aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorYafang Shao <laoar.shao@gmail.com>2022-01-08 13:47:39 +0000
committerAndrii Nakryiko <andrii@kernel.org>2022-01-12 17:01:37 -0800
commita32ea51a3f17ce6524c9fc19d311e708331c8b5f (patch)
treeb4f8407de2ef8ed55864a27d308189ea23f6cf6e
parentMerge branch 'libbpf: rename bpf_prog_attach_xattr to bpf_prog_attach_opts' (diff)
downloadlinux-a32ea51a3f17ce6524c9fc19d311e708331c8b5f.tar.gz
linux-a32ea51a3f17ce6524c9fc19d311e708331c8b5f.zip
libbpf: Fix possible NULL pointer dereference when destroying skeleton
When I checked the code in skeleton header file generated with my own bpf prog, I found there may be possible NULL pointer dereference when destroying skeleton. Then I checked the in-tree bpf progs, finding that is a common issue. Let's take the generated samples/bpf/xdp_redirect_cpu.skel.h for example. Below is the generated code in xdp_redirect_cpu__create_skeleton(): xdp_redirect_cpu__create_skeleton struct bpf_object_skeleton *s; s = (struct bpf_object_skeleton *)calloc(1, sizeof(*s)); if (!s) goto error; ... error: bpf_object__destroy_skeleton(s); return -ENOMEM; After goto error, the NULL 's' will be deferenced in bpf_object__destroy_skeleton(). We can simply fix this issue by just adding a NULL check in bpf_object__destroy_skeleton(). Fixes: d66562fba1ce ("libbpf: Add BPF object skeleton support") Signed-off-by: Yafang Shao <laoar.shao@gmail.com> Signed-off-by: Andrii Nakryiko <andrii@kernel.org> Link: https://lore.kernel.org/bpf/20220108134739.32541-1-laoar.shao@gmail.com
Diffstat
-rw-r--r--tools/lib/bpf/libbpf.c3
1 files changed, 3 insertions, 0 deletions
diff --git a/tools/lib/bpf/libbpf.c b/tools/lib/bpf/libbpf.c
index 7f10dd501a52..fdb3536afa7d 100644
--- a/tools/lib/bpf/libbpf.c
+++ b/tools/lib/bpf/libbpf.c
@@ -11795,6 +11795,9 @@ void bpf_object__detach_skeleton(struct bpf_object_skeleton *s)
void bpf_object__destroy_skeleton(struct bpf_object_skeleton *s)
{
+ if (!s)
+ return;
+
if (s->progs)
bpf_object__detach_skeleton(s);
if (s->obj)
generated by cgit v1.2.3 (git 2.39.1) at 2025-12-19 06:02:53 +0000
2-2/+4 alpha, ia64, PA, sparc already export the existing "utimes()" system call (using 'timeval[2]' instead of 'utimebuf' like the old "utime()"). Make it available on x86 too.. 2003-07-11[PATCH] x86-64 fixes for 2.5.75Andi Kleen3-4/+11 Some minimum critical fixes for x86-64: - Make it compile for uni processor again - Tell BIOS about long mode - Fix 32bit IPC (broken by earlier patch) 2003-07-11[PATCH] Deprecate numerical sysctlAndi Kleen2-10/+13 Deprecate the numerical sysctl name space. People can use /proc/sys instead. The numeric name space was never well maintained and especially in distribution kernels is not very consistent (everybody has their own extensions, conflicting with others). It's also a great source of rejects when merging patches. The name-based /proc/sys is a much better interface for this, which people should use instead. Discussion of this on l-k found no advocate for it, so it seems to not be very popular anyways. This patch deprecates numerical name space accesses to make it possible to remove them in the future. The only exception is kernel.version, which is used by glibc (this one has to be maintained forever) 2003-07-11[PATCH] asm-generic/div64.h breakageBernardo Innocenti4-4/+8 - __div64_32(): remove __attribute_pure__ qualifier from the prototype since this function obviously clobbers memory through &(n); - do_div(): add a check to ensure (n) is type-compatible with uint64_t; - as_update_iohist(): Use sector_div() instead of do_div(). (Whether the result of the addition should always be stored in 64bits regardless of CONFIG_LBD is still being discussed, therefore it's unadderessed here); - Fix all places where do_div() was being called with a bad divisor argument. 2003-07-11[PATCH] Fix IDE-CD command failure re-playJens Axboe1-6/+15 Every failed SG_IO request is replayed second time without data transfer. Fix the problem by immediately purging the failed SG_IO request from the request queue. It fixes (among others) http://marc.theaimsgroup.com/?t=105634805100001&r=1&w=2 where induced kernel crash occurs upon packet replay. 2003-07-11[SPARC64]: Use mm->free_area_cache.David S. Miller1-10/+36 2003-07-11[SPARC64]: Implement force_successful_syscall().David S. Miller3-2/+22 2003-07-11[SPARC64]: Ditch local KALLSYMS from Kconfig, update defconfig.David S. Miller1-7/+0 2003-07-11Merge with DRI CVS tree - which added a reminder to the DRILinus Torvalds1-7/+15 people not to remove the HAVE_KERNEL_CTX_SWITCH support that the sparc drivers require. Fix a FIXME. 2003-07-11[PATCH] Fix AD1889 driver 2.4 mergeFrançois Romieu3-3/+11 - include/linux/wrapper.h doesn't exist in 2.5.75 and none of it's content is used by the driver; - s/MINOR/minor/; - KConfig/Makefile update. 2003-07-11[PATCH] Merge AD1889 driver from 2.4Alan Cox2-0/+1213 2003-07-11[PATCH] update ymfpci for new ac97Alan Cox2-9/+22 2003-07-11[PATCH] more wrong strlcpy'sAlan Cox2-8/+8 2003-07-11[PATCH] update via audio driver, make it work on esd add new chipsAlan Cox1-173/+463 2003-07-11[PATCH] fix wrong printk in nm256 audioAlan Cox1-1/+1 2003-07-11[PATCH] update trident driver for new ac97 etcAlan Cox2-67/+91 2003-07-11[PATCH] update nec driver to new ac97Alan Cox1-32/+36