From: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Date: Mon, 5 Apr 2021 08:46:04 +0000 (+0200)
Subject: 5.10-stable patches
X-Git-Tag: v4.4.265~2
X-Git-Url: http://git.ipfire.org/gitweb/?a=commitdiff_plain;h=489c6597a3911a9ce70e0257459bbdab5632c427;p=thirdparty%2Fkernel%2Fstable-queue.git

5.10-stable patches

added patches:
	bpf-use-nop_atomic5-instead-of-emit_nops-prog-5-for-bpf_tramp_f_call_orig.patch
---

diff --git a/queue-5.10/bpf-use-nop_atomic5-instead-of-emit_nops-prog-5-for-bpf_tramp_f_call_orig.patch b/queue-5.10/bpf-use-nop_atomic5-instead-of-emit_nops-prog-5-for-bpf_tramp_f_call_orig.patch
new file mode 100644
index 00000000000..256a84bdb71
--- /dev/null
+++ b/queue-5.10/bpf-use-nop_atomic5-instead-of-emit_nops-prog-5-for-bpf_tramp_f_call_orig.patch
@@ -0,0 +1,39 @@
+From b9082970478009b778aa9b22d5561eef35b53b63 Mon Sep 17 00:00:00 2001
+From: Stanislav Fomichev <sdf@google.com>
+Date: Fri, 19 Mar 2021 17:00:01 -0700
+Subject: bpf: Use NOP_ATOMIC5 instead of emit_nops(&prog, 5) for BPF_TRAMP_F_CALL_ORIG
+
+From: Stanislav Fomichev <sdf@google.com>
+
+commit b9082970478009b778aa9b22d5561eef35b53b63 upstream.
+
+__bpf_arch_text_poke does rewrite only for atomic nop5, emit_nops(xxx, 5)
+emits non-atomic one which breaks fentry/fexit with k8 atomics:
+
+P6_NOP5 == P6_NOP5_ATOMIC (0f1f440000 == 0f1f440000)
+K8_NOP5 != K8_NOP5_ATOMIC (6666906690 != 6666666690)
+
+Can be reproduced by doing "ideal_nops = k8_nops" in "arch_init_ideal_nops()
+and running fexit_bpf2bpf selftest.
+
+Fixes: e21aa341785c ("bpf: Fix fexit trampoline.")
+Signed-off-by: Stanislav Fomichev <sdf@google.com>
+Signed-off-by: Alexei Starovoitov <ast@kernel.org>
+Link: https://lore.kernel.org/bpf/20210320000001.915366-1-sdf@google.com
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+---
+ arch/x86/net/bpf_jit_comp.c |    3 ++-
+ 1 file changed, 2 insertions(+), 1 deletion(-)
+
+--- a/arch/x86/net/bpf_jit_comp.c
++++ b/arch/x86/net/bpf_jit_comp.c
+@@ -1811,7 +1811,8 @@ int arch_prepare_bpf_trampoline(struct b
+ 		/* remember return value in a stack for bpf prog to access */
+ 		emit_stx(&prog, BPF_DW, BPF_REG_FP, BPF_REG_0, -8);
+ 		im->ip_after_call = prog;
+-		emit_nops(&prog, 5);
++		memcpy(prog, ideal_nops[NOP_ATOMIC5], X86_PATCH_SIZE);
++		prog += X86_PATCH_SIZE;
+ 	}
+ 
+ 	if (fmod_ret->nr_progs) {
diff --git a/queue-5.10/series b/queue-5.10/series
index 8769c54ca50..b80abeb3783 100644
--- a/queue-5.10/series
+++ b/queue-5.10/series
@@ -123,3 +123,4 @@ driver-core-clear-deferred-probe-reason-on-probe-retry.patch
 drivers-video-fbcon-fix-null-dereference-in-fbcon_cursor.patch
 riscv-evaluate-put_user-arg-before-enabling-user-access.patch
 revert-kernel-freezer-should-treat-pf_io_worker-like-pf_kthread-for-freezing.patch
+bpf-use-nop_atomic5-instead-of-emit_nops-prog-5-for-bpf_tramp_f_call_orig.patch