5.6-stable patches

added patches:
	bpf-add-bpf_probe_read_-user-kernel-_str-to-do_refine_retval_range.patch
	bpf-restrict-bpf_probe_read-str-only-to-archs-where-they-work.patch

diff --git a/queue-5.6/bpf-add-bpf_probe_read_-user-kernel-_str-to-do_refine_retval_range.patch b/queue-5.6/bpf-add-bpf_probe_read_-user-kernel-_str-to-do_refine_retval_range.patch
new file mode 100644 (file)
index 0000000..95ade8d
--- /dev/null
+++ b/queue-5.6/bpf-add-bpf_probe_read_-user-kernel-_str-to-do_refine_retval_range.patch
@@ -0,0 +1,39 @@
+From 47cc0ed574abcbbde0cf143ddb21a0baed1aa2df Mon Sep 17 00:00:00 2001
+From: Daniel Borkmann <daniel@iogearbox.net>
+Date: Fri, 15 May 2020 12:11:17 +0200
+Subject: bpf: Add bpf_probe_read_{user, kernel}_str() to do_refine_retval_range
+
+From: Daniel Borkmann <daniel@iogearbox.net>
+
+commit 47cc0ed574abcbbde0cf143ddb21a0baed1aa2df upstream.
+
+Given bpf_probe_read{,str}() BPF helpers are now only available under
+CONFIG_ARCH_HAS_NON_OVERLAPPING_ADDRESS_SPACE, we need to add the drop-in
+replacements of bpf_probe_read_{kernel,user}_str() to do_refine_retval_range()
+as well to avoid hitting the same issue as in 849fa50662fbc ("bpf/verifier:
+refine retval R0 state for bpf_get_stack helper").
+
+Signed-off-by: Daniel Borkmann <daniel@iogearbox.net>
+Signed-off-by: Alexei Starovoitov <ast@kernel.org>
+Acked-by: John Fastabend <john.fastabend@gmail.com>
+Acked-by: Yonghong Song <yhs@fb.com>
+Link: https://lore.kernel.org/bpf/20200515101118.6508-3-daniel@iogearbox.net
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+
+---
+ kernel/bpf/verifier.c |    4 +++-
+ 1 file changed, 3 insertions(+), 1 deletion(-)
+
+--- a/kernel/bpf/verifier.c
++++ b/kernel/bpf/verifier.c
+@@ -4113,7 +4113,9 @@ static int do_refine_retval_range(struct
+ 
+       if (ret_type != RET_INTEGER ||
+           (func_id != BPF_FUNC_get_stack &&
+-           func_id != BPF_FUNC_probe_read_str))
++           func_id != BPF_FUNC_probe_read_str &&
++           func_id != BPF_FUNC_probe_read_kernel_str &&
++           func_id != BPF_FUNC_probe_read_user_str))
+               return 0;
+ 
+       /* Error case where ret is in interval [S32MIN, -1]. */

diff --git a/queue-5.6/bpf-restrict-bpf_probe_read-str-only-to-archs-where-they-work.patch b/queue-5.6/bpf-restrict-bpf_probe_read-str-only-to-archs-where-they-work.patch
new file mode 100644 (file)
index 0000000..ebe2fa1
--- /dev/null
+++ b/queue-5.6/bpf-restrict-bpf_probe_read-str-only-to-archs-where-they-work.patch
@@ -0,0 +1,114 @@
+From 0ebeea8ca8a4d1d453ad299aef0507dab04f6e8d Mon Sep 17 00:00:00 2001
+From: Daniel Borkmann <daniel@iogearbox.net>
+Date: Fri, 15 May 2020 12:11:16 +0200
+Subject: bpf: Restrict bpf_probe_read{, str}() only to archs where they work
+
+From: Daniel Borkmann <daniel@iogearbox.net>
+
+commit 0ebeea8ca8a4d1d453ad299aef0507dab04f6e8d upstream.
+
+Given the legacy bpf_probe_read{,str}() BPF helpers are broken on archs
+with overlapping address ranges, we should really take the next step to
+disable them from BPF use there.
+
+To generally fix the situation, we've recently added new helper variants
+bpf_probe_read_{user,kernel}() and bpf_probe_read_{user,kernel}_str().
+For details on them, see 6ae08ae3dea2 ("bpf: Add probe_read_{user, kernel}
+and probe_read_{user,kernel}_str helpers").
+
+Given bpf_probe_read{,str}() have been around for ~5 years by now, there
+are plenty of users at least on x86 still relying on them today, so we
+cannot remove them entirely w/o breaking the BPF tracing ecosystem.
+
+However, their use should be restricted to archs with non-overlapping
+address ranges where they are working in their current form. Therefore,
+move this behind a CONFIG_ARCH_HAS_NON_OVERLAPPING_ADDRESS_SPACE and
+have x86, arm64, arm select it (other archs supporting it can follow-up
+on it as well).
+
+For the remaining archs, they can workaround easily by relying on the
+feature probe from bpftool which spills out defines that can be used out
+of BPF C code to implement the drop-in replacement for old/new kernels
+via: bpftool feature probe macro
+
+Suggested-by: Linus Torvalds <torvalds@linux-foundation.org>
+Signed-off-by: Daniel Borkmann <daniel@iogearbox.net>
+Signed-off-by: Alexei Starovoitov <ast@kernel.org>
+Reviewed-by: Masami Hiramatsu <mhiramat@kernel.org>
+Acked-by: Linus Torvalds <torvalds@linux-foundation.org>
+Cc: Brendan Gregg <brendan.d.gregg@gmail.com>
+Cc: Christoph Hellwig <hch@lst.de>
+Link: https://lore.kernel.org/bpf/20200515101118.6508-2-daniel@iogearbox.net
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+
+---
+ arch/arm/Kconfig         |    1 +
+ arch/arm64/Kconfig       |    1 +
+ arch/x86/Kconfig         |    1 +
+ init/Kconfig             |    3 +++
+ kernel/trace/bpf_trace.c |    6 ++++--
+ 5 files changed, 10 insertions(+), 2 deletions(-)
+
+--- a/arch/arm/Kconfig
++++ b/arch/arm/Kconfig
+@@ -13,6 +13,7 @@ config ARM
+       select ARCH_HAS_KEEPINITRD
+       select ARCH_HAS_KCOV
+       select ARCH_HAS_MEMBARRIER_SYNC_CORE
++      select ARCH_HAS_NON_OVERLAPPING_ADDRESS_SPACE
+       select ARCH_HAS_PTE_SPECIAL if ARM_LPAE
+       select ARCH_HAS_PHYS_TO_DMA
+       select ARCH_HAS_SETUP_DMA_OPS
+--- a/arch/arm64/Kconfig
++++ b/arch/arm64/Kconfig
+@@ -21,6 +21,7 @@ config ARM64
+       select ARCH_HAS_KCOV
+       select ARCH_HAS_KEEPINITRD
+       select ARCH_HAS_MEMBARRIER_SYNC_CORE
++      select ARCH_HAS_NON_OVERLAPPING_ADDRESS_SPACE
+       select ARCH_HAS_PTE_DEVMAP
+       select ARCH_HAS_PTE_SPECIAL
+       select ARCH_HAS_SETUP_DMA_OPS
+--- a/arch/x86/Kconfig
++++ b/arch/x86/Kconfig
+@@ -70,6 +70,7 @@ config X86
+       select ARCH_HAS_KCOV                    if X86_64
+       select ARCH_HAS_MEM_ENCRYPT
+       select ARCH_HAS_MEMBARRIER_SYNC_CORE
++      select ARCH_HAS_NON_OVERLAPPING_ADDRESS_SPACE
+       select ARCH_HAS_PMEM_API                if X86_64
+       select ARCH_HAS_PTE_DEVMAP              if X86_64
+       select ARCH_HAS_PTE_SPECIAL
+--- a/init/Kconfig
++++ b/init/Kconfig
+@@ -2223,6 +2223,9 @@ config ASN1
+ 
+ source "kernel/Kconfig.locks"
+ 
++config ARCH_HAS_NON_OVERLAPPING_ADDRESS_SPACE
++      bool
++
+ config ARCH_HAS_SYNC_CORE_BEFORE_USERMODE
+       bool
+ 
+--- a/kernel/trace/bpf_trace.c
++++ b/kernel/trace/bpf_trace.c
+@@ -857,14 +857,16 @@ tracing_func_proto(enum bpf_func_id func
+               return &bpf_probe_read_user_proto;
+       case BPF_FUNC_probe_read_kernel:
+               return &bpf_probe_read_kernel_proto;
+-      case BPF_FUNC_probe_read:
+-              return &bpf_probe_read_compat_proto;
+       case BPF_FUNC_probe_read_user_str:
+               return &bpf_probe_read_user_str_proto;
+       case BPF_FUNC_probe_read_kernel_str:
+               return &bpf_probe_read_kernel_str_proto;
++#ifdef CONFIG_ARCH_HAS_NON_OVERLAPPING_ADDRESS_SPACE
++      case BPF_FUNC_probe_read:
++              return &bpf_probe_read_compat_proto;
+       case BPF_FUNC_probe_read_str:
+               return &bpf_probe_read_compat_str_proto;
++#endif
+ #ifdef CONFIG_CGROUPS
+       case BPF_FUNC_get_current_cgroup_id:
+               return &bpf_get_current_cgroup_id_proto;

diff --git a/queue-5.6/series b/queue-5.6/series
index 691dc790be45858e8125bb1c13ef730171b28da6..c62717ee18c1fd858ebe18fd960684ff92b364a8 100644 (file)
--- a/queue-5.6/series
+++ b/queue-5.6/series
@@ -59,3 +59,5 @@ alsa-hda-realtek-add-quirk-for-samsung-notebook.patch
 alsa-hda-realtek-enable-headset-mic-of-asus-gl503vm-.patch
 alsa-hda-realtek-enable-headset-mic-of-asus-ux550ge-.patch
 alsa-hda-realtek-enable-headset-mic-of-asus-ux581lv-.patch
+bpf-restrict-bpf_probe_read-str-only-to-archs-where-they-work.patch
+bpf-add-bpf_probe_read_-user-kernel-_str-to-do_refine_retval_range.patch