Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

cleanup: re-audit some critical code paths to avoid nullptr dereference #1251

Merged
merged 1 commit into from
Aug 2, 2023
Merged

cleanup: re-audit some critical code paths to avoid nullptr dereference #1251

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
1 commit
Select commit
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
15 changes: 11 additions & 4 deletions driver/modern_bpf/helpers/extract/extract_from_kernel.h
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -158,10 +158,13 @@ static __always_inline struct file *extract__file_struct_from_fd(s32 file_descri
struct file *f = NULL;
if(file_descriptor >= 0)
{
struct file **fds;
struct file **fds = NULL;
struct task_struct *task = get_current_task();
READ_TASK_FIELD_INTO(&fds, task, files, fdt, fd);
bpf_probe_read_kernel(&f, sizeof(struct file *), &fds[file_descriptor]);
BPF_CORE_READ_INTO(&fds, task, files, fdt, fd);
if(fds != NULL)
{
bpf_probe_read_kernel(&f, sizeof(struct file *), &fds[file_descriptor]);
}
}
return f;
}
Expand Down Expand Up @@ -191,7 +194,7 @@ static __always_inline void extract__ino_from_fd(s32 fd, u64 *ino)
*/
static __always_inline struct inode *extract__exe_inode_from_task(struct task_struct *task)
{
return READ_TASK_FIELD(task, mm, exe_file, f_inode);
return BPF_CORE_READ(task, mm, exe_file, f_inode);
}

/**
Expand Down Expand Up @@ -943,6 +946,10 @@ static __always_inline bool extract__exe_writable(struct task_struct *task, stru

struct user_namespace *ns;
READ_TASK_FIELD_INTO(&ns, task, cred, user_ns);
if(ns == NULL)
{
return false;
}
bool kuid_mapped = bpf_map_id_up(&ns->uid_map, i_uid) != (u32)-1;
bool kgid_mapped = bpf_map_id_up(&ns->gid_map, i_gid) != (u32)-1;

Expand Down
2 changes: 1 addition & 1 deletion driver/modern_bpf/helpers/store/auxmap_store_params.h
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -442,7 +442,7 @@ static __always_inline void auxmap__store_path_from_fd(struct auxiliary_map *aux

struct task_struct *t = get_current_task();
struct dentry *file_dentry = BPF_CORE_READ(f, f_path.dentry);
struct dentry *root_dentry = READ_TASK_FIELD(t, fs, root.dentry);
struct dentry *root_dentry = BPF_CORE_READ(t, fs, root.dentry);
struct vfsmount *original_mount = BPF_CORE_READ(f, f_path.mnt);
struct mount *mnt = container_of(original_mount, struct mount, mnt);
struct dentry *mount_dentry = BPF_CORE_READ(mnt, mnt.mnt_root);
Expand Down
4 changes: 2 additions & 2 deletions driver/modern_bpf/programs/tail_called/events/syscall_dispatched_events/close.bpf.c
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -25,7 +25,7 @@ int BPF_PROG(close_e,

struct task_struct *task = get_current_task();
u32 max_fds = 0;
READ_TASK_FIELD_INTO(&max_fds, task, files, fdt, max_fds);
BPF_CORE_READ_INTO(&max_fds, task, files, fdt, max_fds);
/* We drop the event if the fd is >= than `max_fds` */
if(fd >= max_fds)
{
Expand All @@ -34,7 +34,7 @@ int BPF_PROG(close_e,

/* We drop the event if the fd is not open */
long unsigned int entry = 0;
long unsigned int *open_fds = READ_TASK_FIELD(task, files, fdt, open_fds);
long unsigned int *open_fds = BPF_CORE_READ(task, files, fdt, open_fds);
if(open_fds == NULL)
{
return 0;
Expand Down
Loading