releases/5.4.160/libbpf-fix-btf-data-layout-checks-and-allow-empty-bt.patch - pub/scm/linux/kernel/git/stable/stable-queue - Git at Google

 From 6b75583320b0c3dbaf81fd84c758bfd496890ed3 Mon Sep 17 00:00:00 2001
 From: Sasha Levin <sashal@kernel.org>
 Date: Wed, 4 Nov 2020 20:33:57 -0800
 Subject: libbpf: Fix BTF data layout checks and allow empty BTF

 From: Andrii Nakryiko <andrii@kernel.org>

 [ Upstream commit d8123624506cd62730c9cd9c7672c698e462703d ]

 Make data section layout checks stricter, disallowing overlap of types and
 strings data.

 Additionally, allow BTFs with no type data. There is nothing inherently wrong
 with having BTF with no types (put potentially with some strings). This could
 be a situation with kernel module BTFs, if module doesn't introduce any new
 type information.

 Also fix invalid offset alignment check for btf->hdr->type_off.

 Fixes: 8a138aed4a80 ("bpf: btf: Add BTF support to libbpf")
 Signed-off-by: Andrii Nakryiko <andrii@kernel.org>
 Signed-off-by: Alexei Starovoitov <ast@kernel.org>
 Link: https://lore.kernel.org/bpf/20201105043402.2530976-8-andrii@kernel.org
 Signed-off-by: Sasha Levin <sashal@kernel.org>
 ---
  tools/lib/bpf/btf.c |   16 ++++++----------
  1 file changed, 6 insertions(+), 10 deletions(-)

 --- a/tools/lib/bpf/btf.c
 +++ b/tools/lib/bpf/btf.c
 @@ -100,22 +100,18 @@ static int btf_parse_hdr(struct btf *btf
  		return -EINVAL;
  	}

 -	if (meta_left < hdr->type_off) {
 -		pr_debug("Invalid BTF type section offset:%u\n", hdr->type_off);
 +	if (meta_left < hdr->str_off + hdr->str_len) {
 +		pr_debug("Invalid BTF total size:%u\n", btf->data_size);
  		return -EINVAL;
  	}

 -	if (meta_left < hdr->str_off) {
 -		pr_debug("Invalid BTF string section offset:%u\n", hdr->str_off);
 +	if (hdr->type_off + hdr->type_len > hdr->str_off) {
 +		pr_debug("Invalid BTF data sections layout: type data at %u + %u, strings data at %u + %u\n",
 +			 hdr->type_off, hdr->type_len, hdr->str_off, hdr->str_len);
  		return -EINVAL;
  	}

 -	if (hdr->type_off >= hdr->str_off) {
 -		pr_debug("BTF type section offset >= string section offset. No type?\n");
 -		return -EINVAL;
 -	}
 -
 -	if (hdr->type_off & 0x02) {
 +	if (hdr->type_off % 4) {
  		pr_debug("BTF type section is not aligned to 4 bytes\n");
  		return -EINVAL;
  	}
	From 6b75583320b0c3dbaf81fd84c758bfd496890ed3 Mon Sep 17 00:00:00 2001
	From: Sasha Levin <sashal@kernel.org>
	Date: Wed, 4 Nov 2020 20:33:57 -0800
	Subject: libbpf: Fix BTF data layout checks and allow empty BTF

	From: Andrii Nakryiko <andrii@kernel.org>

	[ Upstream commit d8123624506cd62730c9cd9c7672c698e462703d ]

	Make data section layout checks stricter, disallowing overlap of types and
	strings data.

	Additionally, allow BTFs with no type data. There is nothing inherently wrong
	with having BTF with no types (put potentially with some strings). This could
	be a situation with kernel module BTFs, if module doesn't introduce any new
	type information.

	Also fix invalid offset alignment check for btf->hdr->type_off.

	Fixes: 8a138aed4a80 ("bpf: btf: Add BTF support to libbpf")
	Signed-off-by: Andrii Nakryiko <andrii@kernel.org>
	Signed-off-by: Alexei Starovoitov <ast@kernel.org>
	Link: https://lore.kernel.org/bpf/20201105043402.2530976-8-andrii@kernel.org
	Signed-off-by: Sasha Levin <sashal@kernel.org>
	---
	tools/lib/bpf/btf.c \| 16 ++++++----------
	1 file changed, 6 insertions(+), 10 deletions(-)

	--- a/tools/lib/bpf/btf.c
	+++ b/tools/lib/bpf/btf.c
	@@ -100,22 +100,18 @@ static int btf_parse_hdr(struct btf *btf
	return -EINVAL;
	}

	- if (meta_left < hdr->type_off) {
	- pr_debug("Invalid BTF type section offset:%u\n", hdr->type_off);
	+ if (meta_left < hdr->str_off + hdr->str_len) {
	+ pr_debug("Invalid BTF total size:%u\n", btf->data_size);
	return -EINVAL;
	}

	- if (meta_left < hdr->str_off) {
	- pr_debug("Invalid BTF string section offset:%u\n", hdr->str_off);
	+ if (hdr->type_off + hdr->type_len > hdr->str_off) {
	+ pr_debug("Invalid BTF data sections layout: type data at %u + %u, strings data at %u + %u\n",
	+ hdr->type_off, hdr->type_len, hdr->str_off, hdr->str_len);
	return -EINVAL;
	}

	- if (hdr->type_off >= hdr->str_off) {
	- pr_debug("BTF type section offset >= string section offset. No type?\n");
	- return -EINVAL;
	- }
	-
	- if (hdr->type_off & 0x02) {
	+ if (hdr->type_off % 4) {
	pr_debug("BTF type section is not aligned to 4 bytes\n");
	return -EINVAL;
	}