Skip to content

bpf: fix stackmap overflow check in __bpf_get_stackid() #5652

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Closed
kernel-patches-daemon-bpf-rc wants to merge 1 commit into from
Closed

bpf: fix stackmap overflow check in __bpf_get_stackid() #5652

kernel-patches-daemon-bpf-rc wants to merge 1 commit into from

Conversation

@kernel-patches-daemon-bpf-rc
Copy link

@kernel-patches-daemon-bpf-rc kernel-patches-daemon-bpf-rc bot commented Jul 29, 2025

Pull request for series with
subject: bpf: fix stackmap overflow check in __bpf_get_stackid()
version: 1
url: https://patchwork.kernel.org/project/netdevbpf/list/?series=986662

@kernel-patches-daemon-bpf-rc
Copy link
Author

kernel-patches-daemon-bpf-rc bot commented Jul 29, 2025

Upstream branch: cd7c97f
series: https://patchwork.kernel.org/project/netdevbpf/list/?series=986662
version: 1

@kernel-patches-daemon-bpf-rc
Copy link
Author

kernel-patches-daemon-bpf-rc bot commented Jul 29, 2025

Upstream branch: cd7c97f
series: https://patchwork.kernel.org/project/netdevbpf/list/?series=986797
version: 2

@ArnaudLcm
bpf: fix stackmap overflow check in __bpf_get_stackid()
9d8f4f3 
Syzkaller reported a KASAN slab-out-of-bounds write in __bpf_get_stackid()
when copying stack trace data. The issue occurs when the perf trace
 contains more stack entries than the stack map bucket can hold,
 leading to an out-of-bounds write in the bucket's data array.
For build_id mode, we use sizeof(struct bpf_stack_build_id)
 to determine capacity, and for normal mode we use sizeof(u64).

Reported-by: [email protected]
Closes: https://syzkaller.appspot.com/bug?extid=c9b724fbb41cf2538b7b
Tested-by: [email protected]
Signed-off-by: Arnaud Lecomte <[email protected]>
@kernel-patches-daemon-bpf-rc
Copy link
Author

kernel-patches-daemon-bpf-rc bot commented Jul 30, 2025

Upstream branch: e8d780d
series: https://patchwork.kernel.org/project/netdevbpf/list/?series=986797
version: 2

@kernel-patches-daemon-bpf-rc
Copy link
Author

kernel-patches-daemon-bpf-rc bot commented Aug 1, 2025

At least one diff in series https://patchwork.kernel.org/project/netdevbpf/list/?series=986797 expired. Closing PR.

@kernel-patches-daemon-bpf-rc kernel-patches-daemon-bpf-rc bot deleted the series/986662=>bpf-next branch August 3, 2025 08:40
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

bpf-next changes-requested V2-ci-pass V2

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@ArnaudLcm