b7169ed2b6da743cb332f619fb360689ada@mail.kernel.org>
Precedence: bulk
X-Mailing-List: linux-kernel@vger.kernel.org
List-Id: <linux-kernel.vger.kernel.org>
List-Subscribe: <mailto:linux-kernel+subscribe@vger.kernel.org>
List-Unsubscribe: <mailto:linux-kernel+unsubscribe@vger.kernel.org>
MIME-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
In-Reply-To: <a183ee082f0d56ee7664ad0d13cf7b7169ed2b6da743cb332f619fb360689ada@mail.kernel.org>

On Wed, May 13, 2026 at 11:55:53PM +0000, bot+bpf-ci@kernel.org wrote:
> >
> > Fixes: 919d2b1dbb07 ("libbpf: Allow modification of BTF and add btf__add_str API")
> > Signed-off-by: Carlos Llamas <cmllamas@google.com>
> 
> The existing Fixes: tag points to commit 919d2b1dbb07, but the bug is
> actually in strset__add_str() which was introduced by commit 90d76d3ececc
> ("libbpf: Extract internal set-of-strings datastructure APIs").

Yes, the bug is currently in strset__add_str(). But it used to be in
btf__add_str() before the problematic code got migrated into a separate
file.

> While the vulnerable pattern originated in btf__add_str() from 919d2b1dbb07,
> the code being fixed resides in tools/lib/bpf/strset.c which was created by
> 90d76d3ececc when the string set functionality was extracted into a separate
> module.

Right, you are making my point here.

> Should this use:
> 
>   Fixes: 90d76d3ececc ("libbpf: Extract internal set-of-strings datastructure APIs")

I would think the commit tagged as "Fixes:" should be the one that
introduced the issue and not the one that better fits the file name or
function no?

Another idea would be to tag instead the commit that introduced the
specific pattern that I ran into, which would be commit 9d199965990c
("resolve_btfids: Support for KF_IMPLICIT_ARGS").

Anyway, I'm happy to use any of these. It would be nice if a human can
confirm a preference though lol.

Regards,
--
Carlos Llamas