From patchwork Fri Oct 7 17:48:14 2022 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Shung-Hsi Yu X-Patchwork-Id: 13001293 X-Patchwork-Delegate: bpf@iogearbox.net Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by smtp.lore.kernel.org (Postfix) with ESMTP id E3D05C433F5 for ; Fri, 7 Oct 2022 17:48:56 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S229495AbiJGRsy (ORCPT ); Fri, 7 Oct 2022 13:48:54 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:60994 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S229453AbiJGRsx (ORCPT ); Fri, 7 Oct 2022 13:48:53 -0400 Received: from EUR03-AM7-obe.outbound.protection.outlook.com (mail-am7eur03on2063.outbound.protection.outlook.com [40.107.105.63]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id E2D7ED2583 for ; Fri, 7 Oct 2022 10:48:51 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=JaT+AN+spk5k5UsgHG/H8VkBGViODZXIb+8foU9rTAQrcG3owtSUKh+VqvpgSclWYSQl2e6Rll8aqllXhUkvF8aIiRIGGaD0tJWU2FDz4I+0GvwV2+rp4Kl+m/utRKKe3SViBWiCk6Ka0IKGwkTMEGG25KP/k2O3kNgvz8PHExEcG+13WyUgQMHaorjQD/kQce0Lm/a2PONaF+hV+RamDijzluq6mRE+wd0z2215bE9a+3PuumuSXgfiz1FLN7yEm6qvTWbUqDCwSE1ZYcfin+vRKDlw+3aTamwXqwFj57LYdkCI1zllib7bNoh2HExmILKrVLopFRvV0MfaQsYj7Q== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=tA/HdeLUmfl9Nf9LWOL9XWuYBa5m7oytraKtKgLDhoQ=; b=JH3Vl44WZzPU7zivnzDdf9/2iXqsE6RT7phJbJHqHLtA57ZAhmnH2GzZYmH8AdlH2sxtsQN5cYiBSRjzfkjOmWkdsb+B6f4MQ+HIdDTB3qAy9RsG6qhwPh52n/d4DnXSil1JIWNZdfGYad3jRrjfKIf9tguSwM1XDhjcf6zCvGSDC7xVfTEr0xHvJX+Abea6XwDTioBd5SUH0iTBwYvNm0EHlOITkv2iI5ndTldcIRlLu+njgBe5mrJ7+2I1PGpfsfMHds8fUPDVw1blUILaIfs9tBWRI3Q4rj4x8ojPvQkBh4jZSpBtk/AdHBmt6z6AixeBZvHoLiCrBOOGnaHkMQ== ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=suse.com; dmarc=pass action=none header.from=suse.com; dkim=pass header.d=suse.com; arc=none DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=suse.com; s=selector1; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=tA/HdeLUmfl9Nf9LWOL9XWuYBa5m7oytraKtKgLDhoQ=; b=QjU7U5ZdbV33sdWky9h6CgKqx/0dU3oXIiMl5AoV9hNvrHMaWDl/4rR2zSjHmReDfqG2OAaxryzB66QAuPcA8j4+VB3wycyduEAwZlQbjf3YXfycRq5KUChUyeUAKUbduUq4xcNY5xoDPt3CEId62D+SklBqf2xoSL9etZiZ6zTeu5Rs/YGfyJFQG+XFvZe2JyQfMfcIESIf/NquBzT7es/Dnu093flmH3R/DN1sk3VdyzBwHupmfyVnrXqcVWLPBO2FOXpZt1NFDhxzXG/O5O1kfAPmInic7WwDsW/TtvD+N1n1RJlaCfe4rriAj/JErj9heoLVD24AE8JD3PeMLg== Authentication-Results: dkim=none (message not signed) header.d=none;dmarc=none action=none header.from=suse.com; Received: from DB9PR04MB8107.eurprd04.prod.outlook.com (2603:10a6:10:243::20) by PAXPR04MB9350.eurprd04.prod.outlook.com (2603:10a6:102:2b7::10) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.5676.28; Fri, 7 Oct 2022 17:48:49 +0000 Received: from DB9PR04MB8107.eurprd04.prod.outlook.com ([fe80::37bc:916c:55e:c0a2]) by DB9PR04MB8107.eurprd04.prod.outlook.com ([fe80::37bc:916c:55e:c0a2%5]) with mapi id 15.20.5676.034; Fri, 7 Oct 2022 17:48:49 +0000 From: Shung-Hsi Yu To: bpf@vger.kernel.org, Andrii Nakryiko Cc: Shung-Hsi Yu , Alexei Starovoitov , Daniel Borkmann , Martin KaFai Lau , Song Liu , Yonghong Song , John Fastabend , KP Singh , Stanislav Fomichev , Hao Luo , Jiri Olsa Subject: [PATCH bpf 1/3] libbpf: use elf_getshdrnum() instead of e_shnum Date: Sat, 8 Oct 2022 01:48:14 +0800 Message-Id: <20221007174816.17536-2-shung-hsi.yu@suse.com> X-Mailer: git-send-email 2.37.3 In-Reply-To: <20221007174816.17536-1-shung-hsi.yu@suse.com> References: <20221007174816.17536-1-shung-hsi.yu@suse.com> X-ClientProxiedBy: TY2PR01CA0017.jpnprd01.prod.outlook.com (2603:1096:404:a::29) To DB9PR04MB8107.eurprd04.prod.outlook.com (2603:10a6:10:243::20) MIME-Version: 1.0 X-MS-PublicTrafficType: Email X-MS-TrafficTypeDiagnostic: DB9PR04MB8107:EE_|PAXPR04MB9350:EE_ X-MS-Office365-Filtering-Correlation-Id: 6f9ac113-1f1a-40c1-73a7-08daa88c3082 X-MS-Exchange-SenderADCheck: 1 X-MS-Exchange-AntiSpam-Relay: 0 X-Microsoft-Antispam: BCL:0; X-Microsoft-Antispam-Message-Info: lvVpsjamiqhmSvsFsRSH1iM68ItyX3ADetZ8Jy07DrCAGhSo+FpvTUz+aquWrx4Wa/Yq/2PLg3EfvqmiZ6nrjAF+3Jo6i8nMlGx1H3SULhYrUuYf8pCqe+i87+JlMVaNGY8w0MqhVvQUTKXxsJt/h0x+z9TRFcMo1YFMIrZtApYAjF3idBDHqW3HRH4ctyj6oyQhhIYLeJ9nDMGdRjdaMyEkxKR6D0ryPpTATsr1yb+YAkeDo0vIL/07+9q+/5Wqh9r0XtbJWxFijfAZU2e5b9PG0ahYTGR+1/awqSElNAf6C1cbHqntwO2F821tewEx5P82wRDoR2uOE8ONpUn0VT7khFmyihyvzZsm5/DYH9jnDR11ReDoUrNDUSx5xrdZrp/hq/YrMSduUJfaTaLD+xxMsyDG/CQmfyqmG46X1dT8G+sfaGx6YqnD5jodxnidCpqxxdfZS1z2I7yUEqjuMCYilCFZ4KHPtm9ZbgKYDf3ct4UIXLX68NOqPLNHyLqr8uPoEOBPae07F6tB2CDgmuPNQ9wSNiLCqfSfer2sfs1cmS1MqTV3Hf8JM728qIuOlJQZ0/MyEQQlT/WMOI8l9v18/jvxLd+u9G/nO8+gkjwUNmsD9QXxa8061Z3i/sVluOCUtx4m8ja/0hNYLNp7gZUSLQ22kWGy/RTkE1i967kg9RILVrR4BAPlea4zjMaHSOjdf/2raC7KOj1XBExnNYt61H53JNoOZUzSyNj9r/p1BQe550/Clp8O8AW0XNUWnnkV0rO4/jKrPMGSliuoyQ== X-Forefront-Antispam-Report: CIP:255.255.255.255;CTRY:;LANG:en;SCL:1;SRV:;IPV:NLI;SFV:NSPM;H:DB9PR04MB8107.eurprd04.prod.outlook.com;PTR:;CAT:NONE;SFS:(13230022)(376002)(346002)(136003)(366004)(396003)(39860400002)(451199015)(1076003)(41300700001)(54906003)(186003)(66476007)(86362001)(966005)(7416002)(8936002)(6916009)(66556008)(6486002)(66946007)(5660300002)(8676002)(2906002)(316002)(4326008)(6506007)(478600001)(6512007)(2616005)(38100700002)(83380400001)(6666004)(36756003);DIR:OUT;SFP:1101; X-MS-Exchange-AntiSpam-MessageData-ChunkCount: 1 X-MS-Exchange-AntiSpam-MessageData-0: PAj9Pph1/v2xJbVKe+cdckZPgTD6hyVaZMPe3A0uVcsKfUEaXyGLMD64rdkJhTDWetHrx7oEsEfNhs6uqS/NPD5TrrVmsXzlS2+VMrgFRMRL1VCnPLwcoZaYXBrJ9OpIrp+cPaUFcd8a2/TmuFihZjS72wXZG9tDGin1b5YXVAAjrJdyBpCFG2GeNRTymMeG3vRShocSJstlD0wQ8pCJ4ldDevc9yhEzd4aeODMXpZ3rX/1zV8XuiIYseeRNTEnXn3uMyLSoPUJIz1ue/wOjsqjqv5q4jqmNG1vJ0O0zf+K4g8XI9Qb4A0g32S4kvvZ88hLSKHoj7Sfo1GjEzE2reRn6iwUuFlEuvb59zEeUQ0bMEfuS16lhE8HyRdA90R4meB0kJtS0IVsuNfW5Hg4soKa6UtQYrTjrTcpCgRlP9NLiwlqbe37ARENREEztJc6+1zA3JrpE2OkJWbh4zmHDGIFBWGQTIBeedqz0bUguYf9Wo8S7FjcQ8HOpSRltV+VbN2M06OA3wvOED6M/c+t7kQR5BTUnhAF/kByU/79JUVZQQ21MNXr3Izd4up+zUt6jGIQQm7MqIirXQ9VuoviXuFBLlTZ2exDFobxElr73dgIoyAh/nzsZVWt+7o6c2o+u5Ag8RE3XM2kbcmJjlM00d6EIZS9D0y4HLEnrbIqvYI1K00HsLxFmA4yM9eR80t7FcjGeQxoniGmz7jWGxOCDzXpyVvm75qU6AUmtpEvTpTjkiZfeMzCxUFliR3hOHMi8jFDJE103kxv87HjM7Z7h474u2qKaU31+3CISB9JPoHb7/26mqZEvO25l4KdZO9X2wtpSNOo3Ql2k/cSYAObSiG12iPWUr0J3aF/SIDal4lHCOkMnq7uRS1rGBLQ7ZL0OzA0UFZnVCGJlhYe4OF74C1Pg392+K3YgYoBUYalW8az+LNWDhJ3gmqF4GKpUr15nsY95esVqh315xwuCSVK2Gd2PcuFAI+Fo9PJZXT3EHxXiGmUIzJWEZrJfaeRQv/Iyg7Ffh9z7oA9tf3/bCyMQv0mEU7Ynsa809So6kZ1lXPEhnDEkRTKKQW6NeQCUqEc/g+IjmR4EQ+qlvsAtmYFf86xffJqT5z5ROSD5nJ8kYde4ITgoob9N3m5NNlxdjFhzhQf3GSi9Vxf1JAdPOmJeoBpgsAXgIgn9q4LQ7cpMOS+hcszbbjcv3PKfpsux/bY+WBOm1KLU/mCERoZtwceeNFZ5vbTqTGJKi+Q0KSgbquaDPlFvdo4oXkEuu0AGb5+ibVQQcPIf3GpJIpl0jpBRrxc/F5EujD1btSeQhU7fiODNbJx8MzDItw5TJaa60Nnp+O1TjIKQLQtOSYBgPJi0CAiP5t175+nejHMnTVXxErbSFpquVoRisMwN1ohKiA+zmuVoFdDbk5VmkbkYOdof42aRDqbzhj9Sp9E0pY8PMFoPp8gjf9GLbSboE9aGxNc+k3oL84N7lSkju6EtFUY1YWNlHYbNPhVB42yPLO1tXXp+yXr5HM2hhkq8dOZlsvT0YNjQ//63MJJqHqj0DDmPptSE/z4nLOA9m98XvxctbCOhC1on7G9J0Gdflv/3bkhYOlUG8HQvBMtxroKlc6l4L/F2n+MeIJS67/L+TD/41+2ab0NoKdhHExB04eaSIDuU X-OriginatorOrg: suse.com X-MS-Exchange-CrossTenant-Network-Message-Id: 6f9ac113-1f1a-40c1-73a7-08daa88c3082 X-MS-Exchange-CrossTenant-AuthSource: DB9PR04MB8107.eurprd04.prod.outlook.com X-MS-Exchange-CrossTenant-AuthAs: Internal X-MS-Exchange-CrossTenant-OriginalArrivalTime: 07 Oct 2022 17:48:49.3776 (UTC) X-MS-Exchange-CrossTenant-FromEntityHeader: Hosted X-MS-Exchange-CrossTenant-Id: f7a17af6-1c5c-4a36-aa8b-f5be247aa4ba X-MS-Exchange-CrossTenant-MailboxType: HOSTED X-MS-Exchange-CrossTenant-UserPrincipalName: 76QJyLfsMu0Wn1L4i64Hg8M9mR8/bLcqxcUGXrOr5bTePmT/e/so8QKX0tYeU2BY/DpXMkrFEiM/nsCb15YUTQ== X-MS-Exchange-Transport-CrossTenantHeadersStamped: PAXPR04MB9350 Precedence: bulk List-ID: X-Mailing-List: bpf@vger.kernel.org X-Patchwork-Delegate: bpf@iogearbox.net This commit replace e_shnum with the elf_getshdrnum() helper to fix two oss-fuzz-reported heap-buffer overflow in __bpf_object__open. Both reports are incorrectly marked as fixed and while still being reproducible in the latest libbpf. # clusterfuzz-testcase-minimized-bpf-object-fuzzer-5747922482888704 libbpf: loading object 'fuzz-object' from buffer libbpf: sec_cnt is 0 libbpf: elf: section(1) .data, size 0, link 538976288, flags 2020202020202020, type=2 libbpf: elf: section(2) .data, size 32, link 538976288, flags 202020202020ff20, type=1 ================================================================= ==13==ERROR: AddressSanitizer: heap-buffer-overflow on address 0x6020000000c0 at pc 0x0000005a7b46 bp 0x7ffd12214af0 sp 0x7ffd12214ae8 WRITE of size 4 at 0x6020000000c0 thread T0 SCARINESS: 46 (4-byte-write-heap-buffer-overflow-far-from-bounds) #0 0x5a7b45 in bpf_object__elf_collect /src/libbpf/src/libbpf.c:3414:24 #1 0x5733c0 in bpf_object_open /src/libbpf/src/libbpf.c:7223:16 #2 0x5739fd in bpf_object__open_mem /src/libbpf/src/libbpf.c:7263:20 ... The issue lie in libbpf's direct use of e_shnum field in ELF header as the section header count. Where as libelf, on the other hand, implemented an extra logic that, when e_shnum is zero and e_shoff is not zero, will use sh_size member of the initial section header as the real section header count (part of ELF spec to accommodate situation where section header counter is larger than SHN_LORESERVE). The above inconsistency lead to libbpf writing into a zero-entry calloc area. So intead of using e_shnum directly, use the elf_getshdrnum() helper provided by libelf to retrieve the section header counter into sec_cnt. Link: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=40868 Link: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=40957 Fixes: 0d6988e16a12 ("libbpf: Fix section counting logic") Fixes: 25bbbd7a444b ("libbpf: Remove assumptions about uniqueness of .rodata/.data/.bss maps") Signed-off-by: Shung-Hsi Yu --- To be honest I'm not sure if any of the BPF toolchain will produce such ELF binary. Tools like readelf simply refuse to dump section header table when e_shnum==0 && e_shoff !=0 case is encountered. While we can use same approach as readelf, opting for a coherent view with libelf for now since that should be less confusing. --- tools/lib/bpf/libbpf.c | 10 ++++++++-- 1 file changed, 8 insertions(+), 2 deletions(-) -- 2.37.3 diff --git a/tools/lib/bpf/libbpf.c b/tools/lib/bpf/libbpf.c index 184ce1684dcd..a64e13c654f3 100644 --- a/tools/lib/bpf/libbpf.c +++ b/tools/lib/bpf/libbpf.c @@ -597,7 +597,7 @@ struct elf_state { size_t shstrndx; /* section index for section name strings */ size_t strtabidx; struct elf_sec_desc *secs; - int sec_cnt; + size_t sec_cnt; int btf_maps_shndx; __u32 btf_maps_sec_btf_id; int text_shndx; @@ -1369,6 +1369,13 @@ static int bpf_object__elf_init(struct bpf_object *obj) goto errout; } + if (elf_getshdrnum(obj->efile.elf, &obj->efile.sec_cnt)) { + pr_warn("elf: failed to get the number of sections for %s: %s\n", + obj->path, elf_errmsg(-1)); + err = -LIBBPF_ERRNO__FORMAT; + goto errout; + } + /* Elf is corrupted/truncated, avoid calling elf_strptr. */ if (!elf_rawdata(elf_getscn(elf, obj->efile.shstrndx), NULL)) { pr_warn("elf: failed to get section names strings from %s: %s\n", @@ -3315,7 +3322,6 @@ static int bpf_object__elf_collect(struct bpf_object *obj) * section. e_shnum does include sec #0, so e_shnum is the necessary * size of an array to keep all the sections. */ - obj->efile.sec_cnt = obj->efile.ehdr->e_shnum; obj->efile.secs = calloc(obj->efile.sec_cnt, sizeof(*obj->efile.secs)); if (!obj->efile.secs) return -ENOMEM; From patchwork Fri Oct 7 17:48:15 2022 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Shung-Hsi Yu X-Patchwork-Id: 13001294 X-Patchwork-Delegate: bpf@iogearbox.net Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by smtp.lore.kernel.org (Postfix) with ESMTP id 3B179C433FE for ; Fri, 7 Oct 2022 17:49:06 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S229579AbiJGRtF (ORCPT ); Fri, 7 Oct 2022 13:49:05 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:32982 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S229574AbiJGRtE (ORCPT ); Fri, 7 Oct 2022 13:49:04 -0400 Received: from EUR04-VI1-obe.outbound.protection.outlook.com (mail-eopbgr80073.outbound.protection.outlook.com [40.107.8.73]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 76698D25A0 for ; Fri, 7 Oct 2022 10:49:01 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=Rt3H49y8Pe8S3oeXbRNnL3/L2P6Gsv9nE1sVudgvKIaYPXJhRmRCnAOD7WqE0gqv9pFFsm/jLn5rR6jhPSgRg2l1y6OOiD5vYn42nGMdafCTwuzmtrytuRJgaS58bpL70ngIppMSUFwGNPAY+zSu0MxFHnSC6yR3c1DdYrUkmPHmmBSstiBq743oL/vOeoxD/hybYj3GqFx30oLMZCF0qRqtGcJJhEfpuR2sBfSn8jcoLxsIeUI6uK9FnB1CUyk7W24YJG23zKevrC0aUwlmvqRaDxkxAh9YvSHAZcqlw8fptvDJPPjGm5mTr359P5dREJOMrZWZBl/S7tVoGYs7oA== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=YK/kMhFrVxCSGz+k8IhhyJ5v/0prUf3UkZentdTFKhI=; b=cvTljSNcMH0bSUq7TuKihwWWgVP/xcCOYWS92v0woMNOAf74NzsPwbDbHTg5LYllFLrUc8x2ga0sesrnIVNKRbRWQxDjyafSRZKeFowl0+AgMQDRzOQtWXs3bidO2fGmVsndPsl9nZdXXPyy0hVHq9rXnrAhc8t39ia/5qJhCymMCuQjvs/vo/vKrJ5H8Puriay2WGTcD/iTT1raWLRO7zlpvHJzvO6aPd0UhpeHsI7+PkhzWS/3Lgf2nfLp58PqlftjY3smJR2e/MUkDdLvRsQ2WhEsZYclphzFTGXpZpVB2OO+trTeOtHA8+OYQZDqL3PizNJx7RWpt3vYurttUw== ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=suse.com; dmarc=pass action=none header.from=suse.com; dkim=pass header.d=suse.com; arc=none DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=suse.com; s=selector1; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=YK/kMhFrVxCSGz+k8IhhyJ5v/0prUf3UkZentdTFKhI=; b=xUrvoGwzZp4zTQLPsjzr/NcjKg5e5xYdbk5np4r+DyoWnnPKYm0sjUw4xNSFmEkNAauGfPSldRo71cuTTy4/WfahOhqZ+j3kQTgU0uP14jie4ZHVJPMffGpa+xvkofwFmIKcgIfO/YjuG8J3NcXzaMwWLjMFf9W1CZ7lp2yHSaIYQK2ZrcjhHwE8f/U2NINwxQ+yGUp6sJGl0E082ph2DnjSE6tsBX2vw0CcFMCCNcXKVBUGFuRE/hLJtl8NKMYPUAWYyu6aJJOXXJcqtxa6pMCmbFbTOzBlj6rup1x8ZQmnhERxow8W13IUoVY95BVRedVZKrMaQxsW6WvBC9i6AQ== Authentication-Results: dkim=none (message not signed) header.d=none;dmarc=none action=none header.from=suse.com; Received: from DB9PR04MB8107.eurprd04.prod.outlook.com (2603:10a6:10:243::20) by PAXPR04MB9350.eurprd04.prod.outlook.com (2603:10a6:102:2b7::10) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.5676.28; Fri, 7 Oct 2022 17:48:58 +0000 Received: from DB9PR04MB8107.eurprd04.prod.outlook.com ([fe80::37bc:916c:55e:c0a2]) by DB9PR04MB8107.eurprd04.prod.outlook.com ([fe80::37bc:916c:55e:c0a2%5]) with mapi id 15.20.5676.034; Fri, 7 Oct 2022 17:48:58 +0000 From: Shung-Hsi Yu To: bpf@vger.kernel.org, Andrii Nakryiko Cc: Shung-Hsi Yu , Alexei Starovoitov , Daniel Borkmann , Martin KaFai Lau , Song Liu , Yonghong Song , John Fastabend , KP Singh , Stanislav Fomichev , Hao Luo , Jiri Olsa Subject: [PATCH bpf 2/3] libbpf: fix null-pointer dereference in find_prog_by_sec_insn() Date: Sat, 8 Oct 2022 01:48:15 +0800 Message-Id: <20221007174816.17536-3-shung-hsi.yu@suse.com> X-Mailer: git-send-email 2.37.3 In-Reply-To: <20221007174816.17536-1-shung-hsi.yu@suse.com> References: <20221007174816.17536-1-shung-hsi.yu@suse.com> X-ClientProxiedBy: TYCP286CA0079.JPNP286.PROD.OUTLOOK.COM (2603:1096:400:2b3::17) To DB9PR04MB8107.eurprd04.prod.outlook.com (2603:10a6:10:243::20) MIME-Version: 1.0 X-MS-PublicTrafficType: Email X-MS-TrafficTypeDiagnostic: DB9PR04MB8107:EE_|PAXPR04MB9350:EE_ X-MS-Office365-Filtering-Correlation-Id: 53f5dc0a-e152-4824-cf8e-08daa88c3659 X-MS-Exchange-SenderADCheck: 1 X-MS-Exchange-AntiSpam-Relay: 0 X-Microsoft-Antispam: BCL:0; X-Microsoft-Antispam-Message-Info: CsPhunHuC92XYXRJSmOzSLlwllzsTDz4/BjRb6N5P9sr28SrcWti5uq/8bhoDw1MmItbYk13lFeW7wgJQth9ku+AnYljpnlm8vqIz8Qk/2LKiCfw0+J32nZApKBdMBJLL23nB4BB7KpIGFlEqVzaZNSLOigS1lHyB40yQpJXoJgFIT8aIrF6cfeUMBzTPep53ypsNuKYSPOV5EenE4fpBNUlZOy4Pob1Jy0y68JnblTd77WAAXlc/EUk3IV8uGuwYnDXE3hlwBU4+WZGVziaML14g2kYnLvob5zpXUdUAKC9KaYDjyhJV0CVJsRtQqT8Ab6SJHpXGfHphy1KFU8OOwmU8T/B+kpZ5b/8CF7zkMVQt5zwZEytaLXL5Qm0aHRGGszqurZ3QUKRnChd9FXiC2p1fbUNNhuJpuJ4DgBMUh41AsJtT719YqLTwuUiXL1DEHMoD3TxTI/dmkdf+0o/GujNuZtH7Bg3dYBvD+QNryOOSlV68Tlz/0VtFaTesZHWL7L8W8S0Fpb/efJlJVHOXFW0AIdHq9cFyzmMh1KQKGoHHH4G8sGkrreP1HpoPRgfSZOZDPivrnfINtZJpuvh8pP8meT7wTRnsboqS8qn3IdFb3eaI9awF5XSZ1pBarFbxF2Fi0EHWWmYLSbqX2urB0AOgb1PoTWEe24AVR5FNxV7NWgW/o1neOUvOSCY/VA55Yb4Al4sw7DYuA3VK8FvPA== X-Forefront-Antispam-Report: CIP:255.255.255.255;CTRY:;LANG:en;SCL:1;SRV:;IPV:NLI;SFV:NSPM;H:DB9PR04MB8107.eurprd04.prod.outlook.com;PTR:;CAT:NONE;SFS:(13230022)(376002)(346002)(136003)(366004)(396003)(39860400002)(451199015)(1076003)(41300700001)(54906003)(186003)(66476007)(86362001)(7416002)(8936002)(6916009)(66556008)(6486002)(66946007)(5660300002)(8676002)(2906002)(316002)(4326008)(6506007)(478600001)(6512007)(2616005)(38100700002)(83380400001)(6666004)(36756003);DIR:OUT;SFP:1101; X-MS-Exchange-AntiSpam-MessageData-ChunkCount: 1 X-MS-Exchange-AntiSpam-MessageData-0: Gnl9vFnfjYEJw4NuxhxYNhPPd8auU+OptZf2WX6kVtxpkU0L5GRjCLB1dJN2Ig1iOVn30OMz2QshzYSkViO59fcPygFgN/Px9C3yxSHYrPIs1Dswepb29YwI4H0v95VZ8/XJYZiRoxUdYhgTW+1ceT0gexjbVQoBhyXkSmiOk843qFvi1/uAuPNXPCamgxE+WvgGt0WWXmuqOoK0mFt8SYiPYAP72+xyM7kuY8as9vz/DAZmP5PKa0NYWVGJUq+vW34RZgtebVnJWVJW5jDBojhjR5mhgy2HleTD1oYDb+L8gn405sWyb5PGhrKT5/kCenywYS9n2ii9MpANxaTKF7F697EeXB2Jvc9JL7aUgSbUiKJW0iatPPyWJOiKCjMY8O7HvNLvS3/MxkKAIvCQaNuG10FcUjzCaEaCXzgGlRzW9puoQlimV3+rTXls7022+zmdd03CINiNpUnfcPQ98iqo0/0qKUFwlDqJZb/jnAg7cBkVJZNX/cxE9tPtQGCTqL0BXLawMBz65mH6F/pmKkiCeX9aosCSVNWK/yk9/B3eDZ/h8wZauXDXVZdHkFzgTNOQRIhpOf9S1iyvajrS575IiUkYTCIk2AumnllhCLyCJVva5wE66URp8R1SxkDk7xo8H9dCh3ABrQv88h9+jTGQzYnvXDsnQe7mBJ1zOtgPFHgKSjAa2Eoa41jFrXDyUFz0aO4bt4pdP5AbEH9GHvT5gpiq32klv6TqR/SekvJYivm9JoJf30obEjwICPemaWFyKnxCcLvRB/3a1lkApek22umz/lPX0bhNgIPXRBxZ+1F0hEftcqJqOkYSkf//U5J304RoT7rTU9Zspd72aV8w6nWPwbIcS3eIT23ko3gW1pRCi0PXAMiLsy3UeYjuVr3ljAUIAcJVWaPyJ2wjKB4GP6OrvAgK4YOZWEnzIQe38IR4Nlm0jXHUeeJdOo8CmQs7oKgPdwAilbVnzo0uPILcm3MCcBh+M6mLFgaFECCBW0GtWqGz/Ckkw3rA8EDc4CPPqQ30hsWBdD/YguKuAlmDJbkq81AUR+hPFts7Kpco6gUy1G47VyVm67RGOa0f2I4zVzlQOwPG9nE/nv7FifdLkZLXPV2v2xF/HqG+kSxRskD8Git9bn3Yw+1nep77lYw0N4EUbcgoZaCsZHaWYPRqnGQvCoIJs1cWFuHI0/VPXbsVqPbNVftF3LxVMVo0QsK4fyygyKUl45462zTrFSeb/eE7+lBQ9VLxU8C1VyPuMM7MXO13HZ+NxQlR1TF8VdziHhwoZcnVnY40c89mMSjGmtiXOWrVwY14M7L2yLcnuLSQdhytzX+uAS4jWiA82rpjIg/KiwCkJig66SRG3GrjQvqHW+5VnH1Oluz50VmwblSYtaJ8Y816c/G7BzSwybgw/sP/qMb5jM3JCoNVMFu9PCitNlwCJNZvkSQuxN4wRZhHcszY48Mo3vbnIb+aRQXjpqAmGTbZPOJEh6NnlNrPtGKkB42VIm8CnM4OQSAUVmWOxLy9w5pFL4xk8xy4akU1sBjSsjswbCQyYoZqYGwG5QEtMQh2cZoVaqUjBNdzuMIYN8dWeFZBVqvZEVJF9ls+MdvVr/pPjARa36Ybag2w1E7maW7R91uLXajFACM5d7DYS3RnMOeA77ebQNGp X-OriginatorOrg: suse.com X-MS-Exchange-CrossTenant-Network-Message-Id: 53f5dc0a-e152-4824-cf8e-08daa88c3659 X-MS-Exchange-CrossTenant-AuthSource: DB9PR04MB8107.eurprd04.prod.outlook.com X-MS-Exchange-CrossTenant-AuthAs: Internal X-MS-Exchange-CrossTenant-OriginalArrivalTime: 07 Oct 2022 17:48:58.8340 (UTC) X-MS-Exchange-CrossTenant-FromEntityHeader: Hosted X-MS-Exchange-CrossTenant-Id: f7a17af6-1c5c-4a36-aa8b-f5be247aa4ba X-MS-Exchange-CrossTenant-MailboxType: HOSTED X-MS-Exchange-CrossTenant-UserPrincipalName: uyiEZ515Pby8XNxnOwozrAT3Vg+imYK4GRya2UVdFAHyuLZ35dPKzOs2H0EQXUWvIRez4SD3XpmilcZ3gBzdYg== X-MS-Exchange-Transport-CrossTenantHeadersStamped: PAXPR04MB9350 Precedence: bulk List-ID: X-Mailing-List: bpf@vger.kernel.org X-Patchwork-Delegate: bpf@iogearbox.net When there are no program sections, obj->programs is left unallocated, and find_prog_by_sec_insn()'s search lands on &obj->programs[0] == NULL, and will cause null-pointer dereference in the following access to prog->sec_idx. Guard the search with obj->nr_programs similar to what's being done in __bpf_program__iter() to prevent null-pointer access from happening. Fixes: db2b8b06423c ("libbpf: Support CO-RE relocations for multi-prog sections") Signed-off-by: Shung-Hsi Yu --- tools/lib/bpf/libbpf.c | 3 +++ 1 file changed, 3 insertions(+) -- 2.37.3 diff --git a/tools/lib/bpf/libbpf.c b/tools/lib/bpf/libbpf.c index a64e13c654f3..c700489239e8 100644 --- a/tools/lib/bpf/libbpf.c +++ b/tools/lib/bpf/libbpf.c @@ -4112,6 +4112,9 @@ static struct bpf_program *find_prog_by_sec_insn(const struct bpf_object *obj, int l = 0, r = obj->nr_programs - 1, m; struct bpf_program *prog; + if (!obj->nr_programs) + return NULL; + while (l < r) { m = l + (r - l + 1) / 2; prog = &obj->programs[m]; From patchwork Fri Oct 7 17:48:16 2022 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Shung-Hsi Yu X-Patchwork-Id: 13001295 X-Patchwork-Delegate: bpf@iogearbox.net Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by smtp.lore.kernel.org (Postfix) with ESMTP id E37FEC433F5 for ; Fri, 7 Oct 2022 17:49:12 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S229453AbiJGRtL (ORCPT ); Fri, 7 Oct 2022 13:49:11 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:33062 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S229623AbiJGRtJ (ORCPT ); Fri, 7 Oct 2022 13:49:09 -0400 Received: from EUR03-AM7-obe.outbound.protection.outlook.com (mail-am7eur03on2084.outbound.protection.outlook.com [40.107.105.84]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 1FD7AD2583 for ; Fri, 7 Oct 2022 10:49:08 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=a7KmpNvJZ1JjWAwVrm1WGwyQhUM5TEUuusDOYhQBcbd+ZHaQc0i6kpnUFHjRJ9WyXs073/fmXF5nNgB37rw+9xCYAlx18kLHU7DfcFn/tXiaakWTC0wRRSktQAuFaECehkXtRaH7QfEx49OqV2c2YsPzMSxtfVAh328r6XPKwX6LLwknR32O6c1+mnJZEWQ6HOoaxFLwcWVEskimWrae7XDdmnKaJMHtcnuZO9juIdIRT64NIS4ysEoONTsTUEzDIjECu7NzxwkHtYpeE/1v2bPV2VYvZQJNf0xTaw9FPR6YAyDjhPZKiq1+fIHLAojxdlala1ImeIGUrR7W2NE/mA== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=Saa4zzAnL2nzcjFL0XRtGX9Q/eUkq9aVM6mbKjHINss=; b=BB64vyhdNOaPso/eTW64Yy9U5Qe00EOO1HPflxaXSUNT3f5UE24uIpGcOlUEPRqyQsidR0ygA0cHi2+GrOaxaTSlUen+ZhV4XgXm/gvM3In7pQKE6Pf/3i+0A7pCNfiZdF24SAQacK+dxX8o9bkfzd74zRtaQFoDKaAOQDiXd0n2A+5DcNozNYELZ9pf0TrfG0TcnLJysbXaDyzvtQAIF4/6GvhaB3H/lbkZZVRXJFhACWEvezk0+VR5QkKcqH4dkh7mXJ8zFa8t72oRBXe0iAr1ZZgQs4f+yyoY4W4Q9ukHSRdhP62V2sEKaDBoPlM22w4Nsol3XaK5WaOFbI7KiA== ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=suse.com; dmarc=pass action=none header.from=suse.com; dkim=pass header.d=suse.com; arc=none DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=suse.com; s=selector1; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=Saa4zzAnL2nzcjFL0XRtGX9Q/eUkq9aVM6mbKjHINss=; b=3Vy6plpByUHtQWMAsV7BLkM8aJeToDr+b6ZmO25jPRMvfiDM1PpYIuVmmBesQZkcNUZornaIBocbbc2kV/MtGgczWRfQZUtsDeldWCD7d5QnuFEk6Kp7zAbeXfCrYSlDJVg81uhmkOfNA8WUX4Ed9MF/1vfaaN+j46L161NQE3vUCuu5LyxqXeesNIH4GF9jT7Xt6BTZf52qCgTCvUnfFTt8u7QPT9eOVwyXw4pSS+sfE+EQiGeGHvDlBmEJq6HFiECNCV5cyjHRW+eMfsMfKe1ylgnMbvSMvYls77cG2+gXNt/u4sErALL7prxyuiG83qTHyKvbBdDjwBhC9UkzLw== Authentication-Results: dkim=none (message not signed) header.d=none;dmarc=none action=none header.from=suse.com; Received: from DB9PR04MB8107.eurprd04.prod.outlook.com (2603:10a6:10:243::20) by PAXPR04MB9350.eurprd04.prod.outlook.com (2603:10a6:102:2b7::10) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.5676.28; Fri, 7 Oct 2022 17:49:07 +0000 Received: from DB9PR04MB8107.eurprd04.prod.outlook.com ([fe80::37bc:916c:55e:c0a2]) by DB9PR04MB8107.eurprd04.prod.outlook.com ([fe80::37bc:916c:55e:c0a2%5]) with mapi id 15.20.5676.034; Fri, 7 Oct 2022 17:49:06 +0000 From: Shung-Hsi Yu To: bpf@vger.kernel.org, Andrii Nakryiko Cc: Shung-Hsi Yu , Alexei Starovoitov , Daniel Borkmann , Martin KaFai Lau , Song Liu , Yonghong Song , John Fastabend , KP Singh , Stanislav Fomichev , Hao Luo , Jiri Olsa Subject: [PATCH bpf 3/3] libbpf: deal with section with no data gracefully Date: Sat, 8 Oct 2022 01:48:16 +0800 Message-Id: <20221007174816.17536-4-shung-hsi.yu@suse.com> X-Mailer: git-send-email 2.37.3 In-Reply-To: <20221007174816.17536-1-shung-hsi.yu@suse.com> References: <20221007174816.17536-1-shung-hsi.yu@suse.com> X-ClientProxiedBy: TY2PR02CA0057.apcprd02.prod.outlook.com (2603:1096:404:e2::21) To DB9PR04MB8107.eurprd04.prod.outlook.com (2603:10a6:10:243::20) MIME-Version: 1.0 X-MS-PublicTrafficType: Email X-MS-TrafficTypeDiagnostic: DB9PR04MB8107:EE_|PAXPR04MB9350:EE_ X-MS-Office365-Filtering-Correlation-Id: 10f617a2-a69e-4518-f8e5-08daa88c3b25 X-MS-Exchange-SenderADCheck: 1 X-MS-Exchange-AntiSpam-Relay: 0 X-Microsoft-Antispam: BCL:0; X-Microsoft-Antispam-Message-Info: BJXlIhQYZqYaONC/PbUpPn5nmB4U+fAW3LB/5rSEHObQ+WFJ/ayVA0M/vlEWoRbzaCXgRqMGrIcVX8V4Ewr9xt1P1vMvMCFY9z+MJH6IGlTr8dg57TQs2gsQ05ZlEPup6LwAPNX/slGHHNyXQbBL6jYWAVcIoDDW0UdRMnaXV7vsUdPk/LhQhN/ixPbKDZSivZARsLs+FNRewfcyIww62dJh5CFzeuOLaXH4q2LwVzCFgp+3TnH4/qljVgWAbUoboWx5NAyfN7m9en0WopJbaGRrOZStIKbSBKCq0dHXibg5xLIFizi4IgYz016KnFE3zR6HgocftpSVz6192kA5Qw87W/zHDiT/VO3SeIGWspEZxr06PxqIZWBGzEjkfVT/7Jc6uQQAPnjUvfaAbbJn3IUkGnBaLPiZgidEZvNNOXU9yjsoshhIQTkjzyGhKkJpfjxIDFOdu7wzEv2t1JUOIPZMPzF4YRGUDH4pTYKLbKNJPX6nLF0UfnfB0SctVmOIe/lIzOmXUgr2YIWM19+J1WPf249gDJXXtXGg590Df6+4pPB52EM/lMS+2A7bazgtrKVXqsIOZ2zYJw0bZ/L59v6bYdaOx8a9VN1gNB50JpWj/wi+zs2E3c2N6t4XzohFXf1FiInqZSH58UK/29htqN/85jqNzGpQNfzN5TeyPCGnZcYuFORe9nVbvG3fmGrVRxiJjiwlRiRryJW8a37BUQ== X-Forefront-Antispam-Report: CIP:255.255.255.255;CTRY:;LANG:en;SCL:1;SRV:;IPV:NLI;SFV:NSPM;H:DB9PR04MB8107.eurprd04.prod.outlook.com;PTR:;CAT:NONE;SFS:(13230022)(376002)(346002)(136003)(366004)(396003)(39860400002)(451199015)(1076003)(41300700001)(54906003)(186003)(66476007)(86362001)(7416002)(8936002)(6916009)(66556008)(6486002)(66946007)(5660300002)(8676002)(2906002)(316002)(4326008)(6506007)(478600001)(6512007)(2616005)(38100700002)(83380400001)(6666004)(36756003);DIR:OUT;SFP:1101; X-MS-Exchange-AntiSpam-MessageData-ChunkCount: 1 X-MS-Exchange-AntiSpam-MessageData-0: 5eETPW33+ghb+fMd4EfBBHTj545ToeFsEOCB4yQW9xwXEUW2RZXcilKR4g1AITfgTrRWSBJft5i4YYPpbZm00MvQljB8KLAztJ7ZWy1WhmJOIlWZku47QB1GStueMkLhngNfRJARaHhdNvqFiQeU5R72yF4RgOxLSUt35YJlxVEALZggOtC5fVWqx51o7D0rQap0yLJPRrhjao18Xh5e2MAEHf4iEahz6PBd/eLagP8LcO+3TD3KkNfc0hMPQqVk/qF/DyKPI5i72hi/+zKClLN5FUNyJHBDd3TFfx/45CniJP0n8tCT5AaKU+zCMLYfozSMOjuDaxdzSvZCKs78ksK/Vs8Vhqfk0hEdGjT4B6UthQHNvyLj1xABHl+4Dw88mhmkzGoLLRcYWyPMzw2Q7Gw1QFnjhdjlOyAboHQrbp8zjQKzGNeQeEPxiSXjnOwGVbKmKlgmS2kvwF41seBKupWTxhzPdBw0wP3hP1Y9RDCdK+VkFuhcsneYZSj/JmuAkPvmEnZ8haKAbWRZ8ye3yuUoor7sPPR/KDbMBZL0eOhvZDTWKfGgOUXFqalN3i0J6xu5TCv5odyF0fvrKKOudnUMJAfncFgJlj73zY2kenBfSq9CdefYPxZMCIk3pw0B+uD6qdfWKy8nf0LyllKbYDlt1TFM44diepyNPQan6UPAzvWv1aXcjjVL04Pz2hOGhEMRVABoLoS1LAl2VPjalxxIsWIRbNLiF+Kto8WsieZUCv1vL4zuRvmwz3ivwlSRu1M21fCt550Wjdf7OjRSOyecT5M/svDOkUk/AIDGCnWXfBMp3pksvDJBUI0XUI+Bns9OkSbpt52yZ3QFEjlgKXnLMTxnxzkCpwdLhRJpkrGKOC46LkwFpjhNtFwpZAA/TZKCbJcXh2On12kCcomDv5b0P73Nu+ymQ+zkH5ROns4ri8ssuihZbBMNqXMft9qeB5kly2iX88jowzE1HEyrTXXX3G+NhAr+PU9oCVb/+xZglFj5QF8RyX3Z6S78ShVTl5QEPhMcgzwgA8sX/fKWl+BNCXbqX/p4Qb8vdmrYnRrg4IjWRCHNgpmuw3U4FYxI0PCjUaAOH34j+gcIVicfF1KvnFEKKRgV8BEEmg+7K4HW1x8Evpk4s+y1LNnEqk0/SGREspvJDLpKsvK94CvHvt3DB2lC7gHDVHColbw743LJ9urwzQSNcWEnRhrg/W1WVPmFtDQ4YRpOMbj/G7uQW0442/uR8uphujpb0p4qsq6No/lvOSThAsdp7B97Kqp/TA7Vz/+w8eapwDofToeE5Y7lmCJkdlZS3PKRaSAOXfqkUQCLNYJKe435jn8O3VUYPMC1yxKZdn/PapITirXUwpLd3REXnyQeYhM4o3Ih6wRPHqBiSE+C3yrkdfAf/A06AucsRXKDB/Cfgbxn66hzbMRR9jYCzGzLEYuEWeBhj9MFjsldXvbfiwacAteiI/9J0BJ1zC9d8YuB7er1B0AFnLwXdsM+ALmB5HuBQCFTFOuIvXjOZl8ltWp+D0iS3rwyDFZWzZB1TT6Louh64VBStFeHGTOi57tFPY2pbW3ZbcraW+s6G2+DzROC1MQg6z3M2oGgdxIP+oEmDKByqzfsZ1QdOB4GDW/nmS+kSTRNY18U/N/ZP7XF919vBFo8H61X X-OriginatorOrg: suse.com X-MS-Exchange-CrossTenant-Network-Message-Id: 10f617a2-a69e-4518-f8e5-08daa88c3b25 X-MS-Exchange-CrossTenant-AuthSource: DB9PR04MB8107.eurprd04.prod.outlook.com X-MS-Exchange-CrossTenant-AuthAs: Internal X-MS-Exchange-CrossTenant-OriginalArrivalTime: 07 Oct 2022 17:49:06.9140 (UTC) X-MS-Exchange-CrossTenant-FromEntityHeader: Hosted X-MS-Exchange-CrossTenant-Id: f7a17af6-1c5c-4a36-aa8b-f5be247aa4ba X-MS-Exchange-CrossTenant-MailboxType: HOSTED X-MS-Exchange-CrossTenant-UserPrincipalName: coIXRMSOKTeph+azqOokFDfLTFqjTZFr34m5HAMs7//8Fvp8u4FVaF7AkFltS1DQFpzRqLcJfGjRPrRPxH8wcw== X-MS-Exchange-Transport-CrossTenantHeadersStamped: PAXPR04MB9350 Precedence: bulk List-ID: X-Mailing-List: bpf@vger.kernel.org X-Patchwork-Delegate: bpf@iogearbox.net ELF section data pointer returned by libelf may be NULL (if section has SHT_NOBITS), so null check section data pointer before attempting to copy license and kversion section. Fixes: cb1e5e961991 ("bpf tools: Collect version and license from ELF sections") Signed-off-by: Shung-Hsi Yu --- tools/lib/bpf/libbpf.c | 6 +++++- 1 file changed, 5 insertions(+), 1 deletion(-) -- 2.37.3 diff --git a/tools/lib/bpf/libbpf.c b/tools/lib/bpf/libbpf.c index c700489239e8..89f46d0616f9 100644 --- a/tools/lib/bpf/libbpf.c +++ b/tools/lib/bpf/libbpf.c @@ -1415,6 +1415,10 @@ static int bpf_object__check_endianness(struct bpf_object *obj) static int bpf_object__init_license(struct bpf_object *obj, void *data, size_t size) { + if (!data) { + pr_warn("invalid license section in %s\n", obj->path); + return -LIBBPF_ERRNO__FORMAT; + } /* libbpf_strlcpy() only copies first N - 1 bytes, so size + 1 won't * go over allowed ELF data section buffer */ @@ -1428,7 +1432,7 @@ bpf_object__init_kversion(struct bpf_object *obj, void *data, size_t size) { __u32 kver; - if (size != sizeof(kver)) { + if (!data || size != sizeof(kver)) { pr_warn("invalid kver section in %s\n", obj->path); return -LIBBPF_ERRNO__FORMAT; }