commit 5d37e880d245396cc4fa166441cf6ce6a3d6c76b
author Hou Tao <houtao1@huawei.com> Fri Dec 27 14:04:35 2024 +0800
committer COS Cherry Picker <cloud-image-release@prod.google.com> Fri Jan 03 13:05:33 2025 -0800
tree d54db72ca0bf91dc26e79689be67d217ee7cb945
parent cc53f55433a4e01ea51d28dde1594514252eace2

bpf: Check validity of link->type in bpf_link_show_fdinfo()

commit 8421d4c8762bd022cb491f2f0f7019ef51b4f0a7 upstream.

If a newly-added link type doesn't invoke BPF_LINK_TYPE(), accessing
bpf_link_type_strs[link->type] may result in an out-of-bounds access.

To spot such missed invocations early in the future, checking the
validity of link->type in bpf_link_show_fdinfo() and emitting a warning
when such invocations are missed.

BUG=b/386034501
TEST=None
RELEASE_NOTE=Fixed CVE-2024-53099 in the linux kernel.

cos-patch: security-high
Signed-off-by: Hou Tao <houtao1@huawei.com>
Signed-off-by: Andrii Nakryiko <andrii@kernel.org>
Link: https://lore.kernel.org/bpf/20241024013558.1135167-3-houtao@huaweicloud.com
[ shung-hsi.yu: break up existing seq_printf() call since commit 68b04864ca42
  ("bpf: Create links for BPF struct_ops maps.") is not present ]
Signed-off-by: Shung-Hsi Yu <shung-hsi.yu@suse.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
Change-Id: Ie2c53a11334d7d9db2a4351c88a4ba29a0c667a8
Reviewed-on: https://cos-review.googlesource.com/c/third_party/kernel/+/89559
Main-Branch-Verified: Cusky Presubmit Bot <presubmit@cos-infra-prod.iam.gserviceaccount.com>
Reviewed-by: Kevin Berry <kpberry@google.com>
Tested-by: Cusky Presubmit Bot <presubmit@cos-infra-prod.iam.gserviceaccount.com>