In the Linux kernel, the following vulnerability has been resolved:
bpf: Check rcureadlocktraceheld() before calling bpf map helpers
These three bpfmap{lookup,update,delete}elem() helpers are also available for sleepable bpf program, so add the corresponding lock assertion for sleepable bpf program, otherwise the following warning will be reported when a sleepable bpf program manipulates bpf map under interpreter mode (aka bpfjit_enable=0):
WARNING: CPU: 3 PID: 4985 at kernel/bpf/helpers.c:40 ...... CPU: 3 PID: 4985 Comm: testprogs Not tainted 6.6.0+ #2 Hardware name: QEMU Standard PC (i440FX + PIIX, 1996) ...... RIP: 0010:bpfmaplookupelem+0x54/0x60 ...... Call Trace: <TASK> ? warn+0xa5/0x240 ? bpfmaplookupelem+0x54/0x60 ? reportbug+0x1ba/0x1f0 ? handlebug+0x40/0x80 ? excinvalidop+0x18/0x50 ? asmexcinvalidop+0x1b/0x20 ? _pfxbpfmaplookupelem+0x10/0x10 ? rculockdepcurrentcpuonline+0x65/0xb0 ? rcuiswatching+0x23/0x50 ? bpfmaplookupelem+0x54/0x60 ? _pfxbpfmaplookupelem+0x10/0x10 _bpfprogrun+0x513/0x3b70 _bpfprogrun32+0x9d/0xd0 ? _bpfprogentersleepablerecur+0xad/0x120 ? _bpfprogentersleepablerecur+0x3e/0x120 bpftrampoline6442580665+0x4d/0x1000 _x64sysgetpgid+0x5/0x30 ? dosyscall64+0x36/0xb0 entrySYSCALL64after_hwframe+0x6e/0x76 </TASK>
{ "vanir_signatures": [ { "digest": { "length": 165.0, "function_hash": "332123167951848661103270114265901262859" }, "target": { "file": "kernel/bpf/helpers.c", "function": "BPF_CALL_2" }, "deprecated": false, "source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@483cb92334cd7f1d5387dccc0ab5d595d27a669d", "signature_version": "v1", "id": "CVE-2023-52621-08d621f8", "signature_type": "Function" }, { "digest": { "threshold": 0.9, "line_hashes": [ "96872817003397444187703044959303820779", "207825694028387507450508505175093515972", "30483378466287296034294445305648618261", "217945611802410357242778390487547572031", "109871045183244391018686088640846121923", "193145643238916782493154892038382974393", "262964687112002674790634831216287823316", "240545739502812538001596195093869495085", "84703609915953477603158008260274902487", "8401572988649401961303149097204389114", "275722246978655653892298144460652118210", "314413222422554153114963631494101131346", "312453657900287206004566286411663038470", "151725765844263638447686101487578064490" ] }, "target": { "file": "kernel/bpf/helpers.c" }, "deprecated": false, "source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@169410eba271afc9f0fb476d996795aa26770c6d", "signature_version": "v1", "id": "CVE-2023-52621-4fb79960", "signature_type": "Line" }, { "digest": { "length": 197.0, "function_hash": "189503855458082390962096292625015782040" }, "target": { "file": "kernel/bpf/helpers.c", "function": "BPF_CALL_4" }, "deprecated": false, "source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@82f2df94dac1aa9b879e74d1f82ba1b631bdc612", "signature_version": "v1", "id": "CVE-2023-52621-6e09e36f", "signature_type": "Function" }, { "digest": { "threshold": 0.9, "line_hashes": [ "157533969009752393165104223436707667905", "139348717687408744242105717297330500172", "30483378466287296034294445305648618261", "217945611802410357242778390487547572031", "109871045183244391018686088640846121923", "193145643238916782493154892038382974393", "262964687112002674790634831216287823316", "240545739502812538001596195093869495085", "84703609915953477603158008260274902487", "8401572988649401961303149097204389114", "275722246978655653892298144460652118210", "314413222422554153114963631494101131346", "312453657900287206004566286411663038470", "151725765844263638447686101487578064490" ] }, "target": { "file": "kernel/bpf/helpers.c" }, "deprecated": false, "source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@d6d6fe4bb105595118f12abeed4a7bdd450853f3", "signature_version": "v1", "id": "CVE-2023-52621-7fa8fa18", "signature_type": "Line" }, { "digest": { "length": 215.0, "function_hash": "54872459676065459913055711968079041866" }, "target": { "file": "kernel/bpf/helpers.c", "function": "BPF_CALL_4" }, "deprecated": false, "source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@d6d6fe4bb105595118f12abeed4a7bdd450853f3", "signature_version": "v1", "id": "CVE-2023-52621-88180968", "signature_type": "Function" }, { "digest": { "length": 215.0, "function_hash": "54872459676065459913055711968079041866" }, "target": { "file": "kernel/bpf/helpers.c", "function": "BPF_CALL_4" }, "deprecated": false, "source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@483cb92334cd7f1d5387dccc0ab5d595d27a669d", "signature_version": "v1", "id": "CVE-2023-52621-89d836bc", "signature_type": "Function" }, { "digest": { "length": 184.0, "function_hash": "291785429982378755176590360773920732647" }, "target": { "file": "kernel/bpf/helpers.c", "function": "BPF_CALL_2" }, "deprecated": false, "source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@c7f1b6146f4a46d727c0d046284c28b6882c6304", "signature_version": "v1", "id": "CVE-2023-52621-9133f0d0", "signature_type": "Function" }, { "digest": { "length": 165.0, "function_hash": "332123167951848661103270114265901262859" }, "target": { "file": "kernel/bpf/helpers.c", "function": "BPF_CALL_2" }, "deprecated": false, "source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@d6d6fe4bb105595118f12abeed4a7bdd450853f3", "signature_version": "v1", "id": "CVE-2023-52621-96647060", "signature_type": "Function" }, { "digest": { "length": 147.0, "function_hash": "213774245312695755207622609425460014359" }, "target": { "file": "kernel/bpf/helpers.c", "function": "BPF_CALL_2" }, "deprecated": false, "source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@82f2df94dac1aa9b879e74d1f82ba1b631bdc612", "signature_version": "v1", "id": "CVE-2023-52621-a18ec396", "signature_type": "Function" }, { "digest": { "length": 215.0, "function_hash": "54872459676065459913055711968079041866" }, "target": { "file": "kernel/bpf/helpers.c", "function": "BPF_CALL_4" }, "deprecated": false, "source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@c7f1b6146f4a46d727c0d046284c28b6882c6304", "signature_version": "v1", "id": "CVE-2023-52621-a5c39fdb", "signature_type": "Function" }, { "digest": { "threshold": 0.9, "line_hashes": [ "96872817003397444187703044959303820779", "207825694028387507450508505175093515972", "30483378466287296034294445305648618261", "217945611802410357242778390487547572031", "109871045183244391018686088640846121923", "193145643238916782493154892038382974393", "262964687112002674790634831216287823316", "240545739502812538001596195093869495085", "84703609915953477603158008260274902487", "8401572988649401961303149097204389114", "275722246978655653892298144460652118210", "314413222422554153114963631494101131346", "312453657900287206004566286411663038470", "151725765844263638447686101487578064490" ] }, "target": { "file": "kernel/bpf/helpers.c" }, "deprecated": false, "source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@c7f1b6146f4a46d727c0d046284c28b6882c6304", "signature_version": "v1", "id": "CVE-2023-52621-a9862e6f", "signature_type": "Line" }, { "digest": { "length": 184.0, "function_hash": "291785429982378755176590360773920732647" }, "target": { "file": "kernel/bpf/helpers.c", "function": "BPF_CALL_2" }, "deprecated": false, "source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@483cb92334cd7f1d5387dccc0ab5d595d27a669d", "signature_version": "v1", "id": "CVE-2023-52621-b84d6a26", "signature_type": "Function" }, { "digest": { "threshold": 0.9, "line_hashes": [ "335720505905497375462796186569923269820", "187499131286131785677485108816459930499", "210531420839047465029584262006827403664", "164872655937758345827681760873899616653", "30483378466287296034294445305648618261", "217945611802410357242778390487547572031", "109871045183244391018686088640846121923", "193145643238916782493154892038382974393", "262964687112002674790634831216287823316", "240545739502812538001596195093869495085", "84703609915953477603158008260274902487", "8401572988649401961303149097204389114", "275722246978655653892298144460652118210", "314413222422554153114963631494101131346", "312453657900287206004566286411663038470", "151725765844263638447686101487578064490" ] }, "target": { "file": "kernel/bpf/helpers.c" }, "deprecated": false, "source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@3516f93cc63d956e1b290ae4b7bf2586074535a0", "signature_version": "v1", "id": "CVE-2023-52621-b851bb59", "signature_type": "Line" }, { "digest": { "length": 166.0, "function_hash": "321491641760743281472685671096437704396" }, "target": { "file": "kernel/bpf/helpers.c", "function": "BPF_CALL_2" }, "deprecated": false, "source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@82f2df94dac1aa9b879e74d1f82ba1b631bdc612", "signature_version": "v1", "id": "CVE-2023-52621-bbc6de46", "signature_type": "Function" }, { "digest": { "threshold": 0.9, "line_hashes": [ "326401187311637419448327568557277371029", "44759584489428549906065400761965896718", "30483378466287296034294445305648618261", "217945611802410357242778390487547572031", "109871045183244391018686088640846121923", "193145643238916782493154892038382974393", "262964687112002674790634831216287823316", "240545739502812538001596195093869495085", "84703609915953477603158008260274902487", "8401572988649401961303149097204389114", "275722246978655653892298144460652118210", "314413222422554153114963631494101131346", "312453657900287206004566286411663038470", "151725765844263638447686101487578064490" ] }, "target": { "file": "kernel/bpf/helpers.c" }, "deprecated": false, "source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@483cb92334cd7f1d5387dccc0ab5d595d27a669d", "signature_version": "v1", "id": "CVE-2023-52621-bdc0f59b", "signature_type": "Line" }, { "digest": { "length": 165.0, "function_hash": "332123167951848661103270114265901262859" }, "target": { "file": "kernel/bpf/helpers.c", "function": "BPF_CALL_2" }, "deprecated": false, "source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@3516f93cc63d956e1b290ae4b7bf2586074535a0", "signature_version": "v1", "id": "CVE-2023-52621-c84a63ac", "signature_type": "Function" }, { "digest": { "threshold": 0.9, "line_hashes": [ "335720505905497375462796186569923269820", "187499131286131785677485108816459930499", "210531420839047465029584262006827403664", "164872655937758345827681760873899616653", "112301331431361808730405491548756372714", "3666708460089962819415470979021089329", "245355470443019155606965354139894346038", "93339019038624150978854348959294015087", "73101168242483613657668132580420210555", "290703368109980521997850444215580698943", "306748051051784920260201495405785450044", "275014807559697474886253393488313570111", "212137573927035024461519768442992993463", "274112134504456214647431790804120561393", "233284141963893248764036936310209404104", "272388481858288403200917669334087313365" ] }, "target": { "file": "kernel/bpf/helpers.c" }, "deprecated": false, "source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@82f2df94dac1aa9b879e74d1f82ba1b631bdc612", "signature_version": "v1", "id": "CVE-2023-52621-c99ac852", "signature_type": "Line" }, { "digest": { "length": 165.0, "function_hash": "332123167951848661103270114265901262859" }, "target": { "file": "kernel/bpf/helpers.c", "function": "BPF_CALL_2" }, "deprecated": false, "source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@c7f1b6146f4a46d727c0d046284c28b6882c6304", "signature_version": "v1", "id": "CVE-2023-52621-dc3e211d", "signature_type": "Function" }, { "digest": { "length": 184.0, "function_hash": "291785429982378755176590360773920732647" }, "target": { "file": "kernel/bpf/helpers.c", "function": "BPF_CALL_2" }, "deprecated": false, "source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@3516f93cc63d956e1b290ae4b7bf2586074535a0", "signature_version": "v1", "id": "CVE-2023-52621-e04b0356", "signature_type": "Function" }, { "digest": { "length": 215.0, "function_hash": "54872459676065459913055711968079041866" }, "target": { "file": "kernel/bpf/helpers.c", "function": "BPF_CALL_4" }, "deprecated": false, "source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@3516f93cc63d956e1b290ae4b7bf2586074535a0", "signature_version": "v1", "id": "CVE-2023-52621-e8984233", "signature_type": "Function" }, { "digest": { "length": 184.0, "function_hash": "291785429982378755176590360773920732647" }, "target": { "file": "kernel/bpf/helpers.c", "function": "BPF_CALL_2" }, "deprecated": false, "source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@d6d6fe4bb105595118f12abeed4a7bdd450853f3", "signature_version": "v1", "id": "CVE-2023-52621-e92bb59e", "signature_type": "Function" }, { "digest": { "length": 165.0, "function_hash": "332123167951848661103270114265901262859" }, "target": { "file": "kernel/bpf/helpers.c", "function": "BPF_CALL_2" }, "deprecated": false, "source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@169410eba271afc9f0fb476d996795aa26770c6d", "signature_version": "v1", "id": "CVE-2023-52621-f04e26d6", "signature_type": "Function" }, { "digest": { "length": 184.0, "function_hash": "291785429982378755176590360773920732647" }, "target": { "file": "kernel/bpf/helpers.c", "function": "BPF_CALL_2" }, "deprecated": false, "source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@169410eba271afc9f0fb476d996795aa26770c6d", "signature_version": "v1", "id": "CVE-2023-52621-f65f3be1", "signature_type": "Function" }, { "digest": { "length": 215.0, "function_hash": "54872459676065459913055711968079041866" }, "target": { "file": "kernel/bpf/helpers.c", "function": "BPF_CALL_4" }, "deprecated": false, "source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@169410eba271afc9f0fb476d996795aa26770c6d", "signature_version": "v1", "id": "CVE-2023-52621-f76b192d", "signature_type": "Function" } ] }