[bpf,0/3] libbpf: fix fuzzer-reported issues

Message ID	20221007174816.17536-1-shung-hsi.yu@suse.com (mailing list archive)
Headers	show Return-Path: <bpf-owner@kernel.org> From: Shung-Hsi Yu <shung-hsi.yu@suse.com> To: bpf@vger.kernel.org, Andrii Nakryiko <andrii@kernel.org> Cc: Shung-Hsi Yu <shung-hsi.yu@suse.com>, Alexei Starovoitov <ast@kernel.org>, Daniel Borkmann <daniel@iogearbox.net>, Martin KaFai Lau <martin.lau@linux.dev>, Song Liu <song@kernel.org>, Yonghong Song <yhs@fb.com>, John Fastabend <john.fastabend@gmail.com>, KP Singh <kpsingh@kernel.org>, Stanislav Fomichev <sdf@google.com>, Hao Luo <haoluo@google.com>, Jiri Olsa <jolsa@kernel.org> Subject: [PATCH bpf 0/3] libbpf: fix fuzzer-reported issues Date: Sat, 8 Oct 2022 01:48:13 +0800 Message-Id: <20221007174816.17536-1-shung-hsi.yu@suse.com> Content-Transfer-Encoding: 8bit Content-Type: text/plain MIME-Version: 1.0 Precedence: bulk
Series	libbpf: fix fuzzer-reported issues \| expand [bpf,0/3] libbpf: fix fuzzer-reported issues [bpf,1/3] libbpf: use elf_getshdrnum() instead of e_shnum [bpf,2/3] libbpf: fix null-pointer dereference in find_prog_by_sec_insn() [bpf,3/3] libbpf: deal with section with no data gracefully

Message ID

20221007174816.17536-1-shung-hsi.yu@suse.com (mailing list archive)

Headers

From: Shung-Hsi Yu <shung-hsi.yu@suse.com>
To: bpf@vger.kernel.org, Andrii Nakryiko <andrii@kernel.org>
Cc: Shung-Hsi Yu <shung-hsi.yu@suse.com>,
        Alexei Starovoitov <ast@kernel.org>,
        Daniel Borkmann <daniel@iogearbox.net>,
        Martin KaFai Lau <martin.lau@linux.dev>,
        Song Liu <song@kernel.org>, Yonghong Song <yhs@fb.com>,
        John Fastabend <john.fastabend@gmail.com>,
        KP Singh <kpsingh@kernel.org>,
        Stanislav Fomichev <sdf@google.com>,
        Hao Luo <haoluo@google.com>, Jiri Olsa <jolsa@kernel.org>
Subject: [PATCH bpf 0/3] libbpf: fix fuzzer-reported issues
Date: Sat,  8 Oct 2022 01:48:13 +0800
Message-Id: <20221007174816.17536-1-shung-hsi.yu@suse.com>
Content-Transfer-Encoding: 8bit
Content-Type: text/plain
MIME-Version: 1.0
X-MS-Exchange-AntiSpam-MessageData-ChunkCount: 1
X-MS-Exchange-AntiSpam-MessageData-0: 
 Jox4xziM8TsQvSh4Foa283YBWVffkXUvfgBE4tM1VU/ZFkBhReCiG3LREkxa9Dj96dXV4hK2ZsSxFz2E1pWhgcL5j70R/poYU+UAIp5Zcwgw0zNC+HtI373QppB1pfUGYn4gEMXsOG5ZwmSMWrWFqVnyR3ucYTmz52yBMs9MoJH0/h1fjLMpHr6FUeUw7DarAM0CVd7CCB+XRaFODJjurqvedkyxpJTpmH5ogImi4YIpZ/ADhXyGryMEBRuvnlW9r2ptkpYK9+tHGtYPSQ3QYDPPnAeryhNlEqcFaT6JcabD/3EQ5DcqBu604F3h0cxSu9O4IRj1CEmk1SsUu2zeaeddZOP5jXeDmsRGXVCI5n9avkBFV83lQ1E45uiPhPGOxiHHYso6jw6PrXHZNNTuLu24/WVRdbiNO6FxYjQDydd+XAorTDyfy2BN14HsY2DdcFBCVq4oO7i2tms7cwuqWBs3mPutu2Br04rXE75CFZFRgHz13bvNTXKsZKS4lrcMbFtURRNZsjgR8M27jQscmG975itAKUwKrdgaYJbKM75sTJHMg44/404gycb+l4+6stg5fsr9nv45Iy011LuiIYnxDmnORl254ZENFUhylg5q+E31gRFP94ShPJy/H0p1i/gUPUwRR4S51GKDstZAggnOnMrvYWXJEO1yYaKlp6NskXlcJawi3PLYZ/mcGq2UYCAebIYjpKG4QPrHQ7wY0oolPrIrSWF7dIPaGLmydW/mfGib0FHf6LZAvzL6F6jzVFgfFeP+iUgBQoOnkmFah/uDw59dmSfdK6iy1ihE8S9fLAVv+UzTjmE4UAdYssN54t4en8+yz+OGte44uFffF1q+B6K/Odh++jMytQqzZKoeKha1VclCelAs7NUbVh6gnMgHnFbf1l1x8dI7wRZlaoGy/sP2TkY/sU99JPA5Hd5HNgt5ixI+KJZ/MHfOZQV4kkbl2w3XtIzsWgWi3xTJFUaq2gNTOBpVdmLRN4SynDY4QJJK+M9I1HZMy2yUFUNmk1BoXW7jv5k9gwncDanX8c2L/xA0Y2TmAEjgWTt48qzHiFPTKSJGk9yoLXJQX4w+Q1dHcKVcOrEOZQlfj4yAX1FbrIfr0Swf8A+LfvOZIEth692i7pU1hpOpNRT/Nqir5KSKL43+rKSI1rZHceZ9JCrxGd1OjH0SMbIoqi5yyzm1xfD1qMosyVZd4x+J+DYOrVxLup651kCpkvdIWaxbgRkV/5Sr9ox35QJIFr/vbVuFFMaubulJFmW21ba/05VVQqhk87mb+xYoXq4aaZnGu4ohgv4TV6chbeNz5+8RObHERcFQR0a+S4x4cc7ZyncUjzvmEiJ2P9r47naf7/zmm8fLezwIphNB2uDJaFOWEo9uC0PN8LaGv0lHRG0fY4km5wLtDUURzgaMsQNBIPE5k47yjHBC3E+xmGsbRXiElfPvgyYl6p1pUe0PrhK0XOrmvh7sD+dOylBGSMj8sjOBys63LKBCagilyizt7HF23GWCv6VIuusuCt+r/0s2btMHO+sJzvHt9488GXgIskOpyIMQBZQErQc1wtPJG0LBFDBRD5IOAe4L/8tGCh4cuHW0QtMCemP8T/N3nFCR83w0qKlqNvx+cgAt0Hj/WKS0DjBHhP1djJYGNJeO9NTpun1B
X-OriginatorOrg: suse.com
X-MS-Exchange-CrossTenant-Network-Message-Id: 
 9e9faa40-9153-4815-3d80-08daa88c287f
X-MS-Exchange-CrossTenant-AuthSource: DB9PR04MB8107.eurprd04.prod.outlook.com
X-MS-Exchange-CrossTenant-AuthAs: Internal
X-MS-Exchange-CrossTenant-OriginalArrivalTime: 07 Oct 2022 17:48:35.6067
 (UTC)
X-MS-Exchange-CrossTenant-FromEntityHeader: Hosted
X-MS-Exchange-CrossTenant-Id: f7a17af6-1c5c-4a36-aa8b-f5be247aa4ba
X-MS-Exchange-CrossTenant-MailboxType: HOSTED
X-MS-Exchange-CrossTenant-UserPrincipalName: 
 poNRgC0VouNIHc+ohGiYzLznV0DIE5qRN2D9IhSEEv+9HAgGef6R0A8F54X/uhN1HAwH+3X6Ra/0bMjLTb7Uvw==
X-MS-Exchange-Transport-CrossTenantHeadersStamped: PAXPR04MB9350
Precedence: bulk
List-ID: <bpf.vger.kernel.org>
X-Mailing-List: bpf@vger.kernel.org
X-Patchwork-Delegate: bpf@iogearbox.net

Series

libbpf: fix fuzzer-reported issues | expand

Message

Shung-Hsi Yu Oct. 7, 2022, 5:48 p.m. UTC

Hi, this patch set fixes several fuzzer-reported issues of libbpf when
dealing with (malformed) BPF object file.

The 1st patch fix out-of-bound heap write reported by oss-fuzz
(currently incorrectly marked as fixed). The 2nd and 3rd patch fix
null-pointer dereference found by locally-run fuzzer.

Suggest at least taking the 1st fix in this patch set or apply an
alternative fix for it (see the extra note after its commit message for
detail).

Shung-Hsi Yu (3):
  libbpf: use elf_getshdrnum() instead of e_shnum
  libbpf: fix null-pointer dereference in find_prog_by_sec_insn()
  libbpf: deal with section with no data gracefully

 tools/lib/bpf/libbpf.c | 19 ++++++++++++++++---
 1 file changed, 16 insertions(+), 3 deletions(-)


base-commit: 0326074ff4652329f2a1a9c8685104576bd8d131
--
2.37.3

Comments

Andrii Nakryiko Oct. 11, 2022, 12:47 a.m. UTC | #1

On Fri, Oct 7, 2022 at 10:48 AM Shung-Hsi Yu <shung-hsi.yu@suse.com> wrote:
>
> Hi, this patch set fixes several fuzzer-reported issues of libbpf when
> dealing with (malformed) BPF object file.
>
> The 1st patch fix out-of-bound heap write reported by oss-fuzz
> (currently incorrectly marked as fixed). The 2nd and 3rd patch fix
> null-pointer dereference found by locally-run fuzzer.
>
> Suggest at least taking the 1st fix in this patch set or apply an
> alternative fix for it (see the extra note after its commit message for
> detail).
>
> Shung-Hsi Yu (3):
>   libbpf: use elf_getshdrnum() instead of e_shnum
>   libbpf: fix null-pointer dereference in find_prog_by_sec_insn()
>   libbpf: deal with section with no data gracefully
>
>  tools/lib/bpf/libbpf.c | 19 ++++++++++++++++---
>  1 file changed, 16 insertions(+), 3 deletions(-)
>
>
> base-commit: 0326074ff4652329f2a1a9c8685104576bd8d131
> --
> 2.37.3
>

LGTM, but see my comment on patch #1. If that suggestion makes sense
and will work, please send v2. But base it on top of bpf-next, I don't
think there is any need to base this on bpf tree. Thanks.