Received: by 2002:ab2:710b:0:b0:1ef:a325:1205 with SMTP id z11csp402121lql;
        Mon, 11 Mar 2024 06:22:32 -0700 (PDT)
X-Forwarded-Encrypted: i=3; AJvYcCU/tQAVJt5On4VW+DIZQMaZmYzou3yttPe+f7OGIk7U1rdUCqYJc7ztJl+O45EYlLKUwix+3Z2LzU8hifoPDWb1s/KoNP6iIkLMPwyeBg==
X-Google-Smtp-Source: AGHT+IHb5nX0ffoBg2Us+c/zpdLPyLm/88rUNOiI6a31d+CO261XeAaLE2hpo9uSjd3pCVCwBkH+
X-Received: by 2002:a05:6a20:43a5:b0:1a1:8b4a:e443 with SMTP id i37-20020a056a2043a500b001a18b4ae443mr9596860pzl.28.1710163352260;
        Mon, 11 Mar 2024 06:22:32 -0700 (PDT)
ARC-Seal: i=2; a=rsa-sha256; t=1710163352; cv=pass;
        d=google.com; s=arc-20160816;
        b=PDBN7RJKn/RV+E0FY0l2Jc9bgk/nSl8ECXsF7wJAtoT70bZxE6f486MpTcNEfufXs9
         8qAqaae9ZGUILNiRpqOF/RLTNGlyWXxkfEys2eQQOvl3gZiyO+5QIWfHcuCcV+hfvTq/
         RLw94pX6IiyQWteU0PPAnbbxCZFsw8NdJPQhGEZxXz29NbZVH5GCsq49jE9HPP8TaDma
         mo/l+CuxJNhzNYtqhzQehjjMk1Q4JThQzC0Fl83qZQ4QFhC5Up177eUIBaD9V1yKahvH
         sqF+zqRviQaYFG2lO+HOp6/1k/nYEEJwjhHYSkW2Z5ApQP6ElwVaAWkIB53NsJBJrTNG
         rQAQ==
ARC-Message-Signature: i=2; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816;
        h=content-transfer-encoding:mime-version:list-unsubscribe
         :list-subscribe:list-id:precedence:references:in-reply-to:date
         :subject:cc:to:from:message-id:dkim-signature;
        bh=jmpH0Xkw0Njp0yvCShHoL5DVGZlUug/nMtr2L4QpBJ4=;
        fh=7Ys2CoHYnI3m7yNVYCmlppBbVu9CbxxCD/JE4a4EWQY=;
        b=IgPxxV1MLrKPONF6HcQBR5mSwoj5yqcJSTjI5gR+06Wbtdo8avxdyIMKB5rzM+1VKS
         Kkci8fAuU5lP3n9r/SspBiYT3N7MXByv9/eCoAENuWOkxnbWFXFrEazx8ckPHX59ck5A
         Wh2ZLhXev6Op+gEB+ifS0RTGyTAE0nlvbyxkqeBQfr0Gm1+dJRyiw3RagQtm9nslllWT
         F209TUyh8AKSwCccSuxU6XmjNtV1Z7IwFQbrJvNMZ+EIZHQtk420X2XyeI+h44+rzwTr
         59nfDGDagMzuETR63ZkFIk2QxmkPuwuPZmLzvA8gJiL6vSeGJzEd3Ruo4dxG/iZNSubI
         VOyQ==;
        dara=google.com
ARC-Authentication-Results: i=2; mx.google.com;
       dkim=pass header.i=@qq.com header.s=s201512 header.b=exreY1fl;
       arc=pass (i=1 spf=pass spfdomain=qq.com dkim=pass dkdomain=qq.com dmarc=pass fromdomain=qq.com);
       spf=pass (google.com: domain of linux-kernel+bounces-98864-linux.lists.archive=gmail.com@vger.kernel.org designates 147.75.48.161 as permitted sender) smtp.mailfrom="linux-kernel+bounces-98864-linux.lists.archive=gmail.com@vger.kernel.org";
       dmarc=pass (p=QUARANTINE sp=QUARANTINE dis=NONE) header.from=qq.com
Return-Path: <linux-kernel+bounces-98864-linux.lists.archive=gmail.com@vger.kernel.org>
Received: from sy.mirrors.kernel.org (sy.mirrors.kernel.org. [147.75.48.161])
        by mx.google.com with ESMTPS id f4-20020a635104000000b005dba8009eb2si4625551pgb.724.2024.03.11.06.22.31
        for <linux.lists.archive@gmail.com>
        (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256);
        Mon, 11 Mar 2024 06:22:32 -0700 (PDT)
Received-SPF: pass (google.com: domain of linux-kernel+bounces-98864-linux.lists.archive=gmail.com@vger.kernel.org designates 147.75.48.161 as permitted sender) client-ip=147.75.48.161;
Authentication-Results: mx.google.com;
       dkim=pass header.i=@qq.com header.s=s201512 header.b=exreY1fl;
       arc=pass (i=1 spf=pass spfdomain=qq.com dkim=pass dkdomain=qq.com dmarc=pass fromdomain=qq.com);
       spf=pass (google.com: domain of linux-kernel+bounces-98864-linux.lists.archive=gmail.com@vger.kernel.org designates 147.75.48.161 as permitted sender) smtp.mailfrom="linux-kernel+bounces-98864-linux.lists.archive=gmail.com@vger.kernel.org";
       dmarc=pass (p=QUARANTINE sp=QUARANTINE dis=NONE) header.from=qq.com
Received: from smtp.subspace.kernel.org (wormhole.subspace.kernel.org [52.25.139.140])
	(using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
	(No client certificate requested)
	by sy.mirrors.kernel.org (Postfix) with ESMTPS id 5F45DB2163A
	for <linux.lists.archive@gmail.com>; Mon, 11 Mar 2024 13:22:22 +0000 (UTC)
Received: from localhost.localdomain (localhost.localdomain [127.0.0.1])
	by smtp.subspace.kernel.org (Postfix) with ESMTP id 47F003D995;
	Mon, 11 Mar 2024 13:22:11 +0000 (UTC)
Authentication-Results: smtp.subspace.kernel.org;
	dkim=pass (1024-bit key) header.d=qq.com header.i=@qq.com header.b="exreY1fl"
Received: from out203-205-251-80.mail.qq.com (out203-205-251-80.mail.qq.com [203.205.251.80])
	(using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
	(No client certificate requested)
	by smtp.subspace.kernel.org (Postfix) with ESMTPS id 074913D541;
	Mon, 11 Mar 2024 13:22:06 +0000 (UTC)
Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=203.205.251.80
ARC-Seal:i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116;
	t=1710163330; cv=none; b=XgCIo0Hbigrn3UZK1mOhEkVySwwyNP2uhCxxMLrEBDJSEUXlZaeWwPZVBBpUU58bWK7H2CAnw7BdcFBe57B5ykUAiyu7Grz3+kSMfAxYMwwyrE1pmlrX7aOzM5SiBz4i8LAPbDKzxjUcvrKQbJ1c5A0jFYK3zwZjnn7w2rQpf78=
ARC-Message-Signature:i=1; a=rsa-sha256; d=subspace.kernel.org;
	s=arc-20240116; t=1710163330; c=relaxed/simple;
	bh=3+xxg4ETzFMb63127mOvBTZyTlYXtPpq7mf4zurTLq8=;
	h=Message-ID:From:To:Cc:Subject:Date:In-Reply-To:References:
	 MIME-Version; b=oUcuk8t8hsPf9OWebUUSMHB4rHVGqp8hLH5MRI/oTCmNyQXegfryN7ePxRvau0aHuVQTeNn1lwzA/WpyDjPOAYWk7GGr8LArfzBfCdRKNJWGvXOAWn9PyMdn2qW1xqF3ml49UdFqyjbdITHS8R4x5A866eU6ojMNOY7OkEX4ahw=
ARC-Authentication-Results:i=1; smtp.subspace.kernel.org; dmarc=pass (p=quarantine dis=none) header.from=qq.com; spf=pass smtp.mailfrom=qq.com; dkim=pass (1024-bit key) header.d=qq.com header.i=@qq.com header.b=exreY1fl; arc=none smtp.client-ip=203.205.251.80
Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=quarantine dis=none) header.from=qq.com
Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=qq.com
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=qq.com; s=s201512;
	t=1710163024; bh=jmpH0Xkw0Njp0yvCShHoL5DVGZlUug/nMtr2L4QpBJ4=;
	h=From:To:Cc:Subject:Date:In-Reply-To:References;
	b=exreY1flqzqsX+X/AraI0T1Nju60JrXKeyNndBVXS0zQJetgD7r9zeQgqjvJyuu29
	 XhZ1BNlf/B9SdhHQ05DJbmTH7ecz2wD7JM1OT6aXaLqq2X9kN/lGRVsWrnvYUdxZ1J
	 q7Gzgu+3iCMq6n6tWBXeL/+PzMpMsRejGMHtmVQo=
Received: from pek-lxu-l1.wrs.com ([2408:8409:ce0:38d1:a032:4bf1:303d:acae])
	by newxmesmtplogicsvrszc5-0.qq.com (NewEsmtp) with SMTP
	id 43B1EC66; Mon, 11 Mar 2024 21:16:59 +0800
X-QQ-mid: xmsmtpt1710163019tizb048h8
Message-ID: <tencent_E4EB1B6A2584BA2BBBB733409EAE1B524B08@qq.com>
X-QQ-XMAILINFO: MmpliBmRb3iCgT0VMlIhb+FmTZpopN2STe9Rpls2NzUeAxSrxH/8n5o9V1Q532
	 XalIkpEluGgCj+13jp8n+U3FhVcjxGqz+JRiNu2Y86z9DqWgnJW3hIQqhwg5H758gHGZQCN2KQZU
	 r/WZLhpjr0sDyi1NkA1nsmAbY4PrwqVZM/rTgPiY1/mX0ab0RmZ7YBd1wjEiq41zGojj9IxANxNa
	 wI2kehu+cTFurcyI88BkV07/88joj4kbhU88Ain3klpc+Ldz9EYpM2WEOXpjExZNoTc4wvgVBVdC
	 PRCPVy5muBMh1mYZuclcZVyegXKhf83Q1IWBDvuJ8Gs+9UKM7HwsbZe10TbRnfgBp8h/D8vfIQ0M
	 qU0eSEst5bwjpv2SDKa6ryidJwK5XaNeqG5+zbCBiXZqACBpwqnX6f+J/JlrjGl6l+5E/vCFVy8G
	 IqBq20PXFXWjezNSDdghACiNUNFrZRFhydhpnmExLDNGn3pCwHv2MbCO5HwolKRCgmM2Pc4jidKF
	 /Xq80gc/OKGHdNjgabz5qcbMK6JvVvlCeRN2zUxOOOWc0IJk4RwFsDrxe8witxvER7sfVTBTMB2C
	 3GjLR+PBEgCeS3CYrwU3VsyXW5Iy5UZVQC1iNPL67UutL8f8iEW2XrEkRkg/c0hl87/SQwtHjEr9
	 Wyh3Auu+N7Kbe1Z1Xck/Lj5M1rLSiIeL7W32Q8/XV6d6JNe6nv+2sm2z5e5RWMUYETJG90ujnNVT
	 kL9RBcKB+GKbEJr/YO6kx62ks/9aPnZAMFmo+RTg292Mgpqc121wkKWGW/l2bL2ogBI3yNK5pVXI
	 ttrtgncvCMEfFoJtAv3LxTzvpPidPPV7OxNhQvScOLKL4Ok/zPbQQRmFNFKQEnTVzhiAnpl+f4gG
	 aUXF37kApDf6oxNxjcGZEp+tvd/m7bhoE+db+gNiEFAEo0pT5mzW4X42gax59EKn/kU3dllEHh
X-QQ-XMRINFO: Mp0Kj//9VHAxr69bL5MkOOs=
From: Edward Adam Davis <eadavis@qq.com>
To: syzbot+cc32304f6487ebff9b70@syzkaller.appspotmail.com
Cc: andrii@kernel.org,
	ast@kernel.org,
	bpf@vger.kernel.org,
	daniel@iogearbox.net,
	eddyz87@gmail.com,
	haoluo@google.com,
	john.fastabend@gmail.com,
	jolsa@kernel.org,
	kpsingh@kernel.org,
	linux-kernel@vger.kernel.org,
	martin.lau@linux.dev,
	netdev@vger.kernel.org,
	sdf@google.com,
	song@kernel.org,
	syzkaller-bugs@googlegroups.com,
	yonghong.song@linux.dev
Subject: [PATCH bpf-next] bpf: fix oob in btf_name_valid_section
Date: Mon, 11 Mar 2024 21:16:59 +0800
X-OQ-MSGID: <20240311131658.161143-2-eadavis@qq.com>
X-Mailer: git-send-email 2.43.0
In-Reply-To: <00000000000081fb0d06135eb3ca@google.com>
References: <00000000000081fb0d06135eb3ca@google.com>
Precedence: bulk
X-Mailing-List: linux-kernel@vger.kernel.org
List-Id: <linux-kernel.vger.kernel.org>
List-Subscribe: <mailto:linux-kernel+subscribe@vger.kernel.org>
List-Unsubscribe: <mailto:linux-kernel+unsubscribe@vger.kernel.org>
MIME-Version: 1.0
Content-Transfer-Encoding: 8bit

Check the first char of the BTF DATASEC names.

Fixes: bd70a8fb7ca4 ("bpf: Allow all printable characters in BTF DATASEC names")
Reported-and-tested-by: syzbot+cc32304f6487ebff9b70@syzkaller.appspotmail.com
Signed-off-by: Edward Adam Davis <eadavis@qq.com>
---
 kernel/bpf/btf.c | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/kernel/bpf/btf.c b/kernel/bpf/btf.c
index 170d017e8e4a..dda0aa0d7175 100644
--- a/kernel/bpf/btf.c
+++ b/kernel/bpf/btf.c
@@ -816,6 +816,8 @@ static bool btf_name_valid_section(const struct btf *btf, u32 offset)
 	const char *src = btf_str_by_offset(btf, offset);
 	const char *src_limit;
 
+	if (!isprint(*src))
+		return false;
 	/* set a limit on identifier length */
 	src_limit = src + KSYM_NAME_LEN;
 	src++;
-- 
2.43.0