Re: [PATCH bpf-next 1/2] libbpf: Don't take direct pointers into BTF data from st_ops

From: patchwork-bot+netdevbpf
Date: Wed Jul 24 2024 - 20:20:45 EST

Next message: Roman Gushchin: "Re: [PATCH mm-unstable v1 0/4] Improve mem_cgroup_iter()"
Previous message: technoboy85: "[PATCH bpf-next v3 2/2] bpf: allow bpf_current_task_under_cgroup() with BPF_CGROUP_*"
In reply to: David Vernet: "Re: [PATCH bpf-next 2/2] selftests/bpf: Add test for resizing data map with struct_ops"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Hello:

This series was applied to bpf/bpf-next.git (master)
by Andrii Nakryiko <andrii@xxxxxxxxxx>:

On Wed, 24 Jul 2024 12:14:58 -0500 you wrote:
> In struct bpf_struct_ops, we have take a pointer to a BTF type name, and
> a struct btf_type. This was presumably done for convenience, but can
> actually result in subtle and confusing bugs given that BTF data can be
> invalidated before a program is loaded. For example, in sched_ext, we
> may sometimes resize a data section after a skeleton has been opened,
> but before the struct_ops scheduler map has been loaded. This may cause
> the BTF data to be realloc'd, which can then cause a UAF when loading
> the program because the struct_ops map has pointers directly into the
> BTF data.
>
> [...]

Here is the summary with links:
- [bpf-next,1/2] libbpf: Don't take direct pointers into BTF data from st_ops
https://git.kernel.org/bpf/bpf-next/c/7244100e0389
- [bpf-next,2/2] selftests/bpf: Add test for resizing data map with struct_ops
(no matching commit)

You are awesome, thank you!
--
Deet-doot-dot, I am a bot.
https://korg.docs.kernel.org/patchwork/pwbot.html

Next message: Roman Gushchin: "Re: [PATCH mm-unstable v1 0/4] Improve mem_cgroup_iter()"
Previous message: technoboy85: "[PATCH bpf-next v3 2/2] bpf: allow bpf_current_task_under_cgroup() with BPF_CGROUP_*"
In reply to: David Vernet: "Re: [PATCH bpf-next 2/2] selftests/bpf: Add test for resizing data map with struct_ops"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]