korg/linux
0
0
Fork 0
mirror of https://mirrors.bfsu.edu.cn/git/linux.git synced 2024-11-15 00:04:15 +08:00
Code Issues Packages Projects Releases Wiki Activity
1,185,991 Commits 112 Branches 5,274 Tags 4.8 GiB
C 97.6%
Assembly 1%
Shell 0.5%
Python 0.3%
Makefile 0.3%
f46fab0e36
Go to file
Jiri Olsa f46fab0e36 bpf: Add extra path pointer check to d_path helper 
Anastasios reported crash on stable 5.15 kernel with following
BPF attached to lsm hook:

  SEC("lsm.s/bprm_creds_for_exec")
  int BPF_PROG(bprm_creds_for_exec, struct linux_binprm *bprm)
  {
          struct path *path = &bprm->executable->f_path;
          char p[128] = { 0 };

          bpf_d_path(path, p, 128);
          return 0;
  }

But bprm->executable can be NULL, so bpf_d_path call will crash:

  BUG: kernel NULL pointer dereference, address: 0000000000000018
  #PF: supervisor read access in kernel mode
  #PF: error_code(0x0000) - not-present page
  PGD 0 P4D 0
  Oops: 0000 [#1] PREEMPT SMP DEBUG_PAGEALLOC NOPTI
  ...
  RIP: 0010:d_path+0x22/0x280
  ...
  Call Trace:
   <TASK>
   bpf_d_path+0x21/0x60
   bpf_prog_db9cf176e84498d9_bprm_creds_for_exec+0x94/0x99
   bpf_trampoline_6442506293_0+0x55/0x1000
   bpf_lsm_bprm_creds_for_exec+0x5/0x10
   security_bprm_creds_for_exec+0x29/0x40
   bprm_execve+0x1c1/0x900
   do_execveat_common.isra.0+0x1af/0x260
   __x64_sys_execve+0x32/0x40

It's problem for all stable trees with bpf_d_path helper, which was
added in 5.9.

This issue is fixed in current bpf code, where we identify and mark
trusted pointers, so the above code would fail even to load.

For the sake of the stable trees and to workaround potentially broken
verifier in the future, adding the code that reads the path object from
the passed pointer and verifies it's valid in kernel space.

Fixes: 6e22ab9da7 ("bpf: Add d_path helper")
Reported-by: Anastasios Papagiannis <tasos.papagiannnis@gmail.com>
Suggested-by: Alexei Starovoitov <ast@kernel.org>
Signed-off-by: Jiri Olsa <jolsa@kernel.org>
Signed-off-by: Daniel Borkmann <daniel@iogearbox.net>
Acked-by: Stanislav Fomichev <sdf@google.com>
Acked-by: Yonghong Song <yhs@fb.com>
Link: https://lore.kernel.org/bpf/20230606181714.532998-1-jolsa@kernel.org
2023-06-07 15:03:43 +02:00
arch m68k fixes for v6.4 2023-05-25 09:33:03 -07:00
block block: Deny writable memory mapping if block is read-only 2023-05-19 20:17:10 -06:00
certs KEYS: Add missing function documentation 2023-04-24 16:15:52 +03:00
crypto This push fixes the following problems: 2023-05-07 10:57:14 -07:00
Documentation netlink: specs: correct types of legacy arrays 2023-05-29 22:03:48 -07:00
drivers net: ipa: Use correct value for IPA_STATUS_SIZE 2023-06-01 13:29:18 +02:00
fs Changes since last update: 2023-05-23 10:47:32 -07:00
include bpf: netfilter: Add BPF_NETFILTER bpf_attach_type 2023-06-05 15:01:43 -07:00
init Objtool changes for v6.4: 2023-04-28 14:02:54 -07:00
io_uring for-6.4/io_uring-2023-05-07 2023-05-07 10:00:09 -07:00
ipc Merge branch 'work.namespace' of git://git.kernel.org/pub/scm/linux/kernel/git/viro/vfs 2023-02-24 19:20:07 -08:00
kernel bpf: Add extra path pointer check to d_path helper 2023-06-07 15:03:43 +02:00
lib Eight hotfixes. Four are cc:stable, the other four are for post-6.4 2023-05-18 17:06:04 -07:00
LICENSES LICENSES: Add the copyleft-next-0.3.1 license 2022-11-08 15:44:01 +01:00
mm mm: fix zswap writeback race condition 2023-05-17 15:24:33 -07:00
net bpf, sockmap: Avoid potential NULL dereference in sk_psock_verdict_data_ready() 2023-06-01 14:44:53 +02:00
rust Rust changes for v6.4 2023-04-30 11:20:22 -07:00
samples samples/bpf: Drop unnecessary fallthrough 2023-05-16 19:44:05 +02:00
scripts Locking changes in v6.4: 2023-05-05 12:56:55 -07:00
security integrity-v6.4 2023-04-29 10:11:32 -07:00
sound ALSA: hda/realtek: Enable headset onLenovo M70/M90 2023-05-24 14:18:59 +02:00
tools selftests/bpf: Fix sockopt_sk selftest 2023-06-06 11:07:26 -07:00
usr initramfs: Check negative timestamp to prevent broken cpio archive 2023-04-16 17:37:01 +09:00
virt KVM: Fix vcpu_array[0] races 2023-05-19 13:56:26 -04:00
.clang-format cxl for v6.4 2023-04-30 11:51:51 -07:00
.cocciconfig
.get_maintainer.ignore get_maintainer: add Alan to .get_maintainer.ignore 2022-08-20 15:17:44 -07:00
.gitattributes .gitattributes: use 'dts' diff driver for *.dtso files 2023-02-26 15:28:23 +09:00
.gitignore linux-kselftest-kunit-6.4-rc1 2023-04-24 12:31:32 -07:00
.mailmap mailmap: add entries for Nikolay Aleksandrov 2023-05-17 09:35:05 +01:00
.rustfmt.toml rust: add .rustfmt.toml 2022-09-28 09:02:20 +02:00
COPYING COPYING: state that all contributions really are covered by this file 2020-02-10 13:32:20 -08:00
CREDITS MAINTAINERS: sctp: move Neil to CREDITS 2023-05-12 08:51:32 +01:00
Kbuild Kbuild updates for v6.1 2022-10-10 12:00:45 -07:00
Kconfig kbuild: ensure full rebuild when the compiler is updated 2020-05-12 13:28:33 +09:00
MAINTAINERS Networking fixes for 6.4-rc4, including fixes from bluetooth and bpf 2023-05-25 10:55:26 -07:00
Makefile Linux 6.4-rc3 2023-05-21 14:05:48 -07:00
README Drop all 00-INDEX files from Documentation/ 2018-09-09 15:08:58 -06:00

README 

Linux kernel
============

There are several guides for kernel developers and users. These guides can
be rendered in a number of formats, like HTML and PDF. Please read
Documentation/admin-guide/README.rst first.

In order to build the documentation, use ``make htmldocs`` or
``make pdfdocs``.  The formatted documentation can also be read online at:

    https://www.kernel.org/doc/html/latest/

There are various text files in the Documentation/ subdirectory,
several of them using the Restructured Text markup notation.

Please read the Documentation/process/changes.rst file, as it contains the
requirements for building and running the kernel, and information about
the problems which may result by upgrading your kernel.