drop libbpf-fix-null-pointer-dereference-in-bpf_object__c.patch

From 5.10 and 5.4 as the backports were incorrect (one even broke the
build.)

diff --git a/queue-5.10/libbpf-fix-null-pointer-dereference-in-bpf_object__c.patch b/queue-5.10/libbpf-fix-null-pointer-dereference-in-bpf_object__c.patch
deleted file mode 100644 (file)
index 9b3c42a..0000000
--- a/queue-5.10/libbpf-fix-null-pointer-dereference-in-bpf_object__c.patch
+++ /dev/null
@@ -1,73 +0,0 @@
-From 8cced0065821117fbd6f203f7f0c47d8add550df Mon Sep 17 00:00:00 2001
-From: Sasha Levin <sashal@kernel.org>
-Date: Thu, 21 Dec 2023 11:39:47 +0800
-Subject: libbpf: Fix NULL pointer dereference in
- bpf_object__collect_prog_relos
-
-From: Mingyi Zhang <zhangmingyi5@huawei.com>
-
-[ Upstream commit fc3a5534e2a8855427403113cbeb54af5837bbe0 ]
-
-An issue occurred while reading an ELF file in libbpf.c during fuzzing:
-
-       Program received signal SIGSEGV, Segmentation fault.
-       0x0000000000958e97 in bpf_object.collect_prog_relos () at libbpf.c:4206
-       4206 in libbpf.c
-       (gdb) bt
-       #0 0x0000000000958e97 in bpf_object.collect_prog_relos () at libbpf.c:4206
-       #1 0x000000000094f9d6 in bpf_object.collect_relos () at libbpf.c:6706
-       #2 0x000000000092bef3 in bpf_object_open () at libbpf.c:7437
-       #3 0x000000000092c046 in bpf_object.open_mem () at libbpf.c:7497
-       #4 0x0000000000924afa in LLVMFuzzerTestOneInput () at fuzz/bpf-object-fuzzer.c:16
-       #5 0x000000000060be11 in testblitz_engine::fuzzer::Fuzzer::run_one ()
-       #6 0x000000000087ad92 in tracing::span::Span::in_scope ()
-       #7 0x00000000006078aa in testblitz_engine::fuzzer::util::walkdir ()
-       #8 0x00000000005f3217 in testblitz_engine::entrypoint::main::{{closure}} ()
-       #9 0x00000000005f2601 in main ()
-       (gdb)
-
-scn_data was null at this code(tools/lib/bpf/src/libbpf.c):
-
-       if (rel->r_offset % BPF_INSN_SZ || rel->r_offset >= scn_data->d_size) {
-
-The scn_data is derived from the code above:
-
-       scn = elf_sec_by_idx(obj, sec_idx);
-       scn_data = elf_sec_data(obj, scn);
-
-       relo_sec_name = elf_sec_str(obj, shdr->sh_name);
-       sec_name = elf_sec_name(obj, scn);
-       if (!relo_sec_name || !sec_name)// don't check whether scn_data is NULL
-               return -EINVAL;
-
-In certain special scenarios, such as reading a malformed ELF file,
-it is possible that scn_data may be a null pointer
-
-Signed-off-by: Mingyi Zhang <zhangmingyi5@huawei.com>
-Signed-off-by: Xin Liu <liuxin350@huawei.com>
-Signed-off-by: Changye Wu <wuchangye@huawei.com>
-Signed-off-by: Andrii Nakryiko <andrii@kernel.org>
-Signed-off-by: Daniel Borkmann <daniel@iogearbox.net>
-Acked-by: Daniel Borkmann <daniel@iogearbox.net>
-Link: https://lore.kernel.org/bpf/20231221033947.154564-1-liuxin350@huawei.com
-Signed-off-by: Sasha Levin <sashal@kernel.org>
----
- tools/lib/bpf/libbpf.c | 2 ++
- 1 file changed, 2 insertions(+)
-
-diff --git a/tools/lib/bpf/libbpf.c b/tools/lib/bpf/libbpf.c
-index 015ed8253f73..0cbb1b43065f 100644
---- a/tools/lib/bpf/libbpf.c
-+++ b/tools/lib/bpf/libbpf.c
-@@ -3514,6 +3514,8 @@ bpf_object__collect_prog_relos(struct bpf_object *obj, GElf_Shdr *shdr, Elf_Data
-       __u32 insn_idx;
-       GElf_Sym sym;
-       GElf_Rel rel;
-+      if (!scn_data)
-+              return -LIBBPF_ERRNO__FORMAT;
- 
-       relo_sec_name = elf_sec_str(obj, shdr->sh_name);
-       sec_name = elf_sec_name(obj, elf_sec_by_idx(obj, sec_idx));
--- 
-2.43.0
-

diff --git a/queue-5.10/series b/queue-5.10/series
index 011c39fef371c451c721d253373ce694f9b9ef78..22f32986a0c087ea26dc2cfad9652b1a5856574f 100644 (file)
--- a/queue-5.10/series
+++ b/queue-5.10/series
@@ -168,7 +168,6 @@ md-whenassemble-the-array-consult-the-superblock-of-.patch
 arm64-dts-qcom-msm8996-fix-in-ports-is-a-required-pr.patch
 arm64-dts-qcom-msm8998-fix-out-ports-is-a-required-p.patch
 wifi-rtl8xxxu-add-additional-usb-ids-for-rtl8192eu-d.patch
-libbpf-fix-null-pointer-dereference-in-bpf_object__c.patch
 wifi-rtlwifi-rtl8723-be-ae-using-calculate_bit_shift.patch
 wifi-cfg80211-free-beacon_ies-when-overridden-from-h.patch
 bluetooth-qca-set-both-wideband_speech-and-le_states.patch

diff --git a/queue-5.4/libbpf-fix-null-pointer-dereference-in-bpf_object__c.patch b/queue-5.4/libbpf-fix-null-pointer-dereference-in-bpf_object__c.patch
deleted file mode 100644 (file)
index c2a1547..0000000
--- a/queue-5.4/libbpf-fix-null-pointer-dereference-in-bpf_object__c.patch
+++ /dev/null
@@ -1,73 +0,0 @@
-From 5508c8cae8ee384c83fd83b2a7915bf089d2d082 Mon Sep 17 00:00:00 2001
-From: Sasha Levin <sashal@kernel.org>
-Date: Thu, 21 Dec 2023 11:39:47 +0800
-Subject: libbpf: Fix NULL pointer dereference in
- bpf_object__collect_prog_relos
-
-From: Mingyi Zhang <zhangmingyi5@huawei.com>
-
-[ Upstream commit fc3a5534e2a8855427403113cbeb54af5837bbe0 ]
-
-An issue occurred while reading an ELF file in libbpf.c during fuzzing:
-
-       Program received signal SIGSEGV, Segmentation fault.
-       0x0000000000958e97 in bpf_object.collect_prog_relos () at libbpf.c:4206
-       4206 in libbpf.c
-       (gdb) bt
-       #0 0x0000000000958e97 in bpf_object.collect_prog_relos () at libbpf.c:4206
-       #1 0x000000000094f9d6 in bpf_object.collect_relos () at libbpf.c:6706
-       #2 0x000000000092bef3 in bpf_object_open () at libbpf.c:7437
-       #3 0x000000000092c046 in bpf_object.open_mem () at libbpf.c:7497
-       #4 0x0000000000924afa in LLVMFuzzerTestOneInput () at fuzz/bpf-object-fuzzer.c:16
-       #5 0x000000000060be11 in testblitz_engine::fuzzer::Fuzzer::run_one ()
-       #6 0x000000000087ad92 in tracing::span::Span::in_scope ()
-       #7 0x00000000006078aa in testblitz_engine::fuzzer::util::walkdir ()
-       #8 0x00000000005f3217 in testblitz_engine::entrypoint::main::{{closure}} ()
-       #9 0x00000000005f2601 in main ()
-       (gdb)
-
-scn_data was null at this code(tools/lib/bpf/src/libbpf.c):
-
-       if (rel->r_offset % BPF_INSN_SZ || rel->r_offset >= scn_data->d_size) {
-
-The scn_data is derived from the code above:
-
-       scn = elf_sec_by_idx(obj, sec_idx);
-       scn_data = elf_sec_data(obj, scn);
-
-       relo_sec_name = elf_sec_str(obj, shdr->sh_name);
-       sec_name = elf_sec_name(obj, scn);
-       if (!relo_sec_name || !sec_name)// don't check whether scn_data is NULL
-               return -EINVAL;
-
-In certain special scenarios, such as reading a malformed ELF file,
-it is possible that scn_data may be a null pointer
-
-Signed-off-by: Mingyi Zhang <zhangmingyi5@huawei.com>
-Signed-off-by: Xin Liu <liuxin350@huawei.com>
-Signed-off-by: Changye Wu <wuchangye@huawei.com>
-Signed-off-by: Andrii Nakryiko <andrii@kernel.org>
-Signed-off-by: Daniel Borkmann <daniel@iogearbox.net>
-Acked-by: Daniel Borkmann <daniel@iogearbox.net>
-Link: https://lore.kernel.org/bpf/20231221033947.154564-1-liuxin350@huawei.com
-Signed-off-by: Sasha Levin <sashal@kernel.org>
----
- tools/lib/bpf/libbpf.c | 2 ++
- 1 file changed, 2 insertions(+)
-
-diff --git a/tools/lib/bpf/libbpf.c b/tools/lib/bpf/libbpf.c
-index b8849812449c..4a62a4f051df 100644
---- a/tools/lib/bpf/libbpf.c
-+++ b/tools/lib/bpf/libbpf.c
-@@ -1497,6 +1497,8 @@ static int bpf_object__sanitize_and_load_btf(struct bpf_object *obj)
- 
-       bpf_object__sanitize_btf(obj);
-       bpf_object__sanitize_btf_ext(obj);
-+      if (!scn_data)
-+              return -LIBBPF_ERRNO__FORMAT;
- 
-       err = btf__load(obj->btf);
-       if (err) {
--- 
-2.43.0
-

diff --git a/queue-5.4/series b/queue-5.4/series
index 7cc4d54f915c7e4418ddccca9322e6d3baecd8a7..8fb5e501f87e99b4ce296bf3ce41b759e7def0ce 100644 (file)
--- a/queue-5.4/series
+++ b/queue-5.4/series
@@ -115,7 +115,6 @@ md-whenassemble-the-array-consult-the-superblock-of-.patch
 arm64-dts-qcom-msm8996-fix-in-ports-is-a-required-pr.patch
 arm64-dts-qcom-msm8998-fix-out-ports-is-a-required-p.patch
 wifi-rtl8xxxu-add-additional-usb-ids-for-rtl8192eu-d.patch
-libbpf-fix-null-pointer-dereference-in-bpf_object__c.patch
 wifi-rtlwifi-rtl8723-be-ae-using-calculate_bit_shift.patch
 wifi-cfg80211-free-beacon_ies-when-overridden-from-h.patch
 f2fs-fix-to-check-return-value-of-f2fs_reserve_new_b.patch