mirrors/linux
2
0
Fork 0
mirror of https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git synced 2026-05-17 07:14:59 -04:00
Code Issues Packages Projects Releases Wiki Activity
Files
c6095cb9684e278a59cb5a25deff6bfef9aecf27
linux/kernel/bpf
History
Weiming Shi 5828b9e5b2 bpf: fix end-of-list detection in cgroup_storage_get_next_key() 
list_next_entry() never returns NULL -- when the current element is the
last entry it wraps to the list head via container_of(). The subsequent
NULL check is therefore dead code and get_next_key() never returns
-ENOENT for the last element, instead reading storage->key from a bogus
pointer that aliases internal map fields and copying the result to
userspace.

Replace it with list_entry_is_head() so the function correctly returns
-ENOENT when there are no more entries.

Fixes: de9cbbaadb ("bpf: introduce cgroup storage maps")
Reported-by: Xiang Mei <xmei5@asu.edu>
Signed-off-by: Weiming Shi <bestswngs@gmail.com>
Reviewed-by: Sun Jian <sun.jian.kdev@gmail.com>
Acked-by: Paul Chaignon <paul.chaignon@gmail.com>
Link: https://lore.kernel.org/r/20260403132951.43533-2-bestswngs@gmail.com
Signed-off-by: Alexei Starovoitov <ast@kernel.org>
2026-04-05 18:45:05 -07:00
..
preload
umd: Remove usermode driver framework
2025-07-26 21:03:04 +02:00
arena.c
bpf: Lose const-ness of map in map_check_btf()
2026-02-27 15:39:00 -08:00
arraymap.c
bpf: Lose const-ness of map in map_check_btf()
2026-02-27 15:39:00 -08:00
bloom_filter.c
bpf: Lose const-ness of map in map_check_btf()
2026-02-27 15:39:00 -08:00
bpf_cgrp_storage.c
bpf: Switch to bpf_selem_unlink_nofail in bpf_local_storage_{map_free, destroy}
2026-02-06 14:47:59 -08:00
bpf_inode_storage.c
bpf: Switch to bpf_selem_unlink_nofail in bpf_local_storage_{map_free, destroy}
2026-02-06 14:47:59 -08:00
bpf_insn_array.c
bpf: Lose const-ness of map in map_check_btf()
2026-02-27 15:39:00 -08:00
bpf_iter.c
Convert 'alloc_obj' family to use the new default GFP_KERNEL argument
2026-02-21 17:09:51 -08:00
bpf_local_storage.c
bpf: Add warning to detect memory leak in bpf_selem_unlink_nofail()
2026-03-19 12:14:28 -07:00
bpf_lru_list.c
bpf: Replace get_next_cpu() with cpumask_next_wrap()
2025-08-18 15:11:02 +02:00
bpf_lru_list.h
bpf: Adjust free target to avoid global starvation of LRU map
2025-06-18 18:50:14 -07:00
bpf_lsm_proto.c
bpf: annotate file argument as __nullable in bpf_lsm_mmap_file
2025-12-21 10:56:33 -08:00
bpf_lsm.c
bpf: Fix block device hooks names
2026-03-31 11:11:42 +02:00
bpf_struct_ops.c
Convert 'alloc_obj' family to use the new default GFP_KERNEL argument
2026-02-21 17:09:51 -08:00
bpf_task_storage.c
bpf: Switch to bpf_selem_unlink_nofail in bpf_local_storage_{map_free, destroy}
2026-02-06 14:47:59 -08:00
btf_iter.c
bpf: Remove custom build rule
2024-08-30 08:55:26 -07:00
btf_relocate.c
bpf: Remove custom build rule
2024-08-30 08:55:26 -07:00
btf.c
btf: Support kernel parsing of BTF with layout info
2026-03-26 13:53:56 -07:00
cgroup_iter.c
bpf: add new BPF_CGROUP_ITER_CHILDREN control option
2026-01-27 09:05:54 -08:00
cgroup.c
Convert 'alloc_obj' family to use the new default GFP_KERNEL argument
2026-02-21 17:09:51 -08:00
const_fold.c
bpf: Add bpf_compute_const_regs() and bpf_prune_dead_branches() passes
2026-04-03 08:34:36 -07:00
core.c
bpf: Remove inclusions of crypto/sha1.h
2026-03-24 08:40:45 -07:00
cpumap.c
bpf: Add missing XDP_ABORTED handling in cpumap
2026-03-03 08:37:21 -08:00
cpumask.c
bpf: Remove redundant KF_TRUSTED_ARGS flag from all kfuncs
2026-01-02 12:04:28 -08:00
crypto.c
Convert 'alloc_obj' family to use the new default GFP_KERNEL argument
2026-02-21 17:09:51 -08:00
devmap.c
bpf: Use RCU-safe iteration in dev_map_redirect_multi() SKB path
2026-03-24 15:17:20 -07:00
disasm.c
bpf: disasm: add support for BPF_JMP|BPF_JA|BPF_X
2025-11-05 17:53:23 -08:00
disasm.h
bpf: Relicense disassembler as GPL-2.0-only OR BSD-2-Clause
2021-09-02 14:49:23 +02:00
dispatcher.c
bpf: Add kernel symbol for struct_ops trampoline
2024-11-12 17:13:46 -08:00
dmabuf_iter.c
bpf: Fix truncated dmabuf iterator reads
2025-12-09 23:48:34 -08:00
hashtab.c
bpf: Use copy_map_value_locked() in alloc_htab_elem() for BPF_F_LOCK
2026-04-05 18:37:32 -07:00
helpers.c
bpf: Migrate dynptr file to kmalloc_nolock
2026-04-02 09:31:42 -07:00
inode.c
Convert 'alloc_obj' family to use the new default GFP_KERNEL argument
2026-02-21 17:09:51 -08:00
Kconfig
bpf: Update the bpf_prog_calc_tag to use SHA256
2025-09-18 19:10:20 -07:00
kmem_cache_iter.c
bpf: Add open coded version of kmem_cache iterator
2024-11-01 11:08:32 -07:00
link_iter.c
bpf: Clean up individual BTF_ID code
2025-07-16 18:34:42 -07:00
liveness.c
treewide: Replace kmalloc with kmalloc_obj for non-scalar types
2026-02-21 01:02:28 -08:00
local_storage.c
bpf: fix end-of-list detection in cgroup_storage_get_next_key()
2026-04-05 18:45:05 -07:00
log.c
bpf: rename bpf_reg_state->off to bpf_reg_state->delta
2026-02-13 14:41:23 -08:00
lpm_trie.c
bpf: Lose const-ness of map in map_check_btf()
2026-02-27 15:39:00 -08:00
Makefile
bpf: Add bpf_compute_const_regs() and bpf_prune_dead_branches() passes
2026-04-03 08:34:36 -07:00
map_in_map.c
bpf: switch maps to CLASS(fd, ...)
2024-08-13 15:58:17 -07:00
map_in_map.h
bpf: Add map and need_defer parameters to .map_fd_put_ptr()
2023-12-04 17:50:26 -08:00
map_iter.c
bpf: Remove redundant KF_TRUSTED_ARGS flag from all kfuncs
2026-01-02 12:04:28 -08:00
memalloc.c
bpf: Register dtor for freeing special fields
2026-02-27 15:39:00 -08:00
mmap_unlock_work.h
bpf: Introduce helper bpf_find_vma
2021-11-07 11:54:51 -08:00
mprog.c
bpf: Handle bpf_mprog_query with NULL entry
2023-10-06 17:11:20 -07:00
net_namespace.c
treewide: Replace kmalloc with kmalloc_obj for non-scalar types
2026-02-21 01:02:28 -08:00
offload.c
Convert 'alloc_obj' family to use the new default GFP_KERNEL argument
2026-02-21 17:09:51 -08:00
percpu_freelist.c
bpf: Convert percpu_freelist.c to rqspinlock
2025-03-19 08:03:05 -07:00
percpu_freelist.h
bpf: Convert percpu_freelist.c to rqspinlock
2025-03-19 08:03:05 -07:00
prog_iter.c
bpf: Clean up individual BTF_ID code
2025-07-16 18:34:42 -07:00
queue_stack_maps.c
bpf: Convert queue_stack map to rqspinlock
2025-04-10 12:51:10 -07:00
range_tree.c
bpf: arena: Reintroduce memcg accounting
2026-01-02 14:31:59 -08:00
range_tree.h
bpf: Introduce range_tree data structure and use it in bpf arena
2024-11-13 13:52:45 -08:00
relo_core.c
bpf: Remove custom build rule
2024-08-30 08:55:26 -07:00
reuseport_array.c
bpf: Use sockfd_put() helper
2024-08-30 08:57:47 -07:00
ringbuf.c
bpf: Add SPDX license identifiers to a few files
2026-01-16 14:50:00 -08:00
rqspinlock.c
Merge tag 'mm-nonmm-stable-2026-02-12-10-48' of git://git.kernel.org/pub/scm/linux/kernel/git/akpm/mm
2026-02-12 12:13:01 -08:00
rqspinlock.h
rqspinlock: Protect waiters in queue from stalls
2025-03-19 08:03:05 -07:00
stackmap.c
Merge tag 'bpf-next-6.19' of git://git.kernel.org/pub/scm/linux/kernel/git/bpf/bpf-next
2025-12-03 16:54:54 -08:00
stream.c
bpf: Add bpf_stream_print_stack stack dumping kfunc
2026-02-03 10:41:16 -08:00
syscall.c
Merge git://git.kernel.org/pub/scm/linux/kernel/git/bpf/bpf 7.0-rc6+
2026-04-03 08:14:13 -07:00
sysfs_btf.c
Merge tag 'driver-core-6.17-rc1' of git://git.kernel.org/pub/scm/linux/kernel/git/driver-core/driver-core
2025-07-29 12:15:39 -07:00
task_iter.c
Merge tag 'vfs-6.13.file' of git://git.kernel.org/pub/scm/linux/kernel/git/vfs/vfs
2024-11-18 10:30:29 -08:00
tcx.c
treewide: Replace kmalloc with kmalloc_obj for non-scalar types
2026-02-21 01:02:28 -08:00
tnum.c
bpf: Simplify tnum_step()
2026-03-24 08:45:29 -07:00
token.c
treewide: Replace kmalloc with kmalloc_obj for non-scalar types
2026-02-21 01:02:28 -08:00
trampoline.c
bpf: Fix a UAF issue in bpf_trampoline_link_cgroup_shim
2026-03-03 15:13:51 -08:00
verifier.c
bpf: Add helper and kfunc stack access size resolution
2026-04-03 08:34:44 -07:00