From: Andrii Nakryiko <andriin@fb.com>
To: <bpf@vger.kernel.org>, <netdev@vger.kernel.org>, <ast@fb.com>,
<daniel@iogearbox.net>
Cc: <andrii.nakryiko@gmail.com>, <kernel-team@fb.com>,
Andrii Nakryiko <andriin@fb.com>
Subject: [PATCH bpf-next 5/5] libbpf: improve handling of corrupted ELF during map initialization
Date: Wed, 6 Nov 2019 18:08:55 -0800 [thread overview]
Message-ID: <20191107020855.3834758-6-andriin@fb.com> (raw)
In-Reply-To: <20191107020855.3834758-1-andriin@fb.com>
If we get ELF file with "maps" section, but no symbols pointing to it, we'll
end up with division by zero. Add check against this situation and exit early
with error. Found by Coverity scan against Github libbpf sources.
Fixes: bf82927125dd ("libbpf: refactor map initialization")
Signed-off-by: Andrii Nakryiko <andriin@fb.com>
---
tools/lib/bpf/libbpf.c | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
diff --git a/tools/lib/bpf/libbpf.c b/tools/lib/bpf/libbpf.c
index 3ef73a214592..fde6cb3e5d41 100644
--- a/tools/lib/bpf/libbpf.c
+++ b/tools/lib/bpf/libbpf.c
@@ -956,13 +956,13 @@ static int bpf_object__init_user_maps(struct bpf_object *obj, bool strict)
pr_debug("maps in %s: %d maps in %zd bytes\n",
obj->path, nr_maps, data->d_size);
- map_def_sz = data->d_size / nr_maps;
- if (!data->d_size || (data->d_size % nr_maps) != 0) {
+ if (!data->d_size || nr_maps == 0 || (data->d_size % nr_maps) != 0) {
pr_warn("unable to determine map definition size "
"section %s, %d maps in %zd bytes\n",
obj->path, nr_maps, data->d_size);
return -EINVAL;
}
+ map_def_sz = data->d_size / nr_maps;
/* Fill obj->maps using data in "maps" section. */
for (i = 0; i < nr_syms; i++) {
--
2.17.1
next prev parent reply other threads:[~2019-11-07 2:09 UTC|newest]
Thread overview: 7+ messages / expand[flat|nested] mbox.gz Atom feed top
2019-11-07 2:08 [PATCH bpf-next 0/5] Fix bugs and issues found by static analysis in libbpf Andrii Nakryiko
2019-11-07 2:08 ` [PATCH bpf-next 1/5] libbpf: fix memory leak/double free issue Andrii Nakryiko
2019-11-07 2:08 ` [PATCH bpf-next 2/5] libbpf: fix potential overflow issue Andrii Nakryiko
2019-11-07 2:08 ` [PATCH bpf-next 3/5] libbpf: fix another potential overflow issue in bpf_prog_linfo Andrii Nakryiko
2019-11-07 2:08 ` [PATCH bpf-next 4/5] libbpf: make btf__resolve_size logic always check size error condition Andrii Nakryiko
2019-11-07 2:08 ` Andrii Nakryiko [this message]
2019-11-07 16:35 ` [PATCH bpf-next 0/5] Fix bugs and issues found by static analysis in libbpf Daniel Borkmann
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20191107020855.3834758-6-andriin@fb.com \
--to=andriin@fb.com \
--cc=andrii.nakryiko@gmail.com \
--cc=ast@fb.com \
--cc=bpf@vger.kernel.org \
--cc=daniel@iogearbox.net \
--cc=kernel-team@fb.com \
--cc=netdev@vger.kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.