From: Greg Kroah-Hartman Date: Tue, 27 Dec 2022 11:34:58 +0000 (+0100) Subject: drop bpf-resolve-fext-program-type-when-checking-map-comp.patch from 6.0 and 6.1 X-Git-Tag: v5.15.86~57 X-Git-Url: http://git.ipfire.org/gitweb.cgi?a=commitdiff_plain;h=c8f97e8e44f8bcdcf43818a990d58d870b170b10;p=thirdparty%2Fkernel%2Fstable-queue.git drop bpf-resolve-fext-program-type-when-checking-map-comp.patch from 6.0 and 6.1 --- diff --git a/queue-6.0/bpf-resolve-fext-program-type-when-checking-map-comp.patch b/queue-6.0/bpf-resolve-fext-program-type-when-checking-map-comp.patch deleted file mode 100644 index daa1de8bfd5..00000000000 --- a/queue-6.0/bpf-resolve-fext-program-type-when-checking-map-comp.patch +++ /dev/null @@ -1,73 +0,0 @@ -From dda0a3ac94d50bdb6cc2b290bf467b4c31495df7 Mon Sep 17 00:00:00 2001 -From: Sasha Levin -Date: Thu, 15 Dec 2022 00:02:53 +0100 -Subject: bpf: Resolve fext program type when checking map compatibility -MIME-Version: 1.0 -Content-Type: text/plain; charset=UTF-8 -Content-Transfer-Encoding: 8bit - -From: Toke Høiland-Jørgensen - -[ Upstream commit 1c123c567fb138ebd187480b7fc0610fcb0851f5 ] - -The bpf_prog_map_compatible() check makes sure that BPF program types are -not mixed inside BPF map types that can contain programs (tail call maps, -cpumaps and devmaps). It does this by setting the fields of the map->owner -struct to the values of the first program being checked against, and -rejecting any subsequent programs if the values don't match. - -One of the values being set in the map owner struct is the program type, -and since the code did not resolve the prog type for fext programs, the map -owner type would be set to PROG_TYPE_EXT and subsequent loading of programs -of the target type into the map would fail. - -This bug is seen in particular for XDP programs that are loaded as -PROG_TYPE_EXT using libxdp; these cannot insert programs into devmaps and -cpumaps because the check fails as described above. - -Fix the bug by resolving the fext program type to its target program type -as elsewhere in the verifier. - -v3: -- Add Yonghong's ACK - -Fixes: f45d5b6ce2e8 ("bpf: generalise tail call map compatibility check") -Acked-by: Yonghong Song -Signed-off-by: Toke Høiland-Jørgensen -Link: https://lore.kernel.org/r/20221214230254.790066-1-toke@redhat.com -Signed-off-by: Martin KaFai Lau -Signed-off-by: Sasha Levin ---- - kernel/bpf/core.c | 5 +++-- - 1 file changed, 3 insertions(+), 2 deletions(-) - -diff --git a/kernel/bpf/core.c b/kernel/bpf/core.c -index c4600a5781de..7d315c94b80a 100644 ---- a/kernel/bpf/core.c -+++ b/kernel/bpf/core.c -@@ -2088,6 +2088,7 @@ static unsigned int __bpf_prog_ret0_warn(const void *ctx, - bool bpf_prog_map_compatible(struct bpf_map *map, - const struct bpf_prog *fp) - { -+ enum bpf_prog_type prog_type = resolve_prog_type(fp); - bool ret; - - if (fp->kprobe_override) -@@ -2098,12 +2099,12 @@ bool bpf_prog_map_compatible(struct bpf_map *map, - /* There's no owner yet where we could check for - * compatibility. - */ -- map->owner.type = fp->type; -+ map->owner.type = prog_type; - map->owner.jited = fp->jited; - map->owner.xdp_has_frags = fp->aux->xdp_has_frags; - ret = true; - } else { -- ret = map->owner.type == fp->type && -+ ret = map->owner.type == prog_type && - map->owner.jited == fp->jited && - map->owner.xdp_has_frags == fp->aux->xdp_has_frags; - } --- -2.35.1 - diff --git a/queue-6.0/series b/queue-6.0/series index bf3291736d1..15022a47ddf 100644 --- a/queue-6.0/series +++ b/queue-6.0/series @@ -847,7 +847,6 @@ bpf-prevent-leak-of-lsm-program-after-failed-attach.patch media-v4l2-ctrls-api.c-add-back-dropped-ctrl-is_new-.patch net-enetc-avoid-buffer-leaks-on-xdp_do_redirect-fail.patch nfc-pn533-clear-nfc_target-before-being-used.patch -bpf-resolve-fext-program-type-when-checking-map-comp.patch unix-fix-race-in-sock_seqpacket-s-unix_dgram_sendmsg.patch r6040-fix-kmemleak-in-probe-and-remove.patch blk-iocost-simplify-ioc_name.patch diff --git a/queue-6.1/bpf-resolve-fext-program-type-when-checking-map-comp.patch b/queue-6.1/bpf-resolve-fext-program-type-when-checking-map-comp.patch deleted file mode 100644 index 55a56555494..00000000000 --- a/queue-6.1/bpf-resolve-fext-program-type-when-checking-map-comp.patch +++ /dev/null @@ -1,73 +0,0 @@ -From 0fff00e8182cfd02e71ae0dd3d6cf99ad3a50397 Mon Sep 17 00:00:00 2001 -From: Sasha Levin -Date: Thu, 15 Dec 2022 00:02:53 +0100 -Subject: bpf: Resolve fext program type when checking map compatibility -MIME-Version: 1.0 -Content-Type: text/plain; charset=UTF-8 -Content-Transfer-Encoding: 8bit - -From: Toke Høiland-Jørgensen - -[ Upstream commit 1c123c567fb138ebd187480b7fc0610fcb0851f5 ] - -The bpf_prog_map_compatible() check makes sure that BPF program types are -not mixed inside BPF map types that can contain programs (tail call maps, -cpumaps and devmaps). It does this by setting the fields of the map->owner -struct to the values of the first program being checked against, and -rejecting any subsequent programs if the values don't match. - -One of the values being set in the map owner struct is the program type, -and since the code did not resolve the prog type for fext programs, the map -owner type would be set to PROG_TYPE_EXT and subsequent loading of programs -of the target type into the map would fail. - -This bug is seen in particular for XDP programs that are loaded as -PROG_TYPE_EXT using libxdp; these cannot insert programs into devmaps and -cpumaps because the check fails as described above. - -Fix the bug by resolving the fext program type to its target program type -as elsewhere in the verifier. - -v3: -- Add Yonghong's ACK - -Fixes: f45d5b6ce2e8 ("bpf: generalise tail call map compatibility check") -Acked-by: Yonghong Song -Signed-off-by: Toke Høiland-Jørgensen -Link: https://lore.kernel.org/r/20221214230254.790066-1-toke@redhat.com -Signed-off-by: Martin KaFai Lau -Signed-off-by: Sasha Levin ---- - kernel/bpf/core.c | 5 +++-- - 1 file changed, 3 insertions(+), 2 deletions(-) - -diff --git a/kernel/bpf/core.c b/kernel/bpf/core.c -index 25a54e04560e..17ab3e15ac25 100644 ---- a/kernel/bpf/core.c -+++ b/kernel/bpf/core.c -@@ -2088,6 +2088,7 @@ static unsigned int __bpf_prog_ret0_warn(const void *ctx, - bool bpf_prog_map_compatible(struct bpf_map *map, - const struct bpf_prog *fp) - { -+ enum bpf_prog_type prog_type = resolve_prog_type(fp); - bool ret; - - if (fp->kprobe_override) -@@ -2098,12 +2099,12 @@ bool bpf_prog_map_compatible(struct bpf_map *map, - /* There's no owner yet where we could check for - * compatibility. - */ -- map->owner.type = fp->type; -+ map->owner.type = prog_type; - map->owner.jited = fp->jited; - map->owner.xdp_has_frags = fp->aux->xdp_has_frags; - ret = true; - } else { -- ret = map->owner.type == fp->type && -+ ret = map->owner.type == prog_type && - map->owner.jited == fp->jited && - map->owner.xdp_has_frags == fp->aux->xdp_has_frags; - } --- -2.35.1 - diff --git a/queue-6.1/series b/queue-6.1/series index bdb5e574080..23188856780 100644 --- a/queue-6.1/series +++ b/queue-6.1/series @@ -899,7 +899,6 @@ bpf-prevent-leak-of-lsm-program-after-failed-attach.patch media-v4l2-ctrls-api.c-add-back-dropped-ctrl-is_new-.patch net-enetc-avoid-buffer-leaks-on-xdp_do_redirect-fail.patch nfc-pn533-clear-nfc_target-before-being-used.patch -bpf-resolve-fext-program-type-when-checking-map-comp.patch unix-fix-race-in-sock_seqpacket-s-unix_dgram_sendmsg.patch r6040-fix-kmemleak-in-probe-and-remove.patch blk-mq-move-the-srcu_struct-used-for-quiescing-to-th.patch