All of lore.kernel.org
 help / color / mirror / Atom feed
* [PATCH bpf-next] bpf: Fix NULL dereference in bpf_task_storage
@ 2020-11-12  0:19 Martin KaFai Lau
  2020-11-12  1:01 ` KP Singh
  2020-11-12  2:30 ` patchwork-bot+netdevbpf
  0 siblings, 2 replies; 3+ messages in thread
From: Martin KaFai Lau @ 2020-11-12  0:19 UTC (permalink / raw)
  To: bpf
  Cc: Alexei Starovoitov, Daniel Borkmann, kernel-team, Roman Gushchin,
	KP Singh

In bpf_pid_task_storage_update_elem(), it missed to
test the !task_storage_ptr(task) which then could trigger a NULL
pointer exception in bpf_local_storage_update().

Fixes: 4cf1bc1f1045 ("bpf: Implement task local storage")
Tested-by: Roman Gushchin <guro@fb.com>
Cc: KP Singh <kpsingh@chromium.org>
Signed-off-by: Martin KaFai Lau <kafai@fb.com>
---
 kernel/bpf/bpf_task_storage.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/kernel/bpf/bpf_task_storage.c b/kernel/bpf/bpf_task_storage.c
index 39a45fba4fb0..4ef1959a78f2 100644
--- a/kernel/bpf/bpf_task_storage.c
+++ b/kernel/bpf/bpf_task_storage.c
@@ -150,7 +150,7 @@ static int bpf_pid_task_storage_update_elem(struct bpf_map *map, void *key,
 	 */
 	WARN_ON_ONCE(!rcu_read_lock_held());
 	task = pid_task(pid, PIDTYPE_PID);
-	if (!task) {
+	if (!task || !task_storage_ptr(task)) {
 		err = -ENOENT;
 		goto out;
 	}
-- 
2.24.1


^ permalink raw reply related	[flat|nested] 3+ messages in thread
* Re: [PATCH bpf-next] bpf: Fix NULL dereference in bpf_task_storage
  2020-11-12  0:19 [PATCH bpf-next] bpf: Fix NULL dereference in bpf_task_storage Martin KaFai Lau
@ 2020-11-12  1:01 ` KP Singh
  2020-11-12  2:30 ` patchwork-bot+netdevbpf
  1 sibling, 0 replies; 3+ messages in thread
From: KP Singh @ 2020-11-12  1:01 UTC (permalink / raw)
  To: Martin KaFai Lau
  Cc: bpf, Alexei Starovoitov, Daniel Borkmann, Kernel Team, Roman Gushchin

On Thu, Nov 12, 2020 at 1:19 AM Martin KaFai Lau <kafai@fb.com> wrote:
>
> In bpf_pid_task_storage_update_elem(), it missed to
> test the !task_storage_ptr(task) which then could trigger a NULL
> pointer exception in bpf_local_storage_update().
>
> Fixes: 4cf1bc1f1045 ("bpf: Implement task local storage")
> Tested-by: Roman Gushchin <guro@fb.com>
> Cc: KP Singh <kpsingh@chromium.org>
> Signed-off-by: Martin KaFai Lau <kafai@fb.com>

Acked-by: KP Singh <kpsingh@google.com>

Thanks for fixing this!  I had it in v1 and while actioning:

  https://lore.kernel.org/bpf/20201028011321.4yu62347lfzisxwy@kafai-mbp

I inadvertently removed it from bpf_pid_task_storage_update_elem too.



> ---
>  kernel/bpf/bpf_task_storage.c | 2 +-
>  1 file changed, 1 insertion(+), 1 deletion(-)
>
> diff --git a/kernel/bpf/bpf_task_storage.c b/kernel/bpf/bpf_task_storage.c
> index 39a45fba4fb0..4ef1959a78f2 100644
> --- a/kernel/bpf/bpf_task_storage.c
> +++ b/kernel/bpf/bpf_task_storage.c
> @@ -150,7 +150,7 @@ static int bpf_pid_task_storage_update_elem(struct bpf_map *map, void *key,
>          */
>         WARN_ON_ONCE(!rcu_read_lock_held());
>         task = pid_task(pid, PIDTYPE_PID);
> -       if (!task) {
> +       if (!task || !task_storage_ptr(task)) {
>                 err = -ENOENT;
>                 goto out;
>         }
> --
> 2.24.1
>

^ permalink raw reply	[flat|nested] 3+ messages in thread
* Re: [PATCH bpf-next] bpf: Fix NULL dereference in bpf_task_storage
  2020-11-12  0:19 [PATCH bpf-next] bpf: Fix NULL dereference in bpf_task_storage Martin KaFai Lau
  2020-11-12  1:01 ` KP Singh
@ 2020-11-12  2:30 ` patchwork-bot+netdevbpf
  1 sibling, 0 replies; 3+ messages in thread
From: patchwork-bot+netdevbpf @ 2020-11-12  2:30 UTC (permalink / raw)
  To: Martin KaFai Lau; +Cc: bpf, ast, daniel, kernel-team, guro, kpsingh

Hello:

This patch was applied to bpf/bpf-next.git (refs/heads/master):

On Wed, 11 Nov 2020 16:19:19 -0800 you wrote:
> In bpf_pid_task_storage_update_elem(), it missed to
> test the !task_storage_ptr(task) which then could trigger a NULL
> pointer exception in bpf_local_storage_update().
> 
> Fixes: 4cf1bc1f1045 ("bpf: Implement task local storage")
> Tested-by: Roman Gushchin <guro@fb.com>
> Cc: KP Singh <kpsingh@chromium.org>
> Signed-off-by: Martin KaFai Lau <kafai@fb.com>
> 
> [...]

Here is the summary with links:
  - [bpf-next] bpf: Fix NULL dereference in bpf_task_storage
    https://git.kernel.org/bpf/bpf-next/c/09a3dac7b579

You are awesome, thank you!
--
Deet-doot-dot, I am a bot.
https://korg.docs.kernel.org/patchwork/pwbot.html



^ permalink raw reply	[flat|nested] 3+ messages in thread
end of thread, other threads:[~2020-11-12  5:40 UTC | newest]

Thread overview: 3+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2020-11-12  0:19 [PATCH bpf-next] bpf: Fix NULL dereference in bpf_task_storage Martin KaFai Lau
2020-11-12  1:01 ` KP Singh
2020-11-12  2:30 ` patchwork-bot+netdevbpf

This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.