From: Yonghong Song <yhs@fb.com>
To: <bpf@vger.kernel.org>
Cc: Alexei Starovoitov <ast@fb.com>,
Daniel Borkmann <daniel@iogearbox.net>, <kernel-team@fb.com>
Subject: [PATCH bpf 0/2] fix a verifier bug in check_attach_btf_id()
Date: Wed, 4 Dec 2019 17:06:06 -0800
Message-ID: <20191205010606.177712-1-yhs@fb.com> (raw)
Commit 5b92a28aae4d ("bpf: Support attaching tracing BPF program to
other BPF programs") added support to attach tracing bpf program to
other bpf programs. It had a bug when trying to get the address
of the jited image if the main program does not have any callees,
resulting in the following kernel segfault:
......
[79162.619208] BUG: kernel NULL pointer dereference, address:
0000000000000000
......
[79162.634255] Call Trace:
[79162.634974] ? _cond_resched+0x15/0x30
[79162.635686] ? kmem_cache_alloc_trace+0x162/0x220
[79162.636398] ? selinux_bpf_prog_alloc+0x1f/0x60
[79162.637111] bpf_prog_load+0x3de/0x690
[79162.637809] __do_sys_bpf+0x105/0x1740
[79162.638488] do_syscall_64+0x5b/0x180
[79162.639147] entry_SYSCALL_64_after_hwframe+0x44/0xa9
Patch #1 fixed the problem with more explanation in the commit message.
Patch #2 added a selftest which will fail without this patch.
Yonghong Song (2):
bpf: fix a bug to get subprog 0 jited image in check_attach_btf_id
selftests/bpf: add a fexit/bpf2bpf test with target bpf prog no
callees
kernel/bpf/verifier.c | 5 +-
.../selftests/bpf/prog_tests/fexit_bpf2bpf.c | 70 ++++++++++++++-----
.../bpf/progs/fexit_bpf2bpf_simple.c | 26 +++++++
.../selftests/bpf/progs/test_pkt_md_access.c | 4 +-
4 files changed, 85 insertions(+), 20 deletions(-)
create mode 100644 tools/testing/selftests/bpf/progs/fexit_bpf2bpf_simple.c
--
2.17.1
next reply index
Thread overview: 5+ messages / expand[flat|nested] mbox.gz Atom feed top
2019-12-05 1:06 Yonghong Song [this message]
2019-12-05 1:06 ` [PATCH bpf 1/2] bpf: fix a bug when getting subprog 0 jited image in check_attach_btf_id Yonghong Song
2019-12-05 5:33 ` Alexei Starovoitov
2019-12-05 1:06 ` [PATCH bpf 2/2] selftests/bpf: add a fexit/bpf2bpf test with target bpf prog no callees Yonghong Song
2019-12-05 5:37 ` Alexei Starovoitov
Reply instructions:
You may reply publically to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20191205010606.177712-1-yhs@fb.com \
--to=yhs@fb.com \
--cc=ast@fb.com \
--cc=bpf@vger.kernel.org \
--cc=daniel@iogearbox.net \
--cc=kernel-team@fb.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
BPF Archive on lore.kernel.org
Archives are clonable:
git clone --mirror https://lore.kernel.org/bpf/0 bpf/git/0.git
# If you have public-inbox 1.1+ installed, you may
# initialize and index your mirror using the following commands:
public-inbox-init -V2 bpf bpf/ https://lore.kernel.org/bpf \
bpf@vger.kernel.org
public-inbox-index bpf
Example config snippet for mirrors
Newsgroup available over NNTP:
nntp://nntp.lore.kernel.org/org.kernel.vger.bpf
AGPL code for this site: git clone https://public-inbox.org/public-inbox.git