bpf: Check for NULL return from bpf_get_btf_vmlinux

When CONFIG_DEBUG_INFO_BTF is disabled, bpf_get_btf_vmlinux can return a
NULL pointer. Check for it in btf_get_module_btf to prevent a NULL pointer
dereference.

While kernel test robot only complained about this specific case, let's
also check for NULL in other call sites of bpf_get_btf_vmlinux.

Fixes: 9492450 ("bpf: Always raise reference in btf_get_module_btf")
Reported-by: kernel test robot <[email protected]>
Signed-off-by: Kumar Kartikeya Dwivedi <[email protected]>

Author: kkdwivedi

kernel/bpf/btf.c

@@ -534,6 +534,8 @@ static s32 bpf_find_btf_id(const char *name, u32 kind, struct btf **btf_p)
 	btf = bpf_get_btf_vmlinux();
 	if (IS_ERR(btf))
 		return PTR_ERR(btf);
+	if (!btf)
+		return -EINVAL;
 
 	ret = btf_find_by_name_kind(btf, name, kind);
 	/* ret is never zero, since btf_find_by_name_kind returns
@@ -6584,7 +6586,7 @@ static struct btf *btf_get_module_btf(const struct module *module)
 
 	if (!module) {
 		btf = bpf_get_btf_vmlinux();
-		if (!IS_ERR(btf))
+		if (!IS_ERR_OR_NULL(btf))
 			btf_get(btf);
 		return btf;
 	}
@@ -7180,6 +7182,8 @@ bpf_core_find_cands(struct bpf_core_ctx *ctx, u32 local_type_id)
 	main_btf = bpf_get_btf_vmlinux();
 	if (IS_ERR(main_btf))
 		return ERR_CAST(main_btf);
+	if (!main_btf)
+		return ERR_PTR(-EINVAL);
 
 	local_type = btf_type_by_id(local_btf, local_type_id);
 	if (!local_type)

net/core/bpf_sk_storage.c

@@ -405,6 +405,8 @@ static bool bpf_sk_storage_tracing_allowed(const struct bpf_prog *prog)
 	case BPF_TRACE_FENTRY:
 	case BPF_TRACE_FEXIT:
 		btf_vmlinux = bpf_get_btf_vmlinux();
+		if (IS_ERR_OR_NULL(btf_vmlinux))
+			return false;
 		btf_id = prog->aux->attach_btf_id;
 		t = btf_type_by_id(btf_vmlinux, btf_id);
 		tname = btf_name_by_offset(btf_vmlinux, t->name_off);