linux

mirror of git://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git synced 2025-11-27 01:11:31 +00:00

History

Song Liu 1d5f82d9dd bpf, x86: fix freeing of not-finalized bpf_prog_pack syzbot reported a few issues with bpf_prog_pack [1], [2]. This only happens with multiple subprogs. In jit_subprogs(), we first call bpf_int_jit_compile() on each sub program. And then, we call it on each sub program again. jit_data is not freed in the first call of bpf_int_jit_compile(). Similarly we don't call bpf_jit_binary_pack_finalize() in the first call of bpf_int_jit_compile(). If bpf_int_jit_compile() failed for one sub program, we will call bpf_jit_binary_pack_finalize() for this sub program. However, we don't have a chance to call it for other sub programs. Then we will hit "goto out_free" in jit_subprogs(), and call bpf_jit_free on some subprograms that haven't got bpf_jit_binary_pack_finalize() yet. At this point, bpf_jit_binary_pack_free() is called and the whole 2MB page is freed erroneously. Fix this with a custom bpf_jit_free() for x86_64, which calls bpf_jit_binary_pack_finalize() if necessary. Also, with custom bpf_jit_free(), bpf_prog_aux->use_bpf_prog_pack is not needed any more, remove it. Fixes: `1022a5498f` ("bpf, x86_64: Use bpf_jit_binary_pack_alloc") [1] https://syzkaller.appspot.com/bug?extid=2f649ec6d2eea1495a8f [2] https://syzkaller.appspot.com/bug?extid=87f65c75f4a72db05445 Reported-by: syzbot+2f649ec6d2eea1495a8f@syzkaller.appspotmail.com Reported-by: syzbot+87f65c75f4a72db05445@syzkaller.appspotmail.com Signed-off-by: Song Liu <song@kernel.org> Link: https://lore.kernel.org/r/20220706002612.4013790-1-song@kernel.org Signed-off-by: Alexei Starovoitov <ast@kernel.org>		2022-07-12 17:33:22 -07:00
..
boot	Follow-up tweaks for the EFI changes in v5.19	2022-06-03 13:39:30 -07:00
coco	x86/tdx: Handle load_unaligned_zeropad() page-cross to a shared page	2022-06-17 15:37:33 -07:00
configs
crypto
entry	kernel-hardening updates for v5.19-rc1	2022-05-24 12:27:09 -07:00
events	Two small perf updates:	2022-06-05 10:40:31 -07:00
hyperv	x86/Hyper-V: Add SEV negotiate protocol support in Isolation VM	2022-06-15 18:27:40 +00:00
ia32
include	First batch of EFI fixes for v5.19	2022-06-21 12:20:11 -05:00
kernel	X86 updates:	2022-06-19 09:58:28 -05:00
kvm	KVM: SEV: Init target VMCBs in sev_migrate_from	2022-06-24 04:10:18 -04:00
lib	Not a lot of material this cycle. Many singleton patches against various	2022-05-27 11:22:03 -07:00
math-emu
mm	virtio: replace arch_has_restricted_virtio_memory_access()	2022-06-06 08:22:01 +02:00
net	bpf, x86: fix freeing of not-finalized bpf_prog_pack	2022-07-12 17:33:22 -07:00
pci	x86/PCI: Revert "x86/PCI: Clip only host bridge windows for E820 regions"	2022-06-17 14:24:14 -05:00
platform	arch/x86: replace cpumask_weight with cpumask_empty where appropriate	2022-06-03 06:52:57 -07:00
power
purgatory
ras
realmode	Intel Trust Domain Extensions	2022-05-23 17:51:12 -07:00
tools
um	um: Fix out-of-bounds read in LDT setup	2022-05-27 09:03:41 +02:00
video
virt/vmx/tdx
xen	xen/virtio: Enable restricted memory access using Xen grant mappings	2022-06-06 16:07:30 +02:00
.gitignore
Kbuild
Kconfig	virtio: replace arch_has_restricted_virtio_memory_access()	2022-06-06 08:22:01 +02:00
Kconfig.assembler
Kconfig.cpu
Kconfig.debug	x86/Kconfig: Fix indentation of arch/x86/Kconfig.debug	2022-05-25 15:39:27 +02:00
Makefile	Kbuild updates for v5.19	2022-05-26 12:09:50 -07:00
Makefile.um
Makefile_32.cpu