AcoSail/kernel_optimize_test
8
0
Fork 0
forked from luck/tmp_suning_uos_patched
Code Pull Requests Activity
cb44a08f86
kernel_optimize_test/kernel/bpf
History
Yonghong Song e9eeec58c9 bpf: Fix a bug when getting subprog 0 jited image in check_attach_btf_id 
For jited bpf program, if the subprogram count is 1, i.e.,
there is no callees in the program, prog->aux->func will be NULL
and prog->bpf_func points to image address of the program.

If there is more than one subprogram, prog->aux->func is populated,
and subprogram 0 can be accessed through either prog->bpf_func or
prog->aux->func[0]. Other subprograms should be accessed through
prog->aux->func[subprog_id].

This patch fixed a bug in check_attach_btf_id(), where
prog->aux->func[subprog_id] is used to access any subprogram which
caused a segfault like below:
  [79162.619208] BUG: kernel NULL pointer dereference, address:
  0000000000000000
  ......
  [79162.634255] Call Trace:
  [79162.634974]  ? _cond_resched+0x15/0x30
  [79162.635686]  ? kmem_cache_alloc_trace+0x162/0x220
  [79162.636398]  ? selinux_bpf_prog_alloc+0x1f/0x60
  [79162.637111]  bpf_prog_load+0x3de/0x690
  [79162.637809]  __do_sys_bpf+0x105/0x1740
  [79162.638488]  do_syscall_64+0x5b/0x180
  [79162.639147]  entry_SYSCALL_64_after_hwframe+0x44/0xa9
  ......

Fixes: 5b92a28aae ("bpf: Support attaching tracing BPF program to other BPF programs")
Reported-by: Eelco Chaudron <echaudro@redhat.com>
Signed-off-by: Yonghong Song <yhs@fb.com>
Signed-off-by: Alexei Starovoitov <ast@kernel.org>
Link: https://lore.kernel.org/bpf/20191205010606.177774-1-yhs@fb.com
2019-12-04 21:20:07 -08:00
..
arraymap.c bpf: Simplify __bpf_arch_text_poke poke type handling 2019-11-24 17:12:11 -08:00
bpf_lru_list.c
bpf_lru_list.h
btf.c bpf: Fix build in minimal configurations 2019-11-29 01:03:42 +01:00
cgroup.c Merge branch 'core-rcu-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip 2019-11-26 15:42:43 -08:00
core.c bpf: Add poke dependency tracking for prog array maps 2019-11-24 17:04:11 -08:00
cpumap.c
devmap.c xdp: Fix cleanup on map free for devmap_hash map type 2019-11-24 16:58:46 -08:00
disasm.c
disasm.h
hashtab.c
helpers.c cgroup: use cgrp->kn->id as the cgroup ID 2019-11-12 08:18:04 -08:00
inode.c bpf: Convert bpf_prog refcnt to atomic64_t 2019-11-18 11:41:59 +01:00
local_storage.c cgroup: use cgrp->kn->id as the cgroup ID 2019-11-12 08:18:04 -08:00
lpm_trie.c
Makefile bpf: Introduce BPF trampoline 2019-11-15 23:41:51 +01:00
map_in_map.c bpf: Move owner type, jited info into array auxiliary data 2019-11-24 17:04:11 -08:00
map_in_map.h
offload.c bpf, offload: Unlock on error in bpf_offload_dev_create() 2019-11-07 00:20:27 +01:00
percpu_freelist.c
percpu_freelist.h
queue_stack_maps.c
reuseport_array.c
stackmap.c Merge branch 'locking-core-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip 2019-11-26 16:02:40 -08:00
syscall.c bpf: Add poke dependency tracking for prog array maps 2019-11-24 17:04:11 -08:00
sysfs_btf.c
tnum.c
trampoline.c bpf: Simplify __bpf_arch_text_poke poke type handling 2019-11-24 17:12:11 -08:00
verifier.c bpf: Fix a bug when getting subprog 0 jited image in check_attach_btf_id 2019-12-04 21:20:07 -08:00
xskmap.c bpf: Switch bpf_map ref counter to atomic64_t so bpf_map_inc() never fails 2019-11-18 11:41:59 +01:00