[v1] bpf: cgroup: fix sysctl new-value handling in __cgroup_bpf_run_filter_sysctl

[PATCH 0/2] bpf: cgroup: fix sysctl new-value handling in __cgroup_bpf_run_filter_sysctl

Dawei Feng posted 2 patches 1 week, 6 days ago

Diff against v1 v2

Only 0 patches received!

There is a newer version of this series

kernel/bpf/cgroup.c | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)

Expand all Fold all

[PATCH 0/2] bpf: cgroup: fix sysctl new-value handling in __cgroup_bpf_run_filter_sysctl

Posted by Dawei Feng 1 week, 6 days ago

This series fixes two bugs in __cgroup_bpf_run_filter_sysctl().

Patch 1 restores cgroup/sysctl new-value replacement after
4e63acdff864 ("bpf: Introduce bpf_sysctl_{get,set}_new_value helpers")
changed the success return value to 0 but left the replacement path
checking for ret == 1.

Patch 2 fixes the buffer free primitive for that same path. The sysctl
write buffer originates from proc_sys_call_handler(), which allocates it
with kvzalloc(), so freeing it with kfree() is incorrect when the
allocation falls back to vmalloc().

Patch 1 validated with a cgroup/sysctl BPF reproducer overriding a target
sysctl write.
Patch 2 reproduced on a v7.1-rc4 QEMU x86_64 guest with KASAN and
CONFIG_FAILSLAB. After applying the fix, rerunning the reproducer no
longer triggers the Oops.

Dawei Feng (2):
  bpf: cgroup: fix sysctl new value replacement
  bpf: cgroup: Use kvfree instead of kfree in
    __cgroup_bpf_run_filter_sysctl

 kernel/bpf/cgroup.c | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

-- 
2.34.1