Gh0st
/
linux
mirror of https://github.com/torvalds/linux.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity
linux/kernel/bpf
History
Kumar Kartikeya Dwivedi d1a374a1ae bpf: Limit maximum modifier chain length in btf_check_type_tags 
On processing a module BTF of module built for an older kernel, we might
sometimes find that some type points to itself forming a loop. If such a
type is a modifier, btf_check_type_tags's while loop following modifier
chain will be caught in an infinite loop.

Fix this by defining a maximum chain length and bailing out if we spin
any longer than that.

Fixes: eb596b0905 ("bpf: Ensure type tags precede modifiers in BTF")
Reported-by: Daniel Borkmann <daniel@iogearbox.net>
Signed-off-by: Kumar Kartikeya Dwivedi <memxor@gmail.com>
Signed-off-by: Daniel Borkmann <daniel@iogearbox.net>
Acked-by: Yonghong Song <yhs@fb.com>
Link: https://lore.kernel.org/bpf/20220615042151.2266537-1-memxor@gmail.com
 		2022-06-15 19:32:12 +02:00
..
preload
Kconfig
Makefile
arraymap.c
bloom_filter.c
bpf_inode_storage.c
bpf_iter.c
bpf_local_storage.c
bpf_lru_list.c
bpf_lru_list.h
bpf_lsm.c
bpf_struct_ops.c
bpf_struct_ops_types.h
bpf_task_storage.c
btf.c bpf: Limit maximum modifier chain length in btf_check_type_tags 2022-06-15 19:32:12 +02:00
cgroup.c
core.c bpf: Fix probe read error in ___bpf_prog_run() 2022-05-28 01:09:18 +02:00
cpumap.c
devmap.c
disasm.c
disasm.h
dispatcher.c
hashtab.c
helpers.c bpf: Add dynptr data slices 2022-05-23 14:31:28 -07:00
inode.c
link_iter.c
local_storage.c
lpm_trie.c
map_in_map.c
map_in_map.h
map_iter.c
mmap_unlock_work.h
net_namespace.c
offload.c
percpu_freelist.c
percpu_freelist.h
prog_iter.c
queue_stack_maps.c
reuseport_array.c
ringbuf.c bpf: Dynptr support for ring buffers 2022-05-23 14:31:28 -07:00
stackmap.c
syscall.c
sysfs_btf.c
task_iter.c
tnum.c
trampoline.c
verifier.c bpf: Add dynptr data slices 2022-05-23 14:31:28 -07:00