Add return value check for BPF_LSM_CGROUP

[PATCH bpf 0/2] Add return value check for BPF_LSM_CGROUP

Xu Kuohai posted 2 patches 1 day, 9 hours ago

Download series mbox

kernel/bpf/verifier.c                         | 10 +++++
.../selftests/bpf/progs/verifier_lsm.c        | 45 +++++++++++++++++++
2 files changed, 55 insertions(+)

Expand all Fold all

[PATCH bpf 0/2] Add return value check for BPF_LSM_CGROUP

Posted by Xu Kuohai 1 day, 9 hours ago

Quan Sun reported a NULL pointer dereference caused by invalid return value of
BPF_LSM_CGROUP program [1].

The cause is that the BPF_LSM_CGROUP programs use bpf_set_retval() helper to
set return value for the target LSM hook, and the value is not validated,
making any arbitrary value legally accepted.

To fix it, add return value check for BPF_LSM_CGROUP programs. 

[1] https://lore.kernel.org/all/567d3206-74a5-44e5-99c6-779c425f399e@std.uestc.edu.cn

Xu Kuohai (2):
  bpf: Add return value check for BPF_LSM_CGROUP
  selftests/bpf: Add return value tests for lsm cgroup

 kernel/bpf/verifier.c                         | 10 +++++
 .../selftests/bpf/progs/verifier_lsm.c        | 45 +++++++++++++++++++
 2 files changed, 55 insertions(+)

-- 
2.43.0