archives/linux
1
0
Fork 0
mirror of https://github.com/torvalds/linux.git synced 2026-03-08 08:24:47 +01:00
Code Issues Projects Releases Packages Wiki Activity Actions
linux/kernel/bpf
History
Anton Protopopov b0b1a8583d bpf: Add a map/btf from a fd array more consistently 
The add_fd_from_fd_array() function takes a file descriptor as a
parameter and tries to add either map or btf to the corresponding
list of used objects. As was reported by Dan Carpenter, since the
commit c81e4322acf0 ("bpf: Fix a potential use-after-free of BTF
object"), the fdget() is called twice on the file descriptor, and
thus userspace, potentially, can replace the file pointed to by the
file descriptor in between the two calls. On practice, this shouldn't
break anything on the kernel side, but for consistency fix the code
such that only one fdget() is executed.

Reported-by: Dan Carpenter <dan.carpenter@linaro.org>
Closes: https://lore.kernel.org/r/aY689z7gHNv8rgVO@stanley.mountain/
Fixes: ccd2d799ed ("bpf: Fix a potential use-after-free of BTF object")
Signed-off-by: Anton Protopopov <a.s.protopopov@gmail.com>
Link: https://lore.kernel.org/r/20260213212949.759321-1-a.s.protopopov@gmail.com
Signed-off-by: Alexei Starovoitov <ast@kernel.org>
2026-02-13 14:37:02 -08:00
..
preload umd: Remove usermode driver framework 2025-07-26 21:03:04 +02:00
arena.c bpf: arena: Reintroduce memcg accounting 2026-01-02 14:31:59 -08:00
arraymap.c bpf: Add BPF_F_CPU and BPF_F_ALL_CPUS flags support for percpu_array maps 2026-01-06 20:48:32 -08:00
bloom_filter.c bpf: Check bloom filter map value size 2024-03-27 09:56:17 -07:00
bpf_cgrp_storage.c bpf: Switch to bpf_selem_unlink_nofail in bpf_local_storage_{map_free, destroy} 2026-02-06 14:47:59 -08:00
bpf_inode_storage.c bpf: Switch to bpf_selem_unlink_nofail in bpf_local_storage_{map_free, destroy} 2026-02-06 14:47:59 -08:00
bpf_insn_array.c bpf: Return EACCES for incorrect access to insn array 2026-01-13 19:36:18 -08:00
bpf_iter.c bpf: Fix bpf_seq_read docs for increased buffer size 2025-12-13 18:57:53 -08:00
bpf_local_storage.c bpf: Switch to bpf_selem_unlink_nofail in bpf_local_storage_{map_free, destroy} 2026-02-06 14:47:59 -08:00
bpf_lru_list.c bpf: Replace get_next_cpu() with cpumask_next_wrap() 2025-08-18 15:11:02 +02:00
bpf_lru_list.h bpf: Adjust free target to avoid global starvation of LRU map 2025-06-18 18:50:14 -07:00
bpf_lsm.c bpf: annotate file argument as __nullable in bpf_lsm_mmap_file 2025-12-21 10:56:33 -08:00
bpf_lsm_proto.c bpf: annotate file argument as __nullable in bpf_lsm_mmap_file 2025-12-21 10:56:33 -08:00
bpf_struct_ops.c bpf: Support associating BPF program with struct_ops 2025-12-05 16:17:57 -08:00
bpf_task_storage.c bpf: Switch to bpf_selem_unlink_nofail in bpf_local_storage_{map_free, destroy} 2026-02-06 14:47:59 -08:00
btf.c bpf: Replace snprintf("%s") with strscpy 2026-02-02 18:43:33 -08:00
btf_iter.c bpf: Remove custom build rule 2024-08-30 08:55:26 -07:00
btf_relocate.c bpf: Remove custom build rule 2024-08-30 08:55:26 -07:00
cgroup.c bpf: Use sk_is_inet() and sk_is_unix() in __cgroup_bpf_run_filter_sock_addr(). 2026-02-04 09:36:01 -08:00
cgroup_iter.c bpf: add new BPF_CGROUP_ITER_CHILDREN control option 2026-01-27 09:05:54 -08:00
core.c mm.git review status for linus..mm-nonmm-stable 2026-02-12 12:13:01 -08:00
cpumap.c bpf: cpumap: propagate underlying error in cpu_map_update_elem() 2025-12-09 23:53:27 -08:00
cpumask.c bpf: Remove redundant KF_TRUSTED_ARGS flag from all kfuncs 2026-01-02 12:04:28 -08:00
crypto.c bpf: crypto: Use the correct destructor kfunc type 2026-01-12 18:53:57 -08:00
devmap.c bpf: Remove redundant __GFP_NOWARN 2025-08-12 14:56:04 -07:00
disasm.c bpf: disasm: add support for BPF_JMP|BPF_JA|BPF_X 2025-11-05 17:53:23 -08:00
disasm.h bpf: Relicense disassembler as GPL-2.0-only OR BSD-2-Clause 2021-09-02 14:49:23 +02:00
dispatcher.c bpf: Add kernel symbol for struct_ops trampoline 2024-11-12 17:13:46 -08:00
dmabuf_iter.c bpf: Fix truncated dmabuf iterator reads 2025-12-09 23:48:34 -08:00
hashtab.c bpf: Remove leftover accounting in htab_map_mem_usage after rqspinlock 2026-01-20 11:28:02 -08:00
helpers.c bpf: Remove task local storage percpu counter 2026-02-06 14:29:09 -08:00
inode.c bpf: Optimize the performance of find_bpffs_btf_enums 2026-01-13 16:21:36 -08:00
Kconfig bpf: Update the bpf_prog_calc_tag to use SHA256 2025-09-18 19:10:20 -07:00
kmem_cache_iter.c bpf: Add open coded version of kmem_cache iterator 2024-11-01 11:08:32 -07:00
link_iter.c bpf: Clean up individual BTF_ID code 2025-07-16 18:34:42 -07:00
liveness.c bpf: correct stack liveness for tail calls 2025-11-21 17:45:30 -08:00
local_storage.c bpf: Add BPF_F_CPU and BPF_F_ALL_CPUS flags support for percpu_cgroup_storage maps 2026-01-06 20:48:32 -08:00
log.c bpf, x86: add support for indirect jumps 2025-11-05 17:53:23 -08:00
lpm_trie.c bpf: Convert lpm_trie.c to rqspinlock 2025-03-19 08:03:05 -07:00
Makefile bpf: annotate file argument as __nullable in bpf_lsm_mmap_file 2025-12-21 10:56:33 -08:00
map_in_map.c bpf: switch maps to CLASS(fd, ...) 2024-08-13 15:58:17 -07:00
map_in_map.h bpf: Add map and need_defer parameters to .map_fd_put_ptr() 2023-12-04 17:50:26 -08:00
map_iter.c bpf: Remove redundant KF_TRUSTED_ARGS flag from all kfuncs 2026-01-02 12:04:28 -08:00
memalloc.c bpf: replace use of system_unbound_wq with system_dfl_wq 2025-09-08 10:04:37 -07:00
mmap_unlock_work.h bpf: Introduce helper bpf_find_vma 2021-11-07 11:54:51 -08:00
mprog.c bpf: Handle bpf_mprog_query with NULL entry 2023-10-06 17:11:20 -07:00
net_namespace.c bpf: Remove attach_type in bpf_netns_link 2025-07-11 11:01:04 -07:00
offload.c bpf: Add SPDX license identifiers to a few files 2026-01-16 14:50:00 -08:00
percpu_freelist.c bpf: Convert percpu_freelist.c to rqspinlock 2025-03-19 08:03:05 -07:00
percpu_freelist.h bpf: Convert percpu_freelist.c to rqspinlock 2025-03-19 08:03:05 -07:00
prog_iter.c bpf: Clean up individual BTF_ID code 2025-07-16 18:34:42 -07:00
queue_stack_maps.c bpf: Convert queue_stack map to rqspinlock 2025-04-10 12:51:10 -07:00
range_tree.c bpf: arena: Reintroduce memcg accounting 2026-01-02 14:31:59 -08:00
range_tree.h bpf: Introduce range_tree data structure and use it in bpf arena 2024-11-13 13:52:45 -08:00
relo_core.c bpf: Remove custom build rule 2024-08-30 08:55:26 -07:00
reuseport_array.c bpf: Use sockfd_put() helper 2024-08-30 08:57:47 -07:00
ringbuf.c bpf: Add SPDX license identifiers to a few files 2026-01-16 14:50:00 -08:00
rqspinlock.c mm.git review status for linus..mm-nonmm-stable 2026-02-12 12:13:01 -08:00
rqspinlock.h rqspinlock: Protect waiters in queue from stalls 2025-03-19 08:03:05 -07:00
stackmap.c bpf-next-6.19 2025-12-03 16:54:54 -08:00
stream.c bpf: Add bpf_stream_print_stack stack dumping kfunc 2026-02-03 10:41:16 -08:00
syscall.c mm.git review status for linus..mm-nonmm-stable 2026-02-12 12:13:01 -08:00
sysfs_btf.c Driver core changes for 6.17-rc1 2025-07-29 12:15:39 -07:00
task_iter.c vfs-6.13.file 2024-11-18 10:30:29 -08:00
tcx.c bpf: Remove location field in tcx_link 2025-07-11 11:00:57 -07:00
tnum.c bpf: Add bitwise tracking for BPF_END 2026-02-04 13:22:39 -08:00
token.c bpf: Add SPDX license identifiers to a few files 2026-01-16 14:50:00 -08:00
trampoline.c bpf,x86: Use single ftrace_ops for direct calls 2026-01-28 11:44:59 -08:00
verifier.c bpf: Add a map/btf from a fd array more consistently 2026-02-13 14:37:02 -08:00