git.ipfire.org Git - thirdparty/kernel/linux.git/commitdiff

Eduard Zingerman says:

====================
bpf: copy BPF token from main program to subprograms

bpf_jit_subprogs() omits aux->token when it creates a struct
bpf_prog_aux instances for a subprograms.
This means that for programs loaded via BPF token (i.e., from a
non-init user namespace), subprograms fail the bpf_token_capable()
check in bpf_prog_kallsyms_add() and don't appear in /proc/kallsyms.
Which in-turn makes it impossible to freplace such subprograms.

Changelog:
v3 -> v4:
- check sysctl_set calls for errors (sashiko).
v2 -> v3:
- mark selftest as serial (sashiko).
v1 -> v2:
- target bpf-next tree (fixups.c) instead of bpf tree (verifier.c).

v1: https://lore.kernel.org/bpf/20260414-subprog-token-fix-v1-0-5b1a38e01546@gmail.com/T/
v2: https://lore.kernel.org/bpf/20260414-subprog-token-fix-v2-0-59146c31f6f1@gmail.com/T/
v3: https://lore.kernel.org/bpf/20260415-subprog-token-fix-v3-0-6fefe1d51646@gmail.com/T/
====================

Link: https://patch.msgid.link/20260415-subprog-token-fix-v4-0-9bd000e8b068@gmail.com
Signed-off-by: Alexei Starovoitov <ast@kernel.org>

Trivial merge

author	Alexei Starovoitov <ast@kernel.org>
	Wed, 15 Apr 2026 23:46:47 +0000 (16:46 -0700)
committer	Alexei Starovoitov <ast@kernel.org>
	Wed, 15 Apr 2026 23:46:55 +0000 (16:46 -0700)