MIRRORS/linux-imx
1
0
Fork 0
mirror of https://github.com/nxp-imx/linux-imx.git synced 2026-01-27 12:35:36 +01:00
Code Issues Actions Packages Projects Releases Wiki Activity
2fd6cfb2a4
linux-imx/kernel/bpf
History
Cong Wang 91cff53136 bpf: Fix a potential use-after-free in bpf_link_free() 
[ Upstream commit 2884dc7d08 ]

After commit 1a80dbcb2d, bpf_link can be freed by
link->ops->dealloc_deferred, but the code still tests and uses
link->ops->dealloc afterward, which leads to a use-after-free as
reported by syzbot. Actually, one of them should be sufficient, so
just call one of them instead of both. Also add a WARN_ON() in case
of any problematic implementation.

Fixes: 1a80dbcb2d ("bpf: support deferring bpf_link dealloc to after RCU grace period")
Reported-by: syzbot+1989ee16d94720836244@syzkaller.appspotmail.com
Signed-off-by: Cong Wang <cong.wang@bytedance.com>
Signed-off-by: Daniel Borkmann <daniel@iogearbox.net>
Acked-by: Jiri Olsa <jolsa@kernel.org>
Link: https://lore.kernel.org/bpf/20240602182703.207276-1-xiyou.wangcong@gmail.com
Signed-off-by: Sasha Levin <sashal@kernel.org>
2024-06-21 14:38:15 +02:00
..
preload
arraymap.c bpf: Set need_defer as false when clearing fd array during map free 2024-02-05 20:14:20 +00:00
bloom_filter.c bpf: Check bloom filter map value size 2024-05-17 12:02:11 +02:00
bpf_cgrp_storage.c
bpf_inode_storage.c
bpf_iter.c
bpf_local_storage.c
bpf_lru_list.c
bpf_lru_list.h
bpf_lsm.c
bpf_struct_ops_types.h
bpf_struct_ops.c
bpf_task_storage.c
btf.c bpf: Add bpf_sock_addr_set_sun_path() to allow writing unix sockaddr from bpf 2024-01-31 16:19:04 -08:00
cgroup_iter.c
cgroup.c bpf: Propagate modified uaddrlen from cgroup sockaddr programs 2024-01-31 16:19:04 -08:00
core.c bpf: Optimize the free of inner map 2024-06-21 14:38:15 +02:00
cpumap.c bpf: report RCU QS in cpumap kthread 2024-03-26 18:20:12 -04:00
cpumask.c
devmap.c bpf: Fix DEVMAP_HASH overflow check on 32-bit arches 2024-03-26 18:19:39 -04:00
disasm.c
disasm.h
dispatcher.c
hashtab.c bpf: Fix hashtab overflow check on 32-bit arches 2024-03-26 18:19:39 -04:00
helpers.c bpf: Mark bpf_spin_{lock,unlock}() helpers with notrace correctly 2024-03-26 18:19:29 -04:00
inode.c
Kconfig
link_iter.c
local_storage.c
log.c
lpm_trie.c
Makefile
map_in_map.c bpf: Optimize the free of inner map 2024-06-21 14:38:15 +02:00
map_in_map.h bpf: Add map and need_defer parameters to .map_fd_put_ptr() 2024-01-25 15:35:22 -08:00
map_iter.c
memalloc.c bpf: Use c->unit_size to select target cache during free 2024-01-25 15:35:28 -08:00
mmap_unlock_work.h
mprog.c
net_namespace.c
offload.c
percpu_freelist.c
percpu_freelist.h
prog_iter.c
queue_stack_maps.c
reuseport_array.c
ringbuf.c
stackmap.c bpf: Fix stackmap overflow check on 32-bit arches 2024-03-26 18:19:39 -04:00
syscall.c bpf: Fix a potential use-after-free in bpf_link_free() 2024-06-21 14:38:15 +02:00
sysfs_btf.c
task_iter.c
tcx.c
tnum.c
trampoline.c
verifier.c bpf: Optimize the free of inner map 2024-06-21 14:38:15 +02:00