Re: [PATCH] Fix null pointer dereference in vector_user_bpf

2020-06-14 Thread Anton Ivanov 

On 14/06/2020 02:19, Gaurav Singh wrote:

The bpf_prog is being checked for !NULL after uml_kmalloc
but later its used directly for example:
bpf_prog->filter = bpf and is also later returned upon
success. Fix this, do a NULL check and return right away.

Signed-off-by: Gaurav Singh 
---
  arch/um/drivers/vector_user.c | 8 +---
  1 file changed, 5 insertions(+), 3 deletions(-)

diff --git a/arch/um/drivers/vector_user.c b/arch/um/drivers/vector_user.c
index c4a0f26b2824..0e6d6717bf73 100644
--- a/arch/um/drivers/vector_user.c
+++ b/arch/um/drivers/vector_user.c
@@ -789,10 +789,12 @@ void *uml_vector_user_bpf(char *filename)
return false;
}
bpf_prog = uml_kmalloc(sizeof(struct sock_fprog), UM_GFP_KERNEL);
-   if (bpf_prog != NULL) {
-   bpf_prog->len = statbuf.st_size / sizeof(struct sock_filter);
-   bpf_prog->filter = NULL;
+   if (bpf_prog == NULL) {
+   printk(KERN_ERR "Failed to allocate bpf prog buffer");
+   return NULL;
}
+   bpf_prog->len = statbuf.st_size / sizeof(struct sock_filter);
+   bpf_prog->filter = NULL;
ffd = os_open_file(filename, of_read(OPENFLAGS()), 0);
if (ffd < 0) {
printk(KERN_ERR "Error %d opening bpf file", -errno);



Acked-By: Anton Ivanov 
--
Anton R. Ivanov
Cambridgegreys Limited. Registered in England. Company Number 10273661
https://www.cambridgegreys.com/

[PATCH] Fix null pointer dereference in vector_user_bpf

2020-06-13 Thread Gaurav Singh 
The bpf_prog is being checked for !NULL after uml_kmalloc
but later its used directly for example: 
bpf_prog->filter = bpf and is also later returned upon
success. Fix this, do a NULL check and return right away.

Signed-off-by: Gaurav Singh 
---
 arch/um/drivers/vector_user.c | 8 +---
 1 file changed, 5 insertions(+), 3 deletions(-)

diff --git a/arch/um/drivers/vector_user.c b/arch/um/drivers/vector_user.c
index c4a0f26b2824..0e6d6717bf73 100644
--- a/arch/um/drivers/vector_user.c
+++ b/arch/um/drivers/vector_user.c
@@ -789,10 +789,12 @@ void *uml_vector_user_bpf(char *filename)
return false;
}
bpf_prog = uml_kmalloc(sizeof(struct sock_fprog), UM_GFP_KERNEL);
-   if (bpf_prog != NULL) {
-   bpf_prog->len = statbuf.st_size / sizeof(struct sock_filter);
-   bpf_prog->filter = NULL;
+   if (bpf_prog == NULL) {
+   printk(KERN_ERR "Failed to allocate bpf prog buffer");
+   return NULL;
}
+   bpf_prog->len = statbuf.st_size / sizeof(struct sock_filter);
+   bpf_prog->filter = NULL;
ffd = os_open_file(filename, of_read(OPENFLAGS()), 0);
if (ffd < 0) {
printk(KERN_ERR "Error %d opening bpf file", -errno);
-- 
2.17.1

[PATCH] Fix null pointer dereference in vector_user_bpf

2020-06-10 Thread Gaurav Singh 
The bpf_prog is being checked for !NULL after uml_kmalloc but
later its used directly for example:
bpf_prog->filter = bpf and is also later returned upon success.
Fix this, do a NULL check and return right away.

Signed-off-by: Gaurav Singh 
---
 arch/um/drivers/vector_user.c | 8 +---
 1 file changed, 5 insertions(+), 3 deletions(-)

diff --git a/arch/um/drivers/vector_user.c b/arch/um/drivers/vector_user.c
index aa28e9eecb7b..71d043ae306f 100644
--- a/arch/um/drivers/vector_user.c
+++ b/arch/um/drivers/vector_user.c
@@ -730,10 +730,12 @@ void *uml_vector_user_bpf(char *filename)
return false;
}
bpf_prog = uml_kmalloc(sizeof(struct sock_fprog), UM_GFP_KERNEL);
-   if (bpf_prog != NULL) {
-   bpf_prog->len = statbuf.st_size / sizeof(struct sock_filter);
-   bpf_prog->filter = NULL;
+   if (bpf_prog == NULL) {
+   printk(KERN_ERR "Failed to allocate bpf prog buffer");
+   return NULL;
}
+   bpf_prog->len = statbuf.st_size / sizeof(struct sock_filter);
+   bpf_prog->filter = NULL;
ffd = os_open_file(filename, of_read(OPENFLAGS()), 0);
if (ffd < 0) {
printk(KERN_ERR "Error %d opening bpf file", -errno);
-- 
2.17.1

Re: [PATCH] Fix null pointer dereference in vector_user_bpf

2020-06-09 Thread Greg KH 
On Tue, Jun 09, 2020 at 11:43:00PM -0400, Gaurav Singh wrote:
> Signed-off-by: Gaurav Singh 
> 
> The bpf_prog is being checked for !NULL after uml_kmalloc but
> later its used directly for example: 
> bpf_prog->filter = bpf and is also later returned upon success.
> Fix this, do a NULL check and return right away.
> 
> ---
>  arch/um/drivers/vector_user.c | 8 +---
>  1 file changed, 5 insertions(+), 3 deletions(-)

No signed-off-by?

[PATCH] Fix null pointer dereference in vector_user_bpf

2020-06-09 Thread Gaurav Singh 
Signed-off-by: Gaurav Singh 

The bpf_prog is being checked for !NULL after uml_kmalloc but
later its used directly for example: 
bpf_prog->filter = bpf and is also later returned upon success.
Fix this, do a NULL check and return right away.

---
 arch/um/drivers/vector_user.c | 8 +---
 1 file changed, 5 insertions(+), 3 deletions(-)

diff --git a/arch/um/drivers/vector_user.c b/arch/um/drivers/vector_user.c
index aa28e9eecb7b..71d043ae306f 100644
--- a/arch/um/drivers/vector_user.c
+++ b/arch/um/drivers/vector_user.c
@@ -730,10 +730,12 @@ void *uml_vector_user_bpf(char *filename)
return false;
}
bpf_prog = uml_kmalloc(sizeof(struct sock_fprog), UM_GFP_KERNEL);
-   if (bpf_prog != NULL) {
-   bpf_prog->len = statbuf.st_size / sizeof(struct sock_filter);
-   bpf_prog->filter = NULL;
+   if (bpf_prog == NULL) {
+   printk(KERN_ERR "Failed to allocate bpf prog buffer");
+   return NULL;
}
+   bpf_prog->len = statbuf.st_size / sizeof(struct sock_filter);
+   bpf_prog->filter = NULL;
ffd = os_open_file(filename, of_read(OPENFLAGS()), 0);
if (ffd < 0) {
printk(KERN_ERR "Error %d opening bpf file", -errno);
-- 
2.17.1