From: Greg Kroah-Hartman Date: Thu, 29 Jun 2023 11:31:37 +0000 (+0200) Subject: 5.15-stable patches X-Git-Tag: v6.4.1~30 X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=43ee011dea9e39370054e8a119bff61ba72984db;p=thirdparty%2Fkernel%2Fstable-queue.git 5.15-stable patches added patches: bpf-ensure-main-program-has-an-extable.patch --- diff --git a/queue-5.15/bpf-ensure-main-program-has-an-extable.patch b/queue-5.15/bpf-ensure-main-program-has-an-extable.patch new file mode 100644 index 00000000000..eb0d9c15e02 --- /dev/null +++ b/queue-5.15/bpf-ensure-main-program-has-an-extable.patch @@ -0,0 +1,64 @@ +From 0108a4e9f3584a7a2c026d1601b0682ff7335d95 Mon Sep 17 00:00:00 2001 +From: Krister Johansen +Date: Mon, 12 Jun 2023 17:44:40 -0700 +Subject: bpf: ensure main program has an extable + +From: Krister Johansen + +commit 0108a4e9f3584a7a2c026d1601b0682ff7335d95 upstream. + +When subprograms are in use, the main program is not jit'd after the +subprograms because jit_subprogs sets a value for prog->bpf_func upon +success. Subsequent calls to the JIT are bypassed when this value is +non-NULL. This leads to a situation where the main program and its +func[0] counterpart are both in the bpf kallsyms tree, but only func[0] +has an extable. Extables are only created during JIT. Now there are +two nearly identical program ksym entries in the tree, but only one has +an extable. Depending upon how the entries are placed, there's a chance +that a fault will call search_extable on the aux with the NULL entry. + +Since jit_subprogs already copies state from func[0] to the main +program, include the extable pointer in this state duplication. +Additionally, ensure that the copy of the main program in func[0] is not +added to the bpf_prog_kallsyms table. Instead, let the main program get +added later in bpf_prog_load(). This ensures there is only a single +copy of the main program in the kallsyms table, and that its tag matches +the tag observed by tooling like bpftool. + +Cc: stable@vger.kernel.org +Fixes: 1c2a088a6626 ("bpf: x64: add JIT support for multi-function programs") +Signed-off-by: Krister Johansen +Acked-by: Yonghong Song +Acked-by: Ilya Leoshkevich +Tested-by: Ilya Leoshkevich +Link: https://lore.kernel.org/r/6de9b2f4b4724ef56efbb0339daaa66c8b68b1e7.1686616663.git.kjlx@templeofstupid.com +Signed-off-by: Alexei Starovoitov +Signed-off-by: Greg Kroah-Hartman +--- + kernel/bpf/verifier.c | 7 +++++-- + 1 file changed, 5 insertions(+), 2 deletions(-) + +--- a/kernel/bpf/verifier.c ++++ b/kernel/bpf/verifier.c +@@ -12588,9 +12588,10 @@ static int jit_subprogs(struct bpf_verif + } + + /* finally lock prog and jit images for all functions and +- * populate kallsysm ++ * populate kallsysm. Begin at the first subprogram, since ++ * bpf_prog_load will add the kallsyms for the main program. + */ +- for (i = 0; i < env->subprog_cnt; i++) { ++ for (i = 1; i < env->subprog_cnt; i++) { + bpf_prog_lock_ro(func[i]); + bpf_prog_kallsyms_add(func[i]); + } +@@ -12615,6 +12616,8 @@ static int jit_subprogs(struct bpf_verif + + prog->jited = 1; + prog->bpf_func = func[0]->bpf_func; ++ prog->aux->extable = func[0]->aux->extable; ++ prog->aux->num_exentries = func[0]->aux->num_exentries; + prog->aux->func = func; + prog->aux->func_cnt = env->subprog_cnt; + bpf_prog_jit_attempt_done(prog); diff --git a/queue-5.15/series b/queue-5.15/series index 2bf53fbaa32..15a4b334364 100644 --- a/queue-5.15/series +++ b/queue-5.15/series @@ -6,3 +6,4 @@ drm-amdgpu-set-vmbo-destroy-after-pt-bo-is-created.patch x86-microcode-amd-load-late-on-both-threads-too.patch x86-smp-use-dedicated-cache-line-for-mwait_play_dead.patch can-isotp-isotp_sendmsg-fix-return-error-fix-on-tx-path.patch +bpf-ensure-main-program-has-an-extable.patch