bpf: Avoid uninitialized value in BPF_CORE_READ_BITFIELD
Fix CVE: CVE-2024-42161 [ Upstream commit 009367099eb61a4fc2af44d4eb06b6b4de7de6db ] [Changes from V1: - Use a default branch in the switch statement to initialize `val'.] GCC warns that `val' may be used uninitialized in the BPF_CRE_READ_BITFIELD macro, defined in bpf_core_read.h as: [...] unsigned long long val; \ [...] \ switch (__CORE_RELO(s, field, BYTE_SIZE)) { \ case 1: val = *(const unsigned char *)p; break; \ case 2: val = *(const unsigned short *)p; break; \ case 4: val = *(const unsigned int *)p; break; \ case 8: val = *(const unsigned long long *)p; break; \ } \ [...] val; \ } \ This patch adds a default entry in the switch statement that sets `val' to zero in order to avoid the warning, and random values to be used in case __builtin_preserve_field_info returns unexpected values for BPF_FIELD_BYTE_SIZE. Tested in bpf-next master. No regressions. Signed-off-by: Jose E. Marchesi <jose.marchesi@oracle.com> Signed-off-by: Andrii Nakryiko <andrii@kernel.org> Link: https://lore.kernel.org/bpf/20240508101313.16662-1-jose.marchesi@oracle.com Signed-off-by: Sasha Levin <sashal@kernel.org> Signed-off-by: Jianping Liu <frankjpliu@tencent.com>
This commit is contained in:
parent
44b4c7ad05
commit
97a82e1909
|
@ -101,6 +101,7 @@ enum bpf_enum_value_kind {
|
||||||
case 2: val = *(const unsigned short *)p; break; \
|
case 2: val = *(const unsigned short *)p; break; \
|
||||||
case 4: val = *(const unsigned int *)p; break; \
|
case 4: val = *(const unsigned int *)p; break; \
|
||||||
case 8: val = *(const unsigned long long *)p; break; \
|
case 8: val = *(const unsigned long long *)p; break; \
|
||||||
|
default: val = 0; break; \
|
||||||
} \
|
} \
|
||||||
val <<= __CORE_RELO(s, field, LSHIFT_U64); \
|
val <<= __CORE_RELO(s, field, LSHIFT_U64); \
|
||||||
if (__CORE_RELO(s, field, SIGNED)) \
|
if (__CORE_RELO(s, field, SIGNED)) \
|
||||||
|
|
Loading…
Reference in New Issue