!124 [sync] PR-123: backport patches from upstream

From: @openeuler-sync-bot 
Reviewed-by: @nlgwcy 
Signed-off-by: @nlgwcy

backport-libbpf-Fix-NULL-pointer-dereference-in_bpf_object__c.patch

@@ -0,0 +1,65 @@
+From c008eb921eec064f01263b2a5577dc668b27b0cc Mon Sep 17 00:00:00 2001
+From: Mingyi Zhang <zhangmingyi5@huawei.com>
+Date: Thu, 21 Dec 2023 11:39:47 +0800
+Subject: [PATCH] libbpf: Fix NULL pointer dereference in
+ bpf_object__collect_prog_relos
+
+An issue occurred while reading an ELF file in libbpf.c during fuzzing:
+
+	Program received signal SIGSEGV, Segmentation fault.
+	0x0000000000958e97 in bpf_object.collect_prog_relos () at libbpf.c:4206
+	4206 in libbpf.c
+	(gdb) bt
+	#0 0x0000000000958e97 in bpf_object.collect_prog_relos () at libbpf.c:4206
+	#1 0x000000000094f9d6 in bpf_object.collect_relos () at libbpf.c:6706
+	#2 0x000000000092bef3 in bpf_object_open () at libbpf.c:7437
+	#3 0x000000000092c046 in bpf_object.open_mem () at libbpf.c:7497
+	#4 0x0000000000924afa in LLVMFuzzerTestOneInput () at fuzz/bpf-object-fuzzer.c:16
+	#5 0x000000000060be11 in testblitz_engine::fuzzer::Fuzzer::run_one ()
+	#6 0x000000000087ad92 in tracing::span::Span::in_scope ()
+	#7 0x00000000006078aa in testblitz_engine::fuzzer::util::walkdir ()
+	#8 0x00000000005f3217 in testblitz_engine::entrypoint::main::{{closure}} ()
+	#9 0x00000000005f2601 in main ()
+	(gdb)
+
+scn_data was null at this code(tools/lib/bpf/src/libbpf.c):
+
+	if (rel->r_offset % BPF_INSN_SZ || rel->r_offset >= scn_data->d_size) {
+
+The scn_data is derived from the code above:
+
+	scn = elf_sec_by_idx(obj, sec_idx);
+	scn_data = elf_sec_data(obj, scn);
+
+	relo_sec_name = elf_sec_str(obj, shdr->sh_name);
+	sec_name = elf_sec_name(obj, scn);
+	if (!relo_sec_name || !sec_name)// don't check whether scn_data is NULL
+		return -EINVAL;
+
+In certain special scenarios, such as reading a malformed ELF file,
+it is possible that scn_data may be a null pointer
+
+Signed-off-by: Mingyi Zhang <zhangmingyi5@huawei.com>
+Signed-off-by: Xin Liu <liuxin350@huawei.com>
+Signed-off-by: Changye Wu <wuchangye@huawei.com>
+Signed-off-by: Andrii Nakryiko <andrii@kernel.org>
+Signed-off-by: Daniel Borkmann <daniel@iogearbox.net>
+Acked-by: Daniel Borkmann <daniel@iogearbox.net>
+Link: https://lore.kernel.org/bpf/20231221033947.154564-1-liuxin350@huawei.com
+---
+ src/libbpf.c | 2 ++
+ 1 file changed, 2 insertions(+)
+
+diff --git a/src/libbpf.c b/src/libbpf.c
+index ac54ebc06..ebcfb2147 100644
+--- a/src/libbpf.c
++++ b/src/libbpf.c
+@@ -4355,6 +4355,8 @@ bpf_object__collect_prog_relos(struct bpf_object *obj, Elf64_Shdr *shdr, Elf_Dat
+ 
+ 	scn = elf_sec_by_idx(obj, sec_idx);
+ 	scn_data = elf_sec_data(obj, scn);
++	if (!scn_data)
++		return -LIBBPF_ERRNO__FORMAT;
+ 
+ 	relo_sec_name = elf_sec_str(obj, shdr->sh_name);
+ 	sec_name = elf_sec_name(obj, scn);

libbpf.spec

@@ -4,7 +4,7 @@
 
 Name:           %{githubname}
 Version:        %{githubver}
-Release:        1
+Release:        2
 Summary:        Libbpf library
 
 License:        LGPLv2 or BSD
@@ -16,6 +16,7 @@ BuildRequires:  make
 Patch0000:      backport-libbpf-Ensure-FD-3-during-bpf_map__reuse_fd.patch
 Patch0001:      backport-libbpf-Ensure-libbpf-always-opens-files-with-O_CLOEX.patch
 Patch0002:      backport-libbpf-Set-close-on-exec-flag-on-gzopen.patch
+Patch0003:      backport-libbpf-Fix-NULL-pointer-dereference-in_bpf_object__c.patch
 
 # This package supersedes libbpf from kernel-tools,
 # which has default Epoch: 0. By having Epoch: 1
@@ -68,6 +69,10 @@ developing applications that use %{name}
 %{_libdir}/libbpf.a
 
 %changelog
+* Mon Apr 15 2024 zhangmingyi <zhangmingyi5@huawei.com> 2:1.2.2-2
+- backport patches from upstream:
+  backport-libbpf-Fix-NULL-pointer-dereference-in_bpf_object__c.patch
+
 * Fri Jan 19 2024 zhangmingyi <zhangmingyi5@huawei.com> 2:1.2.2-1
 - update to version 1.2.2