Commits on Jul 6, 2022

1. adding ci files

   Kernel Patches Daemon committed Jul 6, 2022
   Configuration menu

   • View commit details
   • Copy full SHA for 238c60e
   • Browse repository at this point

   Copy the full SHA

   238c60e View commit details

   Browse the repository at this point in the history

2. bpf: check attach_func_proto return type more carefully …

   Syzkaller reports the following crash:
   RIP: 0010:check_return_code kernel/bpf/verifier.c:10575 [inline]
   RIP: 0010:do_check kernel/bpf/verifier.c:12346 [inline]
   RIP: 0010:do_check_common+0xb3d2/0xd250 kernel/bpf/verifier.c:14610
   
   With the following reproducer:
   bpf$PROG_LOAD_XDP(0x5, &(0x7f00000004c0)={0xd, 0x3, &(0x7f0000000000)=ANY=[@ANYBLOB="1800000000000019000000000000000095"], &(0x7f0000000300)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2b, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0}, 0x80)
   
   Because we don't enforce expected_attach_type for XDP programs,
   we end up in hitting 'if (prog->expected_attach_type == BPF_LSM_CGROUP'
   part in check_return_code and follow up with testing
   `prog->aux->attach_func_proto->type`, but `prog->aux->attach_func_proto`
   is NULL.
   
   Let's add a new btf_func_returns_void() wrapper which is more defensive
   and use it in the places where we currently do '!->type' check.
   
   Fixes: 69fd337 ("bpf: per-cgroup lsm flavor")
   Reported-by: syzbot+5cc0730bd4b4d2c5f152@syzkaller.appspotmail.com
   Signed-off-by: Stanislav Fomichev <sdf@google.com>

   

   fomichev authored and Kernel Patches Daemon committed Jul 6, 2022
   Configuration menu

   • View commit details
   • Copy full SHA for ed02e45
   • Browse repository at this point

   Copy the full SHA

   ed02e45 View commit details

   Browse the repository at this point in the history