releases/5.4.11/bpftool-don-t-crash-on-missing-jited-insns-or-ksyms.patch - pub/scm/linux/kernel/git/stable/stable-queue - Git at Google

 From 4ddd23d1319cca4ff483c5e18dc3b29c248e3f1e Mon Sep 17 00:00:00 2001
 From: Sasha Levin <sashal@kernel.org>
 Date: Tue, 10 Dec 2019 19:14:12 +0100
 Subject: bpftool: Don't crash on missing jited insns or ksyms
 MIME-Version: 1.0
 Content-Type: text/plain; charset=UTF-8
 Content-Transfer-Encoding: 8bit

 From: Toke Høiland-Jørgensen <toke@redhat.com>

 [ Upstream commit 5b79bcdf03628a3a9ee04d9cd5fabcf61a8e20be ]

 When the kptr_restrict sysctl is set, the kernel can fail to return
 jited_ksyms or jited_prog_insns, but still have positive values in
 nr_jited_ksyms and jited_prog_len. This causes bpftool to crash when
 trying to dump the program because it only checks the len fields not
 the actual pointers to the instructions and ksyms.

 Fix this by adding the missing checks.

 Fixes: 71bb428fe2c1 ("tools: bpf: add bpftool")
 Fixes: f84192ee00b7 ("tools: bpftool: resolve calls without using imm field")
 Signed-off-by: Toke Høiland-Jørgensen <toke@redhat.com>
 Signed-off-by: Daniel Borkmann <daniel@iogearbox.net>
 Acked-by: Martin KaFai Lau <kafai@fb.com>
 Link: https://lore.kernel.org/bpf/20191210181412.151226-1-toke@redhat.com
 Signed-off-by: Sasha Levin <sashal@kernel.org>
 ---
  tools/bpf/bpftool/prog.c          | 2 +-
  tools/bpf/bpftool/xlated_dumper.c | 2 +-
  2 files changed, 2 insertions(+), 2 deletions(-)

 diff --git a/tools/bpf/bpftool/prog.c b/tools/bpf/bpftool/prog.c
 index 43fdbbfe41bb..ea0bcd58bcb9 100644
 --- a/tools/bpf/bpftool/prog.c
 +++ b/tools/bpf/bpftool/prog.c
 @@ -493,7 +493,7 @@ static int do_dump(int argc, char **argv)

  	info = &info_linear->info;
  	if (mode == DUMP_JITED) {
 -		if (info->jited_prog_len == 0) {
 +		if (info->jited_prog_len == 0 || !info->jited_prog_insns) {
  			p_info("no instructions returned");
  			goto err_free;
  		}
 diff --git a/tools/bpf/bpftool/xlated_dumper.c b/tools/bpf/bpftool/xlated_dumper.c
 index 494d7ae3614d..5b91ee65a080 100644
 --- a/tools/bpf/bpftool/xlated_dumper.c
 +++ b/tools/bpf/bpftool/xlated_dumper.c
 @@ -174,7 +174,7 @@ static const char *print_call(void *private_data,
  	struct kernel_sym *sym;

  	if (insn->src_reg == BPF_PSEUDO_CALL &&
 -	    (__u32) insn->imm < dd->nr_jited_ksyms)
 +	    (__u32) insn->imm < dd->nr_jited_ksyms && dd->jited_ksyms)
  		address = dd->jited_ksyms[insn->imm];

  	sym = kernel_syms_search(dd, address);
 --
 2.20.1
	From 4ddd23d1319cca4ff483c5e18dc3b29c248e3f1e Mon Sep 17 00:00:00 2001
	From: Sasha Levin <sashal@kernel.org>
	Date: Tue, 10 Dec 2019 19:14:12 +0100
	Subject: bpftool: Don't crash on missing jited insns or ksyms
	MIME-Version: 1.0
	Content-Type: text/plain; charset=UTF-8
	Content-Transfer-Encoding: 8bit

	From: Toke Høiland-Jørgensen <toke@redhat.com>

	[ Upstream commit 5b79bcdf03628a3a9ee04d9cd5fabcf61a8e20be ]

	When the kptr_restrict sysctl is set, the kernel can fail to return
	jited_ksyms or jited_prog_insns, but still have positive values in
	nr_jited_ksyms and jited_prog_len. This causes bpftool to crash when
	trying to dump the program because it only checks the len fields not
	the actual pointers to the instructions and ksyms.

	Fix this by adding the missing checks.

	Fixes: 71bb428fe2c1 ("tools: bpf: add bpftool")
	Fixes: f84192ee00b7 ("tools: bpftool: resolve calls without using imm field")
	Signed-off-by: Toke Høiland-Jørgensen <toke@redhat.com>
	Signed-off-by: Daniel Borkmann <daniel@iogearbox.net>
	Acked-by: Martin KaFai Lau <kafai@fb.com>
	Link: https://lore.kernel.org/bpf/20191210181412.151226-1-toke@redhat.com
	Signed-off-by: Sasha Levin <sashal@kernel.org>
	---
	tools/bpf/bpftool/prog.c \| 2 +-
	tools/bpf/bpftool/xlated_dumper.c \| 2 +-
	2 files changed, 2 insertions(+), 2 deletions(-)

	diff --git a/tools/bpf/bpftool/prog.c b/tools/bpf/bpftool/prog.c
	index 43fdbbfe41bb..ea0bcd58bcb9 100644
	--- a/tools/bpf/bpftool/prog.c
	+++ b/tools/bpf/bpftool/prog.c
	@@ -493,7 +493,7 @@ static int do_dump(int argc, char **argv)

	info = &info_linear->info;
	if (mode == DUMP_JITED) {
	- if (info->jited_prog_len == 0) {
	+ if (info->jited_prog_len == 0 \|\| !info->jited_prog_insns) {
	p_info("no instructions returned");
	goto err_free;
	}
	diff --git a/tools/bpf/bpftool/xlated_dumper.c b/tools/bpf/bpftool/xlated_dumper.c
	index 494d7ae3614d..5b91ee65a080 100644
	--- a/tools/bpf/bpftool/xlated_dumper.c
	+++ b/tools/bpf/bpftool/xlated_dumper.c
	@@ -174,7 +174,7 @@ static const char print_call(void private_data,
	struct kernel_sym *sym;

	if (insn->src_reg == BPF_PSEUDO_CALL &&
	- (__u32) insn->imm < dd->nr_jited_ksyms)
	+ (__u32) insn->imm < dd->nr_jited_ksyms && dd->jited_ksyms)
	address = dd->jited_ksyms[insn->imm];

	sym = kernel_syms_search(dd, address);
	--
	2.20.1