Description
In the Linux kernel, the following vulnerability has been resolved: bpf: crypto: Use the correct destructor kfunc type With CONFIG_CFI enabled, the kernel strictly enforces that indirect function calls use a function pointer type that matches the target function. I ran into the following type mismatch when running BPF self-tests: CFI failure at bpf_obj_free_fields+0x190/0x238 (target: bpf_crypto_ctx_release+0x0/0x94; expected type: 0xa488ebfc) Internal error: Oops - CFI: 00000000f2008228 [#1] SMP ... As bpf_crypto_ctx_release() is also used in BPF programs and using a void pointer as the argument would make the verifier unhappy, add a simple stub function with the correct type and register it as the destructor kfunc instead.
Product status
1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 (git) before 4e3e57dbf46dad3498f8c4219ce2dba756875962
1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 (git) before 50d6fd69388cc7b05dce72f09080674dcede4ac9
1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 (git) before 3979a550fe06b370d73647f59cf462fa525c9ec4
1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 (git) before b40a5d724f29fc2eed23ff353808a9aae616b48a
6.12.75 (semver)
6.18.16 (semver)
6.19.6 (semver)
7.0 (original_commit_for_fix)
References
git.kernel.org/...c/4e3e57dbf46dad3498f8c4219ce2dba756875962
git.kernel.org/...c/50d6fd69388cc7b05dce72f09080674dcede4ac9
git.kernel.org/...c/3979a550fe06b370d73647f59cf462fa525c9ec4
git.kernel.org/...c/b40a5d724f29fc2eed23ff353808a9aae616b48a