From: Sasha Levin Date: Mon, 25 Mar 2024 11:33:21 +0000 (-0400) Subject: Drop bpf-don-t-infer-ptr_to_ctx-for-programs-with-unnamed.patch X-Git-Tag: v6.8.2~19 X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=38cbad81bb2a7e199831e299187ee8ebd9db7085;p=thirdparty%2Fkernel%2Fstable-queue.git Drop bpf-don-t-infer-ptr_to_ctx-for-programs-with-unnamed.patch Signed-off-by: Sasha Levin --- diff --git a/queue-6.1/bpf-don-t-infer-ptr_to_ctx-for-programs-with-unnamed.patch b/queue-6.1/bpf-don-t-infer-ptr_to_ctx-for-programs-with-unnamed.patch deleted file mode 100644 index 0b344c95929..00000000000 --- a/queue-6.1/bpf-don-t-infer-ptr_to_ctx-for-programs-with-unnamed.patch +++ /dev/null @@ -1,97 +0,0 @@ -From 8e930f866ee3073886b5076e3eb35547c7566789 Mon Sep 17 00:00:00 2001 -From: Sasha Levin -Date: Mon, 12 Feb 2024 15:32:20 -0800 -Subject: bpf: don't infer PTR_TO_CTX for programs with unnamed context type - -From: Andrii Nakryiko - -[ Upstream commit 879bbe7aa4afa80acf72a1cad7f52416ea78c52d ] - -For program types that don't have named context type name (e.g., BPF -iterator programs or tracepoint programs), ctx_tname will be a non-NULL -empty string. For such programs it shouldn't be possible to have -PTR_TO_CTX argument for global subprogs based on type name alone. -arg:ctx tag is the only way to have PTR_TO_CTX passed into global -subprog for such program types. - -Fix this loophole, which currently would assume PTR_TO_CTX whenever -user uses a pointer to anonymous struct as an argument to their global -subprogs. This happens in practice with the following (quite common, in -practice) approach: - -typedef struct { /* anonymous */ - int x; -} my_type_t; - -int my_subprog(my_type_t *arg) { ... } - -User's intent is to have PTR_TO_MEM argument for `arg`, but verifier -will complain about expecting PTR_TO_CTX. - -This fix also closes unintended s390x-specific KPROBE handling of -PTR_TO_CTX case. Selftest change is necessary to accommodate this. - -Fixes: 91cc1a99740e ("bpf: Annotate context types") -Signed-off-by: Andrii Nakryiko -Link: https://lore.kernel.org/r/20240212233221.2575350-4-andrii@kernel.org -Signed-off-by: Alexei Starovoitov -Signed-off-by: Sasha Levin ---- - kernel/bpf/btf.c | 3 +++ - .../bpf/progs/test_global_func_ctx_args.c | 19 +++++++++++++++++++ - 2 files changed, 22 insertions(+) - -diff --git a/kernel/bpf/btf.c b/kernel/bpf/btf.c -index 7582ec4fd4131..73c36ff758b5e 100644 ---- a/kernel/bpf/btf.c -+++ b/kernel/bpf/btf.c -@@ -5135,6 +5135,9 @@ btf_get_prog_ctx_type(struct bpf_verifier_log *log, const struct btf *btf, - bpf_log(log, "Please fix kernel include/linux/bpf_types.h\n"); - return NULL; - } -+ /* program types without named context types work only with arg:ctx tag */ -+ if (ctx_tname[0] == '\0') -+ return false; - /* only compare that prog's ctx type name is the same as - * kernel expects. No need to compare field by field. - * It's ok for bpf prog to do: -diff --git a/tools/testing/selftests/bpf/progs/test_global_func_ctx_args.c b/tools/testing/selftests/bpf/progs/test_global_func_ctx_args.c -index 7faa8eef0598b..144d30e654ad2 100644 ---- a/tools/testing/selftests/bpf/progs/test_global_func_ctx_args.c -+++ b/tools/testing/selftests/bpf/progs/test_global_func_ctx_args.c -@@ -26,6 +26,23 @@ int kprobe_typedef_ctx(void *ctx) - return kprobe_typedef_ctx_subprog(ctx); - } - -+/* s390x defines: -+ * -+ * typedef user_pt_regs bpf_user_pt_regs_t; -+ * typedef struct { ... } user_pt_regs; -+ * -+ * And so "canonical" underlying struct type is anonymous. -+ * So on s390x only valid ways to have PTR_TO_CTX argument in global subprogs -+ * are: -+ * - bpf_user_pt_regs_t *ctx (typedef); -+ * - struct bpf_user_pt_regs_t *ctx (backwards compatible struct hack); -+ * - void *ctx __arg_ctx (arg:ctx tag) -+ * -+ * Other architectures also allow using underlying struct types (e.g., -+ * `struct pt_regs *ctx` for x86-64) -+ */ -+#ifndef bpf_target_s390 -+ - #define pt_regs_struct_t typeof(*(__PT_REGS_CAST((struct pt_regs *)NULL))) - - __weak int kprobe_struct_ctx_subprog(pt_regs_struct_t *ctx) -@@ -40,6 +57,8 @@ int kprobe_resolved_ctx(void *ctx) - return kprobe_struct_ctx_subprog(ctx); - } - -+#endif -+ - /* this is current hack to make this work on old kernels */ - struct bpf_user_pt_regs_t {}; - --- -2.43.0 - diff --git a/queue-6.1/series b/queue-6.1/series index 86180deabfb..059c69b1d71 100644 --- a/queue-6.1/series +++ b/queue-6.1/series @@ -146,7 +146,6 @@ arm64-dts-mediatek-mt7622-add-missing-device_type-to.patch bpf-mark-bpf_spin_-lock-unlock-helpers-with-notrace-.patch selftests-bpf-convert-test_global_funcs-test-to-test.patch selftests-bpf-add-global-subprog-context-passing-tes.patch -bpf-don-t-infer-ptr_to_ctx-for-programs-with-unnamed.patch arm-dts-qcom-msm8974-correct-qfprom-node-size.patch wifi-wilc1000-prevent-use-after-free-on-vif-when-cle.patch acpi-processor_idle-fix-memory-leak-in-acpi_processo.patch diff --git a/queue-6.6/bpf-don-t-infer-ptr_to_ctx-for-programs-with-unnamed.patch b/queue-6.6/bpf-don-t-infer-ptr_to_ctx-for-programs-with-unnamed.patch deleted file mode 100644 index 2c5b98e1b75..00000000000 --- a/queue-6.6/bpf-don-t-infer-ptr_to_ctx-for-programs-with-unnamed.patch +++ /dev/null @@ -1,97 +0,0 @@ -From 34fa3cc97610c729180fdda7dfca06d12be07591 Mon Sep 17 00:00:00 2001 -From: Sasha Levin -Date: Mon, 12 Feb 2024 15:32:20 -0800 -Subject: bpf: don't infer PTR_TO_CTX for programs with unnamed context type - -From: Andrii Nakryiko - -[ Upstream commit 879bbe7aa4afa80acf72a1cad7f52416ea78c52d ] - -For program types that don't have named context type name (e.g., BPF -iterator programs or tracepoint programs), ctx_tname will be a non-NULL -empty string. For such programs it shouldn't be possible to have -PTR_TO_CTX argument for global subprogs based on type name alone. -arg:ctx tag is the only way to have PTR_TO_CTX passed into global -subprog for such program types. - -Fix this loophole, which currently would assume PTR_TO_CTX whenever -user uses a pointer to anonymous struct as an argument to their global -subprogs. This happens in practice with the following (quite common, in -practice) approach: - -typedef struct { /* anonymous */ - int x; -} my_type_t; - -int my_subprog(my_type_t *arg) { ... } - -User's intent is to have PTR_TO_MEM argument for `arg`, but verifier -will complain about expecting PTR_TO_CTX. - -This fix also closes unintended s390x-specific KPROBE handling of -PTR_TO_CTX case. Selftest change is necessary to accommodate this. - -Fixes: 91cc1a99740e ("bpf: Annotate context types") -Signed-off-by: Andrii Nakryiko -Link: https://lore.kernel.org/r/20240212233221.2575350-4-andrii@kernel.org -Signed-off-by: Alexei Starovoitov -Signed-off-by: Sasha Levin ---- - kernel/bpf/btf.c | 3 +++ - .../bpf/progs/test_global_func_ctx_args.c | 19 +++++++++++++++++++ - 2 files changed, 22 insertions(+) - -diff --git a/kernel/bpf/btf.c b/kernel/bpf/btf.c -index a31704a6bb614..9445ae6a280e6 100644 ---- a/kernel/bpf/btf.c -+++ b/kernel/bpf/btf.c -@@ -5655,6 +5655,9 @@ btf_get_prog_ctx_type(struct bpf_verifier_log *log, const struct btf *btf, - bpf_log(log, "Please fix kernel include/linux/bpf_types.h\n"); - return NULL; - } -+ /* program types without named context types work only with arg:ctx tag */ -+ if (ctx_tname[0] == '\0') -+ return false; - /* only compare that prog's ctx type name is the same as - * kernel expects. No need to compare field by field. - * It's ok for bpf prog to do: -diff --git a/tools/testing/selftests/bpf/progs/test_global_func_ctx_args.c b/tools/testing/selftests/bpf/progs/test_global_func_ctx_args.c -index 7faa8eef0598b..144d30e654ad2 100644 ---- a/tools/testing/selftests/bpf/progs/test_global_func_ctx_args.c -+++ b/tools/testing/selftests/bpf/progs/test_global_func_ctx_args.c -@@ -26,6 +26,23 @@ int kprobe_typedef_ctx(void *ctx) - return kprobe_typedef_ctx_subprog(ctx); - } - -+/* s390x defines: -+ * -+ * typedef user_pt_regs bpf_user_pt_regs_t; -+ * typedef struct { ... } user_pt_regs; -+ * -+ * And so "canonical" underlying struct type is anonymous. -+ * So on s390x only valid ways to have PTR_TO_CTX argument in global subprogs -+ * are: -+ * - bpf_user_pt_regs_t *ctx (typedef); -+ * - struct bpf_user_pt_regs_t *ctx (backwards compatible struct hack); -+ * - void *ctx __arg_ctx (arg:ctx tag) -+ * -+ * Other architectures also allow using underlying struct types (e.g., -+ * `struct pt_regs *ctx` for x86-64) -+ */ -+#ifndef bpf_target_s390 -+ - #define pt_regs_struct_t typeof(*(__PT_REGS_CAST((struct pt_regs *)NULL))) - - __weak int kprobe_struct_ctx_subprog(pt_regs_struct_t *ctx) -@@ -40,6 +57,8 @@ int kprobe_resolved_ctx(void *ctx) - return kprobe_struct_ctx_subprog(ctx); - } - -+#endif -+ - /* this is current hack to make this work on old kernels */ - struct bpf_user_pt_regs_t {}; - --- -2.43.0 - diff --git a/queue-6.6/series b/queue-6.6/series index 3815d2895ba..563d35ba9aa 100644 --- a/queue-6.6/series +++ b/queue-6.6/series @@ -215,7 +215,6 @@ arm64-dts-mediatek-mt7622-add-missing-device_type-to.patch can-m_can-start-cancel-polling-timer-together-with-i.patch wifi-iwlwifi-mvm-fix-the-listener-mac-filter-flags.patch bpf-mark-bpf_spin_-lock-unlock-helpers-with-notrace-.patch -bpf-don-t-infer-ptr_to_ctx-for-programs-with-unnamed.patch arm64-dts-qcom-sdm845-use-the-low-power-island-cx-mx.patch soc-qcom-llcc-check-return-value-on-broadcast_or-reg.patch arm-dts-qcom-msm8974-correct-qfprom-node-size.patch diff --git a/queue-6.7/bpf-don-t-infer-ptr_to_ctx-for-programs-with-unnamed.patch b/queue-6.7/bpf-don-t-infer-ptr_to_ctx-for-programs-with-unnamed.patch deleted file mode 100644 index f9c214b67dc..00000000000 --- a/queue-6.7/bpf-don-t-infer-ptr_to_ctx-for-programs-with-unnamed.patch +++ /dev/null @@ -1,97 +0,0 @@ -From 5013c2c5921beb2f41236cae43d5b62bd2a9c61d Mon Sep 17 00:00:00 2001 -From: Sasha Levin -Date: Mon, 12 Feb 2024 15:32:20 -0800 -Subject: bpf: don't infer PTR_TO_CTX for programs with unnamed context type - -From: Andrii Nakryiko - -[ Upstream commit 879bbe7aa4afa80acf72a1cad7f52416ea78c52d ] - -For program types that don't have named context type name (e.g., BPF -iterator programs or tracepoint programs), ctx_tname will be a non-NULL -empty string. For such programs it shouldn't be possible to have -PTR_TO_CTX argument for global subprogs based on type name alone. -arg:ctx tag is the only way to have PTR_TO_CTX passed into global -subprog for such program types. - -Fix this loophole, which currently would assume PTR_TO_CTX whenever -user uses a pointer to anonymous struct as an argument to their global -subprogs. This happens in practice with the following (quite common, in -practice) approach: - -typedef struct { /* anonymous */ - int x; -} my_type_t; - -int my_subprog(my_type_t *arg) { ... } - -User's intent is to have PTR_TO_MEM argument for `arg`, but verifier -will complain about expecting PTR_TO_CTX. - -This fix also closes unintended s390x-specific KPROBE handling of -PTR_TO_CTX case. Selftest change is necessary to accommodate this. - -Fixes: 91cc1a99740e ("bpf: Annotate context types") -Signed-off-by: Andrii Nakryiko -Link: https://lore.kernel.org/r/20240212233221.2575350-4-andrii@kernel.org -Signed-off-by: Alexei Starovoitov -Signed-off-by: Sasha Levin ---- - kernel/bpf/btf.c | 3 +++ - .../bpf/progs/test_global_func_ctx_args.c | 19 +++++++++++++++++++ - 2 files changed, 22 insertions(+) - -diff --git a/kernel/bpf/btf.c b/kernel/bpf/btf.c -index 15d71d2986d3a..a17da40f65d31 100644 ---- a/kernel/bpf/btf.c -+++ b/kernel/bpf/btf.c -@@ -5665,6 +5665,9 @@ btf_get_prog_ctx_type(struct bpf_verifier_log *log, const struct btf *btf, - bpf_log(log, "Please fix kernel include/linux/bpf_types.h\n"); - return NULL; - } -+ /* program types without named context types work only with arg:ctx tag */ -+ if (ctx_tname[0] == '\0') -+ return false; - /* only compare that prog's ctx type name is the same as - * kernel expects. No need to compare field by field. - * It's ok for bpf prog to do: -diff --git a/tools/testing/selftests/bpf/progs/test_global_func_ctx_args.c b/tools/testing/selftests/bpf/progs/test_global_func_ctx_args.c -index 7faa8eef0598b..144d30e654ad2 100644 ---- a/tools/testing/selftests/bpf/progs/test_global_func_ctx_args.c -+++ b/tools/testing/selftests/bpf/progs/test_global_func_ctx_args.c -@@ -26,6 +26,23 @@ int kprobe_typedef_ctx(void *ctx) - return kprobe_typedef_ctx_subprog(ctx); - } - -+/* s390x defines: -+ * -+ * typedef user_pt_regs bpf_user_pt_regs_t; -+ * typedef struct { ... } user_pt_regs; -+ * -+ * And so "canonical" underlying struct type is anonymous. -+ * So on s390x only valid ways to have PTR_TO_CTX argument in global subprogs -+ * are: -+ * - bpf_user_pt_regs_t *ctx (typedef); -+ * - struct bpf_user_pt_regs_t *ctx (backwards compatible struct hack); -+ * - void *ctx __arg_ctx (arg:ctx tag) -+ * -+ * Other architectures also allow using underlying struct types (e.g., -+ * `struct pt_regs *ctx` for x86-64) -+ */ -+#ifndef bpf_target_s390 -+ - #define pt_regs_struct_t typeof(*(__PT_REGS_CAST((struct pt_regs *)NULL))) - - __weak int kprobe_struct_ctx_subprog(pt_regs_struct_t *ctx) -@@ -40,6 +57,8 @@ int kprobe_resolved_ctx(void *ctx) - return kprobe_struct_ctx_subprog(ctx); - } - -+#endif -+ - /* this is current hack to make this work on old kernels */ - struct bpf_user_pt_regs_t {}; - --- -2.43.0 - diff --git a/queue-6.7/series b/queue-6.7/series index e8edd2f7e23..98739579a2c 100644 --- a/queue-6.7/series +++ b/queue-6.7/series @@ -247,7 +247,6 @@ arm64-dts-mediatek-mt7622-add-missing-device_type-to.patch can-m_can-start-cancel-polling-timer-together-with-i.patch wifi-iwlwifi-mvm-fix-the-listener-mac-filter-flags.patch bpf-mark-bpf_spin_-lock-unlock-helpers-with-notrace-.patch -bpf-don-t-infer-ptr_to_ctx-for-programs-with-unnamed.patch arm64-dts-qcom-sdm845-use-the-low-power-island-cx-mx.patch soc-qcom-llcc-check-return-value-on-broadcast_or-reg.patch arm-dts-qcom-msm8974-correct-qfprom-node-size.patch diff --git a/queue-6.8/bpf-don-t-infer-ptr_to_ctx-for-programs-with-unnamed.patch b/queue-6.8/bpf-don-t-infer-ptr_to_ctx-for-programs-with-unnamed.patch deleted file mode 100644 index 8b58d992ea7..00000000000 --- a/queue-6.8/bpf-don-t-infer-ptr_to_ctx-for-programs-with-unnamed.patch +++ /dev/null @@ -1,97 +0,0 @@ -From 29668686ac3ffbfd5114dac1bb2a4c52cf87dc12 Mon Sep 17 00:00:00 2001 -From: Sasha Levin -Date: Mon, 12 Feb 2024 15:32:20 -0800 -Subject: bpf: don't infer PTR_TO_CTX for programs with unnamed context type - -From: Andrii Nakryiko - -[ Upstream commit 879bbe7aa4afa80acf72a1cad7f52416ea78c52d ] - -For program types that don't have named context type name (e.g., BPF -iterator programs or tracepoint programs), ctx_tname will be a non-NULL -empty string. For such programs it shouldn't be possible to have -PTR_TO_CTX argument for global subprogs based on type name alone. -arg:ctx tag is the only way to have PTR_TO_CTX passed into global -subprog for such program types. - -Fix this loophole, which currently would assume PTR_TO_CTX whenever -user uses a pointer to anonymous struct as an argument to their global -subprogs. This happens in practice with the following (quite common, in -practice) approach: - -typedef struct { /* anonymous */ - int x; -} my_type_t; - -int my_subprog(my_type_t *arg) { ... } - -User's intent is to have PTR_TO_MEM argument for `arg`, but verifier -will complain about expecting PTR_TO_CTX. - -This fix also closes unintended s390x-specific KPROBE handling of -PTR_TO_CTX case. Selftest change is necessary to accommodate this. - -Fixes: 91cc1a99740e ("bpf: Annotate context types") -Signed-off-by: Andrii Nakryiko -Link: https://lore.kernel.org/r/20240212233221.2575350-4-andrii@kernel.org -Signed-off-by: Alexei Starovoitov -Signed-off-by: Sasha Levin ---- - kernel/bpf/btf.c | 3 +++ - .../bpf/progs/test_global_func_ctx_args.c | 19 +++++++++++++++++++ - 2 files changed, 22 insertions(+) - -diff --git a/kernel/bpf/btf.c b/kernel/bpf/btf.c -index 92aa3cf0396b8..9041848cf1a1b 100644 ---- a/kernel/bpf/btf.c -+++ b/kernel/bpf/btf.c -@@ -5685,6 +5685,9 @@ btf_get_prog_ctx_type(struct bpf_verifier_log *log, const struct btf *btf, - bpf_log(log, "Please fix kernel include/linux/bpf_types.h\n"); - return NULL; - } -+ /* program types without named context types work only with arg:ctx tag */ -+ if (ctx_tname[0] == '\0') -+ return false; - /* only compare that prog's ctx type name is the same as - * kernel expects. No need to compare field by field. - * It's ok for bpf prog to do: -diff --git a/tools/testing/selftests/bpf/progs/test_global_func_ctx_args.c b/tools/testing/selftests/bpf/progs/test_global_func_ctx_args.c -index 9a06e5eb1fbef..143c8a4852bfe 100644 ---- a/tools/testing/selftests/bpf/progs/test_global_func_ctx_args.c -+++ b/tools/testing/selftests/bpf/progs/test_global_func_ctx_args.c -@@ -26,6 +26,23 @@ int kprobe_typedef_ctx(void *ctx) - return kprobe_typedef_ctx_subprog(ctx); - } - -+/* s390x defines: -+ * -+ * typedef user_pt_regs bpf_user_pt_regs_t; -+ * typedef struct { ... } user_pt_regs; -+ * -+ * And so "canonical" underlying struct type is anonymous. -+ * So on s390x only valid ways to have PTR_TO_CTX argument in global subprogs -+ * are: -+ * - bpf_user_pt_regs_t *ctx (typedef); -+ * - struct bpf_user_pt_regs_t *ctx (backwards compatible struct hack); -+ * - void *ctx __arg_ctx (arg:ctx tag) -+ * -+ * Other architectures also allow using underlying struct types (e.g., -+ * `struct pt_regs *ctx` for x86-64) -+ */ -+#ifndef bpf_target_s390 -+ - #define pt_regs_struct_t typeof(*(__PT_REGS_CAST((struct pt_regs *)NULL))) - - __weak int kprobe_struct_ctx_subprog(pt_regs_struct_t *ctx) -@@ -40,6 +57,8 @@ int kprobe_resolved_ctx(void *ctx) - return kprobe_struct_ctx_subprog(ctx); - } - -+#endif -+ - /* this is current hack to make this work on old kernels */ - struct bpf_user_pt_regs_t {}; - --- -2.43.0 - diff --git a/queue-6.8/series b/queue-6.8/series index 6a63834cc3b..efd8c8c07b3 100644 --- a/queue-6.8/series +++ b/queue-6.8/series @@ -193,7 +193,6 @@ arm64-dts-mediatek-mt7622-add-missing-device_type-to.patch can-m_can-start-cancel-polling-timer-together-with-i.patch wifi-iwlwifi-mvm-fix-the-listener-mac-filter-flags.patch bpf-mark-bpf_spin_-lock-unlock-helpers-with-notrace-.patch -bpf-don-t-infer-ptr_to_ctx-for-programs-with-unnamed.patch arm64-dts-qcom-sdm845-use-the-low-power-island-cx-mx.patch soc-qcom-llcc-check-return-value-on-broadcast_or-reg.patch arm-dts-qcom-msm8974-correct-qfprom-node-size.patch