This set addresses issue about accessing invalid
ptr returned from bpf_tcp_sock() and bpf_sk_fullsock()
after bpf_sk_release().
v2:
- Remove refcount_id arg from release_reference() because
id == refcount_id
- Add a WARN_ON_ONCE to mark_ptr_or_null_regs() to catch
an internal verifier bug.
Martin KaFai Lau (2):
bpf: Fix bpf_tcp_sock and bpf_sk_fullsock issue related to
bpf_sk_release
bpf: Test ref release issue in bpf_tcp_sock and bpf_sk_fullsock.
include/linux/bpf_verifier.h | 9 ++
kernel/bpf/verifier.c | 86 +++++++++++--------
.../selftests/bpf/verifier/ref_tracking.c | 73 ++++++++++++++++
3 files changed, 134 insertions(+), 34 deletions(-)
--
2.17.1
