diff options
| author | Andrii Nakryiko <andrii@kernel.org> | 2023-08-25 13:21:52 -0700 |
|---|---|---|
| committer | Alexei Starovoitov <ast@kernel.org> | 2023-09-08 08:42:17 -0700 |
| commit | 3903802bb99a263a3c26422c3d30a121b1f6f939 (patch) | |
| tree | dc43120e3db24cccd4f35dd4b9d4cbe20fc8386b /kernel/bpf/memalloc.c | |
| parent | 73be7fb14e83d24383f840a22f24d3ed222ca319 (diff) | |
| download | linux-stable-3903802bb99a263a3c26422c3d30a121b1f6f939.tar.gz linux-stable-3903802bb99a263a3c26422c3d30a121b1f6f939.tar.bz2 linux-stable-3903802bb99a263a3c26422c3d30a121b1f6f939.zip | |
libbpf: Add basic BTF sanity validation
Implement a simple and straightforward BTF sanity check when parsing BTF
data. Right now it's very basic and just validates that all the string
offsets and type IDs are within valid range. For FUNC we also check that
it points to FUNC_PROTO kinds.
Even with such simple checks it fixes a bunch of crashes found by OSS
fuzzer ([0]-[5]) and will allow fuzzer to make further progress.
Some other invariants will be checked in follow up patches (like
ensuring there is no infinite type loops), but this seems like a good
start already.
Adding FUNC -> FUNC_PROTO check revealed that one of selftests has
a problem with FUNC pointing to VAR instead, so fix it up in the same
commit.
[0] https://github.com/libbpf/libbpf/issues/482
[1] https://github.com/libbpf/libbpf/issues/483
[2] https://github.com/libbpf/libbpf/issues/485
[3] https://github.com/libbpf/libbpf/issues/613
[4] https://github.com/libbpf/libbpf/issues/618
[5] https://github.com/libbpf/libbpf/issues/619
Signed-off-by: Andrii Nakryiko <andrii@kernel.org>
Signed-off-by: Daniel Borkmann <daniel@iogearbox.net>
Reviewed-by: Alan Maguire <alan.maguire@oracle.com>
Reviewed-by: Song Liu <song@kernel.org>
Closes: https://github.com/libbpf/libbpf/issues/617
Link: https://lore.kernel.org/bpf/20230825202152.1813394-1-andrii@kernel.org
Diffstat (limited to 'kernel/bpf/memalloc.c')
0 files changed, 0 insertions, 0 deletions