CVE-2024-56786 Information

Description

In the Linux kernel the following vulnerability has been resolved:

bpf: put bpf_link’s program when link is safe to be deallocated

In general BPF link’s underlying BPF program should be considered to be reachable through attach hook -> link -> prog chain and pessimistically we have to assume that as long as link’s memory is not safe to free attach hook’s code might hold a pointer to BPF program and use it.

As such it’s not (generally) correct to put link’s program early before waiting for RCU GPs to go through. More eager bpf_prog_put() that we currently do is mostly correct due to BPF program’s release code doing similar RCU GP waiting but as will be shown in the following patches BPF program can be non-sleepable (and thus reliant on only ## Reference https://git.kernel.org/stable/c/2fcb921c2799c49ac5e365cf4110f94a64ae4885 https://git.kernel.org/stable/c/5fe23c57abadfd46a7a66e81f3536e4757252a0b https://git.kernel.org/stable/c/f44ec8733a8469143fde1984b5e6931b2e2f6f3f