linux/bpf at 5913e936f6d5d348e33190885131c4f4eaa4bc4b - linux - Nytegear Gitea

mirrors/linux

mirror of https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git synced 2026-02-15 14:25:03 -05:00

Files

History

Arnaud Lecomte 23f852daa4 bpf: Fix stackmap overflow check in __bpf_get_stackid()

Syzkaller reported a KASAN slab-out-of-bounds write in __bpf_get_stackid()
when copying stack trace data. The issue occurs when the perf trace
 contains more stack entries than the stack map bucket can hold,
 leading to an out-of-bounds write in the bucket's data array.

Fixes: ee2a098851 ("bpf: Adjust BPF stack helper functions to accommodate skip > 0")
Reported-by: syzbot+c9b724fbb41cf2538b7b@syzkaller.appspotmail.com
Signed-off-by: Arnaud Lecomte <contact@arnaud-lcm.com>
Signed-off-by: Andrii Nakryiko <andrii@kernel.org>
Acked-by: Yonghong Song <yonghong.song@linux.dev>
Acked-by: Song Liu <song@kernel.org>
Link: https://lore.kernel.org/bpf/20251025192941.1500-1-contact@arnaud-lcm.com

Closes: https://syzkaller.appspot.com/bug?extid=c9b724fbb41cf2538b7b

2025-10-28 09:20:27 -07:00

..

umd: Remove usermode driver framework

2025-07-26 21:03:04 +02:00

arena.c

bpf: Report arena faults to BPF stderr

2025-09-11 13:00:43 -07:00

arraymap.c

bpf: generalize and export map_get_next_key for arrays

2025-10-21 11:17:25 -07:00

bloom_filter.c

bpf: Check bloom filter map value size

2024-03-27 09:56:17 -07:00

bpf_cgrp_storage.c

bpf: use rcu_read_lock_dont_migrate() for bpf_cgrp_storage_free()

2025-08-25 18:52:16 -07:00

bpf_inode_storage.c

bpf: use rcu_read_lock_dont_migrate() for bpf_inode_storage_free()

2025-08-25 18:52:16 -07:00

bpf_iter.c

bpf: use rcu_read_lock_dont_migrate() for bpf_iter_run_prog()

2025-08-25 18:52:16 -07:00

bpf_local_storage.c

bpf: add btf_type_is_i{32,64} helpers

2025-06-25 15:15:49 -07:00

bpf_lru_list.c

bpf: Replace get_next_cpu() with cpumask_next_wrap()

2025-08-18 15:11:02 +02:00

bpf_lru_list.h

bpf: Adjust free target to avoid global starvation of LRU map

2025-06-18 18:50:14 -07:00

bpf_lsm.c

bpf: lsm: Add two more sleepable hooks

2025-02-13 19:35:31 -08:00

bpf_struct_ops.c

bpf: Allow struct_ops to get map id by kdata

2025-08-06 13:39:58 -07:00

bpf_task_storage.c

bpf: use rcu_read_lock_dont_migrate() for bpf_task_storage_free()

2025-08-25 18:52:16 -07:00

btf_iter.c

bpf: Remove custom build rule

2024-08-30 08:55:26 -07:00

btf_relocate.c

bpf: Remove custom build rule

2024-08-30 08:55:26 -07:00

btf.c

bpf: Allow union argument in trampoline based programs

2025-09-23 12:07:46 -07:00

cgroup_iter.c

bpf: Let verifier consider {task,cgroup} is trusted in bpf_iter_reg

2023-11-07 15:24:25 -08:00

cgroup.c

bpf: WQ_PERCPU added to alloc_workqueue users

2025-09-08 10:04:37 -07:00

core.c

bpf: Enforce expected_attach_type for tailcall compatibility

2025-09-27 06:24:27 -07:00

cpumap.c

Merge git://git.kernel.org/pub/scm/linux/kernel/git/bpf/bpf after rc5

2025-09-11 09:34:37 -07:00

cpumask.c

bpf: fix missing kdoc string fields in cpumask.c

2025-03-15 11:48:57 -07:00

crypto.c

bpf: Fix out-of-bounds dynptr write in bpf_crypto_crypt

2025-09-09 15:07:57 -07:00

devmap.c

bpf: Remove redundant __GFP_NOWARN

2025-08-12 14:56:04 -07:00

disasm.c

bpftool: Using the right format specifiers

2025-03-17 13:50:56 -07:00

disasm.h

bpf: Relicense disassembler as GPL-2.0-only OR BSD-2-Clause

2021-09-02 14:49:23 +02:00

dispatcher.c

bpf: Add kernel symbol for struct_ops trampoline

2024-11-12 17:13:46 -08:00

dmabuf_iter.c

bpf: Add open coded dmabuf iterator

2025-05-27 09:51:25 -07:00

hashtab.c

bpf: Consistently use bpf_rcu_lock_held() everywhere

2025-10-15 12:26:12 +02:00

helpers.c

bpf: dispatch to sleepable file dynptr

2025-10-27 09:56:27 -07:00

inode.c

bpf: Avoid RCU context warning when unpinning htab with internal structs

2025-10-10 10:10:08 -07:00

Kconfig

bpf: Update the bpf_prog_calc_tag to use SHA256

2025-09-18 19:10:20 -07:00

kmem_cache_iter.c

bpf: Add open coded version of kmem_cache iterator

2024-11-01 11:08:32 -07:00

link_iter.c

bpf: Clean up individual BTF_ID code

2025-07-16 18:34:42 -07:00

liveness.c

bpf: make bpf_insn_successors to return a pointer

2025-10-21 11:20:23 -07:00

local_storage.c

bpf: Remove redundant __GFP_NOWARN

2025-08-12 14:56:04 -07:00

log.c

bpf: add plumbing for file-backed dynptr

2025-10-27 09:56:27 -07:00

lpm_trie.c

bpf: Convert lpm_trie.c to rqspinlock

2025-03-19 08:03:05 -07:00

Makefile

bpf: callchain sensitive stack liveness tracking using CFG

2025-09-19 09:27:23 -07:00

map_in_map.c

bpf: switch maps to CLASS(fd, ...)

2024-08-13 15:58:17 -07:00

map_in_map.h

bpf: Add map and need_defer parameters to .map_fd_put_ptr()

2023-12-04 17:50:26 -08:00

map_iter.c

bpf: treewide: Annotate BPF kfuncs in BTF

2024-01-31 20:40:56 -08:00

memalloc.c

bpf: replace use of system_unbound_wq with system_dfl_wq

2025-09-08 10:04:37 -07:00

mmap_unlock_work.h

bpf: Introduce helper bpf_find_vma

2021-11-07 11:54:51 -08:00

mprog.c

bpf: Handle bpf_mprog_query with NULL entry

2023-10-06 17:11:20 -07:00

net_namespace.c

bpf: Remove attach_type in bpf_netns_link

2025-07-11 11:01:04 -07:00

offload.c

net: move misc netdev_lock flavors to a separate header

2025-03-08 09:06:50 -08:00

percpu_freelist.c

bpf: Convert percpu_freelist.c to rqspinlock

2025-03-19 08:03:05 -07:00

percpu_freelist.h

bpf: Convert percpu_freelist.c to rqspinlock

2025-03-19 08:03:05 -07:00

prog_iter.c

bpf: Clean up individual BTF_ID code

2025-07-16 18:34:42 -07:00

queue_stack_maps.c

bpf: Convert queue_stack map to rqspinlock

2025-04-10 12:51:10 -07:00

range_tree.c

bpf: Disable migration before calling ops->map_free()

2025-01-08 18:06:36 -08:00

range_tree.h

bpf: Introduce range_tree data structure and use it in bpf arena

2024-11-13 13:52:45 -08:00

relo_core.c

bpf: Remove custom build rule

2024-08-30 08:55:26 -07:00

reuseport_array.c

bpf: Use sockfd_put() helper

2024-08-30 08:57:47 -07:00

ringbuf.c

bpf: Add overwrite mode for BPF ring buffer

2025-10-27 19:42:39 -07:00

rqspinlock.c

bpf: Cleanup unused func args in rqspinlock implementation

2025-10-07 15:30:43 -07:00

rqspinlock.h

rqspinlock: Protect waiters in queue from stalls

2025-03-19 08:03:05 -07:00

stackmap.c

bpf: Fix stackmap overflow check in __bpf_get_stackid()

2025-10-28 09:20:27 -07:00

stream.c

mm: Allow GFP_ACCOUNT to be used in alloc_pages_nolock().

2025-09-29 09:42:35 +02:00

syscall.c

bpf: Replace bpf_map_kmalloc_node() with kmalloc_nolock() to allocate bpf_async_cb structures.

2025-10-15 12:22:22 +02:00

sysfs_btf.c

Merge tag 'driver-core-6.17-rc1' of git://git.kernel.org/pub/scm/linux/kernel/git/driver-core/driver-core

2025-07-29 12:15:39 -07:00

task_iter.c

Merge tag 'vfs-6.13.file' of git://git.kernel.org/pub/scm/linux/kernel/git/vfs/vfs

2024-11-18 10:30:29 -08:00

tcx.c

bpf: Remove location field in tcx_link

2025-07-11 11:00:57 -07:00

tnum.c

bpf: Improve the general precision of tnum_mul

2025-08-27 15:00:26 -07:00

token.c

bpf: Add struct bpf_token_info

2025-07-16 18:38:05 -07:00

trampoline.c

bpf: use rcu_read_lock_dont_migrate() for trampoline.c

2025-08-25 18:52:16 -07:00

verifier.c

bpf: dispatch to sleepable file dynptr

2025-10-27 09:56:27 -07:00