Hi Eduard,
I'm seeking suggestions for backporting callback handling fixes to the
stable/linux-6.1.y (and similar branches), akin to what has been done
for 6.6[1].
Testing with the reproducer from Andrew Werner[2] it seems 6.1 has the
same problem where the bpf_probe_read_user() call is only verified with
the R1_w=fp-8 state, but not the R1_w=0xDEAD state because the latter
was incorrectly pruned. So I believe the callback fixes are need.
The main difference from 6.6 is that 6.1 does not have BPF open-coded
iterator, but AFAICT it does not mean "exact states comparison for
iterator convergence checks" patch-set[3] can be dropped. This is
because exact-state comparison from commit 2793a8b015f7 ("bpf: exact
states comparison for iterator convergence checks") and loop-identifying
algorithm in commit 2a0992829ea3 ("bpf: correct loop detection for
iterators convergence") are critical for the fix; but it should be fine
to ignore all changes to process_iter_*().
The "verify callbacks as if they are called unknown number of
times" patch-set[4] name already suggest that it is needed, so no doubts
there (again, dropping iterator-related changes).
Does the above sound right to you?
Thanks,
Shung-Hsi Yu
1: https://lore.kernel.org/stable/20240125001554.25287-1-eddyz87@xxxxxxxxx/
2: https://lore.kernel.org/bpf/CA+vRuzPChFNXmouzGG+wsy=6eMcfr1mFG0F3g7rbg-sedGKW3w@xxxxxxxxxxxxxx/
3: https://lore.kernel.org/bpf/20231024000917.12153-1-eddyz87@xxxxxxxxx/
4: https://lore.kernel.org/all/20231121020701.26440-1-eddyz87@xxxxxxxxx/
