Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

fix(driver): null pointer deref in kernels >=6.5 #1409

Merged
merged 2 commits into from
Oct 17, 2023
Merged

fix(driver): null pointer deref in kernels >=6.5 #1409

merged 2 commits into from
Oct 17, 2023

Conversation

therealbobo
Copy link
Contributor

What type of PR is this?

Uncomment one (or more) /kind <> lines:

/kind bug

/kind cleanup

/kind design

/kind documentation

/kind failing-test

/kind feature

Any specific area of the project related to this PR?

Uncomment one (or more) /area <> lines:

/area API-version

/area build

/area CI

/area driver-kmod

/area driver-bpf

/area driver-modern-bpf

/area libscap-engine-bpf

/area libscap-engine-gvisor

/area libscap-engine-kmod

/area libscap-engine-modern-bpf

/area libscap-engine-nodriver

/area libscap-engine-noop

/area libscap-engine-source-plugin

/area libscap-engine-savefile

/area libscap-engine-udig

/area libscap

/area libpman

/area libsinsp

/area tests

/area proposals

Does this PR require a change in the driver versions?

/version driver-API-version-major

/version driver-API-version-minor

/version driver-API-version-patch

/version driver-SCHEMA-version-major

/version driver-SCHEMA-version-minor

/version driver-SCHEMA-version-patch

What this PR does / why we need it:

This fixes a null pointer deref in kernels >= 6.5.

Which issue(s) this PR fixes:

Fixes #

Special notes for your reviewer:

Does this PR introduce a user-facing change?:

NONE

@github-actions
Copy link

Please double check driver/API_VERSION file. See versioning.

/hold

@therealbobo therealbobo force-pushed the fix/ovl-6.5 branch 4 times, most recently from b0084fb to b998515 Compare October 13, 2023 08:24
@therealbobo therealbobo changed the title wip: fix(driver): null pointer deref in kernels >=6.5 fix(driver): null pointer deref in kernels >=6.5 Oct 13, 2023
@therealbobo therealbobo force-pushed the fix/ovl-6.5 branch 2 times, most recently from 9962dbc to 392c00d Compare October 13, 2023 12:46
@FedeDP
Copy link
Contributor

FedeDP commented Oct 16, 2023

/milestone next-driver

@poiana poiana added this to the next-driver milestone Oct 16, 2023
@poiana poiana added size/L and removed size/XXL labels Oct 17, 2023
FedeDP
FedeDP reviewed Oct 17, 2023
View reviewed changes
driver/modern_bpf/helpers/extract/extract_from_kernel.h Outdated
{
return true;
}

// In kernels >=6.5 d_fsdata represents an ovl_entry_flag.
unsigned long flags = (unsigned long)BPF_CORE_READ(dentry, d_fsdata);
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I'd put this in the else branch.

@therealbobo @FedeDP @Andreagit97
fix(driver): null ptr deref on kernel >=6.5
cd2a270 
Signed-off-by: Roberto Scolaro <[email protected]>
Co-authored-by: Federico Di Pierro <[email protected]>
Co-authored-by: Andrea Terzolo <[email protected]>
@therealbobo therealbobo force-pushed the fix/ovl-6.5 branch 5 times, most recently from 4b6c606 to 9575190 Compare October 17, 2023 16:13
@therealbobo @FedeDP @Andreagit97
fix(driver/modern_bpf): address review comments
8066b9d 
Signed-off-by: Roberto Scolaro <[email protected]>
Co-authored-by: Federico Di Pierro <[email protected]>
Co-authored-by: Andrea Terzolo <[email protected]>
Andreagit97
Andreagit97 approved these changes Oct 17, 2023
View reviewed changes
Copy link
Member

@Andreagit97 Andreagit97 left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

/approve

@poiana poiana added the lgtm label Oct 17, 2023
@poiana
Copy link
Contributor

poiana commented Oct 17, 2023

LGTM label has been added.

Git tree hash: 1c96a99b3fa1876dfca6e21ecb9b0bb3bffa36ec

FedeDP
FedeDP approved these changes Oct 17, 2023
View reviewed changes
Copy link
Contributor

@FedeDP FedeDP left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

/approve

@poiana
Copy link
Contributor

poiana commented Oct 17, 2023

[APPROVALNOTIFIER] This PR is APPROVED

This pull-request has been approved by: Andreagit97, FedeDP, therealbobo

The full list of commands accepted by this bot can be found here.

The pull request process is described here

Needs approval from an approver in each of these files:

Approvers can indicate their approval by writing /approve in a comment
Approvers can cancel approval by writing /approve cancel in a comment

@FedeDP
Copy link
Contributor

FedeDP commented Oct 17, 2023

/unhold

@poiana poiana merged commit 5b4e28d into falcosecurity:master Oct 17, 2023
30 checks passed
@deepskyblue86 deepskyblue86 mentioned this pull request Jul 23, 2024
Merged
@deepskyblue86
Copy link
Contributor

Github PR mention works the other way around I thought it did: #1960 (comment)
Mentioning here to have this PR popping up in the new one :D

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@Andreagit97 Andreagit97 Andreagit97 approved these changes

@FedeDP FedeDP FedeDP approved these changes

@hbrueckner hbrueckner Awaiting requested review from hbrueckner

@LucaGuerra LucaGuerra Awaiting requested review from LucaGuerra

Assignees

@FedeDP FedeDP

@Andreagit97 Andreagit97

Labels
approved area/driver-bpf area/driver-kmod area/driver-modern-bpf dco-signoff: yes kind/bug Something isn't working lgtm release-note-none size/L
Projects
None yet
Milestone
7.0.0+driver
Development

Successfully merging this pull request may close these issues.
5 participants
@therealbobo @FedeDP @poiana @deepskyblue86 @Andreagit97