github-mirror/linux
1
0
Fork 0
mirror of https://github.com/torvalds/linux.git synced 2026-06-08 22:52:35 +02:00
Code Issues Actions Packages Projects Releases Wiki Activity Graph
de2b205fa7
linux/kernel/bpf
History
Greg Kroah-Hartman de2b205fa7 UPSTREAM: bpf: Explicitly memset the bpf_attr structure 
For the bpf syscall, we are relying on the compiler to properly zero out
the bpf_attr union that we copy userspace data into. Unfortunately that
doesn't always work properly, padding and other oddities might not be
correctly zeroed, and in some tests odd things have been found when the
stack is pre-initialized to other values.

Fix this by explicitly memsetting the structure to 0 before using it.

Reported-by: Maciej Żenczykowski <maze@google.com>
Reported-by: John Stultz <john.stultz@linaro.org>
Reported-by: Alexander Potapenko <glider@google.com>
Reported-by: Alistair Delva <adelva@google.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Signed-off-by: Daniel Borkmann <daniel@iogearbox.net>
Acked-by: Yonghong Song <yhs@fb.com>
Link: https://android-review.googlesource.com/c/kernel/common/+/1235490
Link: https://lore.kernel.org/bpf/20200320094813.GA421650@kroah.com
(cherry picked from commit 8096f22942)
Signed-off-by: Greg Kroah-Hartman <gregkh@google.com>
Change-Id: I2dc28cd45024da5cc6861ff4a9b25fae389cc6d8
2020-03-23 16:39:13 +01:00
..
arraymap.c
bpf_lru_list.c
bpf_lru_list.h
btf.c bpf: btf: check name validity for various types 2019-12-13 08:52:09 +01:00
cgroup.c
core.c ANDROID: bpf: validate bpf_func when BPF_JIT is enabled with CFI 2019-09-20 10:58:37 -07:00
cpumap.c xdp: fix cpumap redirect SKB creation bug 2019-12-05 09:21:24 +01:00
devmap.c bpf: devmap: fix wrong interface selection in notifier_call 2019-12-01 09:17:01 +01:00
disasm.c
disasm.h
hashtab.c bpf, lru: avoid messing with eviction heuristics upon syscall lookup 2019-05-25 18:23:48 +02:00
helpers.c
inode.c bpf: map_seq_next should always increase position index 2020-02-24 08:34:51 +01:00
local_storage.c bpf: allocate local storage buffers using GFP_ATOMIC 2018-12-17 09:24:33 +01:00
lpm_trie.c bpf: lpm_trie: check left child of last leftmost node for NULL 2019-07-03 13:14:48 +02:00
Makefile bpf: silence warning messages in core 2019-07-26 09:14:06 +02:00
map_in_map.c bpf: fix inner map masking to prevent oob under speculation 2019-01-31 08:14:41 +01:00
map_in_map.h
offload.c bpf, offload: Replace bitwise AND by logical AND in bpf_prog_offload_info_fill 2020-02-28 16:38:59 +01:00
percpu_freelist.c bpf: fix lockdep false positive in percpu_freelist 2019-03-13 14:02:36 -07:00
percpu_freelist.h bpf: fix lockdep false positive in percpu_freelist 2019-03-13 14:02:36 -07:00
reuseport_array.c
sockmap.c
stackmap.c bpf/stackmap: Fix deadlock with rq_lock in bpf_get_stack() 2019-12-31 16:35:20 +01:00
syscall.c UPSTREAM: bpf: Explicitly memset the bpf_attr structure 2020-03-23 16:39:13 +01:00
tnum.c bpf: Fix incorrect verifier simulation of ARSH under ALU32 2020-01-23 08:21:32 +01:00
verifier.c bpf: Add missed newline in verifier verbose log 2020-01-27 14:50:37 +01:00
xskmap.c xsk: do not call synchronize_net() under RCU read lock 2018-10-11 10:19:01 +02:00