summaryrefslogtreecommitdiffstats
path: root/kernel/power
diff options
context:
space:
mode:
authorDaniel Borkmann <daniel@iogearbox.net>2019-12-16 17:49:00 +0100
committerAlexei Starovoitov <ast@kernel.org>2019-12-16 19:59:29 +0100
commita2ea07465c8d7984cc6b8b1f0b3324f9b138094a (patch)
treeffc04818616b047ecbd2b64f1ae3d9c33108a727 /kernel/power
parentbpf: Clear skb->tstamp in bpf_redirect when necessary (diff)
downloadlinux-a2ea07465c8d7984cc6b8b1f0b3324f9b138094a.tar.xz
linux-a2ea07465c8d7984cc6b8b1f0b3324f9b138094a.zip
bpf: Fix missing prog untrack in release_maps
Commit da765a2f5993 ("bpf: Add poke dependency tracking for prog array maps") wrongly assumed that in case of prog load errors, we're cleaning up all program tracking via bpf_free_used_maps(). However, it can happen that we're still at the point where we didn't copy map pointers into the prog's aux section such that env->prog->aux->used_maps is still zero, running into a UAF. In such case, the verifier has similar release_maps() helper that drops references to used maps from its env. Consolidate the release code into __bpf_free_used_maps() and call it from all sides to fix it. Fixes: da765a2f5993 ("bpf: Add poke dependency tracking for prog array maps") Signed-off-by: Daniel Borkmann <daniel@iogearbox.net> Signed-off-by: Alexei Starovoitov <ast@kernel.org> Acked-by: Yonghong Song <yhs@fb.com> Link: https://lore.kernel.org/bpf/1c2909484ca524ae9f55109b06f22b6213e76376.1576514756.git.daniel@iogearbox.net
Diffstat (limited to 'kernel/power')
0 files changed, 0 insertions, 0 deletions