From a5f486494e44f7b71773c62b36b5c49c0104c14a Mon Sep 17 00:00:00 2001
From: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Date: Thu, 23 Jun 2022 18:14:25 +0200
Subject: [PATCH] 5.15-stable patches

added patches:
	bpf-fix-calling-global-functions-from-bpf_prog_type_ext-programs.patch
	selftests-bpf-add-selftest-for-calling-global-functions-from-freplace.patch
---
 ...ions-from-bpf_prog_type_ext-programs.patch | 66 +++++++++++++++
 ...lling-global-functions-from-freplace.patch | 83 +++++++++++++++++++
 queue-5.15/series                             |  2 +
 3 files changed, 151 insertions(+)
 create mode 100644 queue-5.15/bpf-fix-calling-global-functions-from-bpf_prog_type_ext-programs.patch
 create mode 100644 queue-5.15/selftests-bpf-add-selftest-for-calling-global-functions-from-freplace.patch

diff --git a/queue-5.15/bpf-fix-calling-global-functions-from-bpf_prog_type_ext-programs.patch b/queue-5.15/bpf-fix-calling-global-functions-from-bpf_prog_type_ext-programs.patch
new file mode 100644
index 00000000000..61b49ccc7ca
--- /dev/null
+++ b/queue-5.15/bpf-fix-calling-global-functions-from-bpf_prog_type_ext-programs.patch
@@ -0,0 +1,66 @@
+From f858c2b2ca04fc7ead291821a793638ae120c11d Mon Sep 17 00:00:00 2001
+From: =?UTF-8?q?Toke=20H=C3=B8iland-J=C3=B8rgensen?= <toke@redhat.com>
+Date: Mon, 6 Jun 2022 09:52:51 +0200
+Subject: bpf: Fix calling global functions from BPF_PROG_TYPE_EXT programs
+MIME-Version: 1.0
+Content-Type: text/plain; charset=UTF-8
+Content-Transfer-Encoding: 8bit
+
+From: Toke HÃ¸iland-JÃ¸rgensen <toke@redhat.com>
+
+commit f858c2b2ca04fc7ead291821a793638ae120c11d upstream.
+
+The verifier allows programs to call global functions as long as their
+argument types match, using BTF to check the function arguments. One of the
+allowed argument types to such global functions is PTR_TO_CTX; however the
+check for this fails on BPF_PROG_TYPE_EXT functions because the verifier
+uses the wrong type to fetch the vmlinux BTF ID for the program context
+type. This failure is seen when an XDP program is loaded using
+libxdp (which loads it as BPF_PROG_TYPE_EXT and attaches it to a global XDP
+type program).
+
+Fix the issue by passing in the target program type instead of the
+BPF_PROG_TYPE_EXT type to bpf_prog_get_ctx() when checking function
+argument compatibility.
+
+The first Fixes tag refers to the latest commit that touched the code in
+question, while the second one points to the code that first introduced
+the global function call verification.
+
+v2:
+- Use resolve_prog_type()
+
+Fixes: 3363bd0cfbb8 ("bpf: Extend kfunc with PTR_TO_CTX, PTR_TO_MEM argument support")
+Fixes: 51c39bb1d5d1 ("bpf: Introduce function-by-function verification")
+Reported-by: Simon Sundberg <simon.sundberg@kau.se>
+Signed-off-by: Toke HÃ¸iland-JÃ¸rgensen <toke@redhat.com>
+Link: https://lore.kernel.org/r/20220606075253.28422-1-toke@redhat.com
+Signed-off-by: Alexei Starovoitov <ast@kernel.org>
+[ backport: open-code missing resolve_prog_type() helper, resolve context diff ]
+Signed-off-by: Toke HÃ¸iland-JÃ¸rgensen <toke@redhat.com>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+---
+ kernel/bpf/btf.c |    5 +++--
+ 1 file changed, 3 insertions(+), 2 deletions(-)
+
+--- a/kernel/bpf/btf.c
++++ b/kernel/bpf/btf.c
+@@ -5441,6 +5441,8 @@ static int btf_check_func_arg_match(stru
+ 				    struct bpf_reg_state *regs,
+ 				    bool ptr_to_mem_ok)
+ {
++	enum bpf_prog_type prog_type = env->prog->type == BPF_PROG_TYPE_EXT ?
++		env->prog->aux->dst_prog->type : env->prog->type;
+ 	struct bpf_verifier_log *log = &env->log;
+ 	const char *func_name, *ref_tname;
+ 	const struct btf_type *t, *ref_t;
+@@ -5533,8 +5535,7 @@ static int btf_check_func_arg_match(stru
+ 					reg_ref_tname);
+ 				return -EINVAL;
+ 			}
+-		} else if (btf_get_prog_ctx_type(log, btf, t,
+-						 env->prog->type, i)) {
++		} else if (btf_get_prog_ctx_type(log, btf, t, prog_type, i)) {
+ 			/* If function expects ctx type in BTF check that caller
+ 			 * is passing PTR_TO_CTX.
+ 			 */
diff --git a/queue-5.15/selftests-bpf-add-selftest-for-calling-global-functions-from-freplace.patch b/queue-5.15/selftests-bpf-add-selftest-for-calling-global-functions-from-freplace.patch
new file mode 100644
index 00000000000..15b0963349d
--- /dev/null
+++ b/queue-5.15/selftests-bpf-add-selftest-for-calling-global-functions-from-freplace.patch
@@ -0,0 +1,83 @@
+From 2cf7b7ffdae519b284f1406012b52e2282fa36bf Mon Sep 17 00:00:00 2001
+From: =?UTF-8?q?Toke=20H=C3=B8iland-J=C3=B8rgensen?= <toke@redhat.com>
+Date: Mon, 6 Jun 2022 09:52:52 +0200
+Subject: selftests/bpf: Add selftest for calling global functions from freplace
+MIME-Version: 1.0
+Content-Type: text/plain; charset=UTF-8
+Content-Transfer-Encoding: 8bit
+
+From: Toke HÃ¸iland-JÃ¸rgensen <toke@redhat.com>
+
+commit 2cf7b7ffdae519b284f1406012b52e2282fa36bf upstream.
+
+Add a selftest that calls a global function with a context object parameter
+from an freplace function to check that the program context type is
+correctly converted to the freplace target when fetching the context type
+from the kernel BTF.
+
+v2:
+- Trim includes
+- Get rid of global function
+- Use __noinline
+
+Signed-off-by: Toke HÃ¸iland-JÃ¸rgensen <toke@redhat.com>
+Link: https://lore.kernel.org/r/20220606075253.28422-2-toke@redhat.com
+Signed-off-by: Alexei Starovoitov <ast@kernel.org>
+[ backport: fix conflict because tests were not serialised ]
+Signed-off-by: Toke HÃ¸iland-JÃ¸rgensen <toke@redhat.com>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+---
+ tools/testing/selftests/bpf/prog_tests/fexit_bpf2bpf.c   |   14 +++++++++++
+ tools/testing/selftests/bpf/progs/freplace_global_func.c |   18 +++++++++++++++
+ 2 files changed, 32 insertions(+)
+ create mode 100644 tools/testing/selftests/bpf/progs/freplace_global_func.c
+
+--- a/tools/testing/selftests/bpf/prog_tests/fexit_bpf2bpf.c
++++ b/tools/testing/selftests/bpf/prog_tests/fexit_bpf2bpf.c
+@@ -371,6 +371,18 @@ static void test_func_map_prog_compatibi
+ 				     "./test_attach_probe.o");
+ }
+ 
++static void test_func_replace_global_func(void)
++{
++	const char *prog_name[] = {
++		"freplace/test_pkt_access",
++	};
++
++	test_fexit_bpf2bpf_common("./freplace_global_func.o",
++				  "./test_pkt_access.o",
++				  ARRAY_SIZE(prog_name),
++				  prog_name, false, NULL);
++}
++
+ void test_fexit_bpf2bpf(void)
+ {
+ 	if (test__start_subtest("target_no_callees"))
+@@ -391,4 +403,6 @@ void test_fexit_bpf2bpf(void)
+ 		test_func_replace_multi();
+ 	if (test__start_subtest("fmod_ret_freplace"))
+ 		test_fmod_ret_freplace();
++	if (test__start_subtest("func_replace_global_func"))
++		test_func_replace_global_func();
+ }
+--- /dev/null
++++ b/tools/testing/selftests/bpf/progs/freplace_global_func.c
+@@ -0,0 +1,18 @@
++// SPDX-License-Identifier: GPL-2.0
++#include <linux/bpf.h>
++#include <bpf/bpf_helpers.h>
++
++__noinline
++int test_ctx_global_func(struct __sk_buff *skb)
++{
++	volatile int retval = 1;
++	return retval;
++}
++
++SEC("freplace/test_pkt_access")
++int new_test_pkt_access(struct __sk_buff *skb)
++{
++	return test_ctx_global_func(skb);
++}
++
++char _license[] SEC("license") = "GPL";
diff --git a/queue-5.15/series b/queue-5.15/series
index 322fcbda834..e3f5c693230 100644
--- a/queue-5.15/series
+++ b/queue-5.15/series
@@ -3,3 +3,5 @@ drm-amd-display-don-t-reinitialize-dmcub-on-s0ix-resume.patch
 net-mana-add-handling-of-cqe_rx_truncated.patch
 zonefs-fix-zonefs_iomap_begin-for-reads.patch
 usb-gadget-u_ether-fix-regression-in-setting-fixed-mac-address.patch
+bpf-fix-calling-global-functions-from-bpf_prog_type_ext-programs.patch
+selftests-bpf-add-selftest-for-calling-global-functions-from-freplace.patch
-- 
2.47.3