DEBIAN-CVE-2024-58060

In the Linux kernel, the following vulnerability has been resolved: bpf: Reject structops registration that uses module ptr and the module btfid is missing There is a UAF report in the bpfstructops when CONFIGMODULES=n. In particular, the report is on tcpcongestionops that has a "struct module *owner" member. For structops that has a "struct module *owner" member, it can be extended either by the regular kernel module or by the bpfstructops. bpftrymoduleget() will be used to do the refcounting and different refcount is done based on the owner pointer. When CONFIGMODULES=n, the btfid of the "struct module" is missing: WARN: resolvebtfids: unresolved symbol module Thus, the bpftrymoduleget() cannot do the correct refcounting. Not all subsystem's structops requires the "struct module *owner" member. e.g. the recent schedextops. This patch is to disable bpfstructops registration if the structops has the "struct module *" member and the "struct module" btfid is missing. The btftypeisfwd() helper is moved to the btf.h header file for this test. This has happened since the beginning of bpfstructops which has gone through many changes. The Fixes tag is set to a recent commit that this patch can apply cleanly. Considering CONFIGMODULES=n is not common and the age of the issue, targeting for bpf-next also.