From: Andrii Nakryiko <andrii.nakryiko@gmail.com>
To: Yafang Shao <laoar.shao@gmail.com>
Cc: Daniel Borkmann <daniel@iogearbox.net>,
Alexei Starovoitov <ast@kernel.org>,
Andrii Nakryiko <andrii@kernel.org>, Martin Lau <kafai@fb.com>,
Song Liu <songliubraving@fb.com>, Yonghong Song <yhs@fb.com>,
john fastabend <john.fastabend@gmail.com>,
KP Singh <kpsingh@kernel.org>,
Networking <netdev@vger.kernel.org>, bpf <bpf@vger.kernel.org>
Subject: Re: [PATCH] libbpf: fix possible NULL pointer dereference when destroy skelton
Date: Sun, 9 Jan 2022 17:48:39 -0800 [thread overview]
Message-ID: <CAEf4BzZe7_VDOKBiDpD3gn5XVAfkpOVUyowyTo_ziqDuhFTqyQ@mail.gmail.com> (raw)
In-Reply-To: <20220108134739.32541-1-laoar.shao@gmail.com>
On Sat, Jan 8, 2022 at 5:47 AM Yafang Shao <laoar.shao@gmail.com> wrote:
>
> When I checked the code in skelton header file generated with my own bpf
> prog, I found there may be possible NULL pointer derefence when destroy
> skelton. Then I checked the in-tree bpf progs, finding that is a common
> issue. Let's take the generated samples/bpf/xdp_redirect_cpu.skel.h for
> example. Below is the generated code in
> xdp_redirect_cpu__create_skeleton(),
> xdp_redirect_cpu__create_skeleton
> struct bpf_object_skeleton *s;
> s = (struct bpf_object_skeleton *)calloc(1, sizeof(*s));
> if (!s)
> goto error;
> ...
> error:
> bpf_object__destroy_skeleton(s);
> return -ENOMEM;
>
> After goto error, the NULL 's' will be deferenced in
> bpf_object__destroy_skeleton().
>
> We can simply fix this issue by just adding a NULL check in
> bpf_object__destroy_skeleton().
>
> Fixes: d66562fba ("libbpf: Add BPF object skeleton support")
We ask to use 12-character short SHA, I've fixed it up, but for future
submissions keep this in mind.
Fixed a few typos and applied to bpf-next, thanks.
> Signed-off-by: Yafang Shao <laoar.shao@gmail.com>
> Cc: Andrii Nakryiko <andrii@kernel.org>
> ---
> tools/lib/bpf/libbpf.c | 3 +++
> 1 file changed, 3 insertions(+)
>
> diff --git a/tools/lib/bpf/libbpf.c b/tools/lib/bpf/libbpf.c
> index 7c74342bb668..a07fbd59e4b8 100644
> --- a/tools/lib/bpf/libbpf.c
> +++ b/tools/lib/bpf/libbpf.c
> @@ -11464,6 +11464,9 @@ void bpf_object__detach_skeleton(struct bpf_object_skeleton *s)
>
> void bpf_object__destroy_skeleton(struct bpf_object_skeleton *s)
> {
> + if (!s)
> + return;
> +
> if (s->progs)
> bpf_object__detach_skeleton(s);
> if (s->obj)
> --
> 2.17.1
>
prev parent reply other threads:[~2022-01-10 1:48 UTC|newest]
Thread overview: 2+ messages / expand[flat|nested] mbox.gz Atom feed top
2022-01-08 13:47 [PATCH] libbpf: fix possible NULL pointer dereference when destroy skelton Yafang Shao
2022-01-10 1:48 ` Andrii Nakryiko [this message]
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=CAEf4BzZe7_VDOKBiDpD3gn5XVAfkpOVUyowyTo_ziqDuhFTqyQ@mail.gmail.com \
--to=andrii.nakryiko@gmail.com \
--cc=andrii@kernel.org \
--cc=ast@kernel.org \
--cc=bpf@vger.kernel.org \
--cc=daniel@iogearbox.net \
--cc=john.fastabend@gmail.com \
--cc=kafai@fb.com \
--cc=kpsingh@kernel.org \
--cc=laoar.shao@gmail.com \
--cc=netdev@vger.kernel.org \
--cc=songliubraving@fb.com \
--cc=yhs@fb.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.