[PATCH openEuler-22.09 v2 100/391] bpf: Clear per_cpu pointers during bpf_prog_realloc

From: Alexei Starovoitov ast@kernel.org

mainline inclusion from mainline-5.12-rc1 commit 1336c662474edec3966c96c8de026f794d16b804 category: feature bugzilla: https://gitee.com/openeuler/kernel/issues/I5EUVD CVE: NA

Reference: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?i...

-------------------------------------------------

bpf_prog_realloc copies contents of struct bpf_prog. The pointers have to be cleared before freeing old struct.

Reported-by: Ilya Leoshkevich iii@linux.ibm.com Fixes: 700d4796ef59 ("bpf: Optimize program stats") Fixes: ca06f55b9002 ("bpf: Add per-program recursion prevention mechanism") Signed-off-by: Alexei Starovoitov ast@kernel.org (cherry picked from commit 1336c662474edec3966c96c8de026f794d16b804) Signed-off-by: Wang Yufen wangyufen@huawei.com --- kernel/bpf/core.c | 2 ++ 1 file changed, 2 insertions(+)

diff --git a/kernel/bpf/core.c b/kernel/bpf/core.c index 0b91351c7e41..557b2a866c6f 100644 --- a/kernel/bpf/core.c +++ b/kernel/bpf/core.c @@ -255,6 +255,8 @@ struct bpf_prog *bpf_prog_realloc(struct bpf_prog *fp_old, unsigned int size, * reallocated structure. */ fp_old->aux = NULL; + fp_old->stats = NULL; + fp_old->active = NULL; __bpf_prog_free(fp_old); }