]> www.infradead.org Git - users/hch/uuid.git/commitdiff
bpf: Check for NULL return from bpf_get_btf_vmlinux
authorKumar Kartikeya Dwivedi <memxor@gmail.com>
Sun, 20 Mar 2022 14:30:03 +0000 (20:00 +0530)
committerAlexei Starovoitov <ast@kernel.org>
Mon, 21 Mar 2022 02:21:38 +0000 (19:21 -0700)
When CONFIG_DEBUG_INFO_BTF is disabled, bpf_get_btf_vmlinux can return a
NULL pointer. Check for it in btf_get_module_btf to prevent a NULL pointer
dereference.

While kernel test robot only complained about this specific case, let's
also check for NULL in other call sites of bpf_get_btf_vmlinux.

Fixes: 9492450fd287 ("bpf: Always raise reference in btf_get_module_btf")
Reported-by: kernel test robot <oliver.sang@intel.com>
Signed-off-by: Kumar Kartikeya Dwivedi <memxor@gmail.com>
Signed-off-by: Alexei Starovoitov <ast@kernel.org>
Link: https://lore.kernel.org/bpf/20220320143003.589540-1-memxor@gmail.com
kernel/bpf/btf.c
net/core/bpf_sk_storage.c

index 6d9e711cb5d4063f6293a518cd1f3a029efb015c..ce212bf39b2b09171a2e6087d63e965474db21dd 100644 (file)
@@ -534,6 +534,8 @@ static s32 bpf_find_btf_id(const char *name, u32 kind, struct btf **btf_p)
        btf = bpf_get_btf_vmlinux();
        if (IS_ERR(btf))
                return PTR_ERR(btf);
+       if (!btf)
+               return -EINVAL;
 
        ret = btf_find_by_name_kind(btf, name, kind);
        /* ret is never zero, since btf_find_by_name_kind returns
@@ -6584,7 +6586,7 @@ static struct btf *btf_get_module_btf(const struct module *module)
 
        if (!module) {
                btf = bpf_get_btf_vmlinux();
-               if (!IS_ERR(btf))
+               if (!IS_ERR_OR_NULL(btf))
                        btf_get(btf);
                return btf;
        }
@@ -7180,6 +7182,8 @@ bpf_core_find_cands(struct bpf_core_ctx *ctx, u32 local_type_id)
        main_btf = bpf_get_btf_vmlinux();
        if (IS_ERR(main_btf))
                return ERR_CAST(main_btf);
+       if (!main_btf)
+               return ERR_PTR(-EINVAL);
 
        local_type = btf_type_by_id(local_btf, local_type_id);
        if (!local_type)
index 7aff1206a851d074d02da2cb58386b522bab3a59..e3ac3638052031b1fe32120b263382facc58b3bf 100644 (file)
@@ -406,6 +406,8 @@ static bool bpf_sk_storage_tracing_allowed(const struct bpf_prog *prog)
        case BPF_TRACE_FENTRY:
        case BPF_TRACE_FEXIT:
                btf_vmlinux = bpf_get_btf_vmlinux();
+               if (IS_ERR_OR_NULL(btf_vmlinux))
+                       return false;
                btf_id = prog->aux->attach_btf_id;
                t = btf_type_by_id(btf_vmlinux, btf_id);
                tname = btf_name_by_offset(btf_vmlinux, t->name_off);